Chromium, V8: Multiple vulnerabilities

Chromium, V8: Multiple vulnerabilities Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code and local root privilege escalation. chromium v8 2011-11-01 2011-11-01 351525 353626 354121 356933 357963 358581 360399 363629 365125 366335 367013 368649 370481 373451 373469 377475 377629 380311 380897 381713 383251 385649 388461 remote 15.0.874.102 15.0.874.102 3.5.10.22 3.5.10.22

Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine.

Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.

A local attacker could gain root privileges (CVE-2011-1444, fixed in chromium-11.0.696.57).

A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition. The attacker also could obtain cookies and other sensitive information, conduct man-in-the-middle attacks, perform address bar spoofing, bypass the same origin policy, perform Cross-Site Scripting attacks, or bypass pop-up blocks.

There is no known workaround at this time.

All Chromium users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=www-client/chromium-15.0.874.102"

All V8 users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-lang/v8-3.5.10.22"

CVE-2011-2345 CVE-2011-2346 CVE-2011-2347 CVE-2011-2348 CVE-2011-2349 CVE-2011-2350 CVE-2011-2351 CVE-2011-2834 CVE-2011-2835 CVE-2011-2837 CVE-2011-2838 CVE-2011-2839 CVE-2011-2840 CVE-2011-2841 CVE-2011-2843 CVE-2011-2844 CVE-2011-2845 CVE-2011-2846 CVE-2011-2847 CVE-2011-2848 CVE-2011-2849 CVE-2011-2850 CVE-2011-2851 CVE-2011-2852 CVE-2011-2853 CVE-2011-2854 CVE-2011-2855 CVE-2011-2856 CVE-2011-2857 CVE-2011-2858 CVE-2011-2859 CVE-2011-2860 CVE-2011-2861 CVE-2011-2862 CVE-2011-2864 CVE-2011-2874 CVE-2011-3234 CVE-2011-3873 CVE-2011-3875 CVE-2011-3876 CVE-2011-3877 CVE-2011-3878 CVE-2011-3879 CVE-2011-3880 CVE-2011-3881 CVE-2011-3882 CVE-2011-3883 CVE-2011-3884 CVE-2011-3885 CVE-2011-3886 CVE-2011-3887 CVE-2011-3888 CVE-2011-3889 CVE-2011-3890 CVE-2011-3891 Release Notes 10.0.648.127 Release Notes 10.0.648.133 Release Notes 10.0.648.205 Release Notes 11.0.696.57 Release Notes 11.0.696.65 Release Notes 11.0.696.68 Release Notes 11.0.696.71 Release Notes 12.0.742.112 Release Notes 12.0.742.91 Release Notes 13.0.782.107 Release Notes 13.0.782.215 Release Notes 13.0.782.220 Release Notes 14.0.835.163 Release Notes 14.0.835.202 Release Notes 15.0.874.102 Release Notes 8.0.552.237 Release Notes 9.0.597.107 Release Notes 9.0.597.84 Release Notes 9.0.597.94 phajdan.jr phajdan.jr