6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Several vulnerabilities were discovered in the Chromium browser.
The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2011-2818
Use-after-free vulnerability in Google Chrome allows remote attackers to
cause a denial of service or possibly have unspecified other impact via
vectors related to display box rendering.
CVE-2011-2800
Google Chrome allows remote attackers to obtain potentially sensitive
information about client-side redirect targets via a crafted web site.
CVE-2011-2359
Google Chrome does not properly track line boxes during rendering, which
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors that lead to a stale pointer.
Several unauthorised SSL certificates have been found in the wild issued
for the DigiNotar Certificate Authority, obtained through a security
compromise with said company.
This update blacklists SSL certificates issued by DigiNotar-controlled
intermediate CAs used by the Dutch PKIoverheid program.
For the stable distribution (squeeze), this problem has been fixed in
version 6.0.472.63~r59945-5+squeeze6.
For the testing distribution (wheezy), this problem has been fixed in
version 13.0.782.220~r99552-1.
For the unstable distribution (sid), this problem has been fixed in
version 13.0.782.220~r99552-1.
We recommend that you upgrade your chromium-browser packages.