Lucene search

Gentoo FoundationGLSA-201205-03

HistoryMay 21, 2012 - 12:00 a.m.

Chromium, V8: Multiple vulnerabilities

2012-05-2100:00:00

Gentoo Foundation

security.gentoo.org

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.032 Low

EPSS

Percentile

91.1%

JSON

Background

Chromium is an open source web browser project. V8 is Google’s open source JavaScript engine.

Description

Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.

Impact

A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process, or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 "&gt;=www-client/chromium-19.0.1084.46"

All V8 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=dev-lang/v8-3.9.24.21"

OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-client/chromium< 19.0.1084.46UNKNOWN
Gentooanyalldev-lang/v8< 3.9.24.21UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	www-client/chromium	< 19.0.1084.46	UNKNOWN
Gentoo	any	all	dev-lang/v8	< 3.9.24.21	UNKNOWN

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.032 Low

EPSS

Percentile

91.1%

JSON

Related for GLSA-201205-03