9.0.597.107 -> 10.0.648.127
Bug #731520 reported by
Fabien Tassin
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium-browser (Ubuntu) |
Fix Released
|
High
|
Fabien Tassin | ||
Lucid |
Fix Released
|
High
|
Micah Gersten | ||
Maverick |
Fix Released
|
High
|
Micah Gersten | ||
Natty |
Fix Released
|
High
|
Fabien Tassin |
Bug Description
Binary package hint: chromium-browser
Upstream just released a new Major (stable) release also fixing a bunch of security issues.
It contains security fixes for webkit (16), chromium (4), v8 (2), ffmpeg (2) and libxslt (1)
Needed in natty, maverick and lucid.
Changed in chromium-browser (Ubuntu Natty): | |
assignee: | nobody → Fabien Tassin (fta) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in chromium-browser (Ubuntu Maverick): | |
importance: | Undecided → High |
status: | New → In Progress |
Changed in chromium-browser (Ubuntu Lucid): | |
importance: | Undecided → High |
status: | New → In Progress |
description: | updated |
visibility: | private → public |
Changed in chromium-browser (Ubuntu Lucid): | |
status: | In Progress → Fix Committed |
Changed in chromium-browser (Ubuntu Maverick): | |
status: | In Progress → Fix Committed |
Changed in chromium-browser (Ubuntu Maverick): | |
assignee: | nobody → Micah Gersten (micahg) |
status: | Fix Committed → In Progress |
Changed in chromium-browser (Ubuntu Lucid): | |
assignee: | nobody → Micah Gersten (micahg) |
status: | Fix Committed → In Progress |
tags: | added: verification-done |
To post a comment you must log in.
This bug was fixed in the package chromium-browser - 10.0.648. 127~r76697- 0ubuntu1
--------------- 127~r76697- 0ubuntu1) natty; urgency=high
chromium-browser (10.0.648.
* New upstream major release from the Stable Channel (LP: #731520)
It includes:
- New version of V8 - Crankshaft - which greatly improves javascript
performance
- New settings pages that open in a tab, rather than a dialog box
- Improved security with malware reporting and disabling outdated plugins
by default
- Password sync as part of Chrome Sync now enabled by default
- GPU Accelerated Video
- Background WebApps
- webNavigation extension API
This release also fixes the following security issues:
+ Webkit bugs:
- [42574] [42765] Low, Possible to navigate or close the top location in
a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
- [69628] High, Memory corruption with counter nodes. Credit to Martin
Barbella.
- [70027] High, Stale node in box layout. Credit to Martin Barbella.
- [70336] Medium, Cross-origin error message leak with workers. Credit to
Daniel Divricean.
- [70442] High, Use after free with DOM URL handling. Credit to Sergey
Glazunov.
- [70779] Medium, Out of bounds read handling unicode ranges. Credit to
miaubiz.
- [70885] [71167] Low, Pop-up blocker bypasses. Credit to Chamal de
Silva.
- [71763] High, Use-after-free in document script lifetime handling.
Credit to miaubiz.
- [72028] High, Stale pointer in table painting. Credit to Martin
Barbella.
- [73066] High, Crash with the DataView object. Credit to Sergey
Glazunov.
- [73134] High, Bad cast in text rendering. Credit to miaubiz.
- [73196] High, Stale pointer in WebKit context code. Credit to Sergey
Glazunov.
- [73746] High, Stale pointer with SVG cursors. Credit to Sergey
Glazunov.
- [74030] High, DOM tree corruption with attribute handling. Credit to
Sergey Glazunov.
+ Chromium bugs:
- [49747] Low, Work around an X server bug and crash with long messages.
Credit to Louis Lang.
- [66962] Low, Possible browser crash with parallel print()s. Credit to
Aki Helin of OUSPG.
- [69187] Medium, Cross-origin error message leak. Credit to Daniel
Divricean.
- [70877] High, Same origin policy bypass in v8. Credit to Daniel
Divricean.
+ v8:
- [74662] High, Corruption via re-entrancy of RegExp code. Credit to
Christian Holler.
- [74675] High, Invalid memory access in v8. Credit to Christian Holler.
+ ffmpeg:
- [71788] High, Out-of-bounds write in the OGG container. Credit to
Google Chrome Security Team (SkyLined); plus subsequent independent
discovery by David Weston of Microsoft and MSVR.
- [73026] High, Use of corrupt out-of-bounds structure in video code.
Credit to Tavis Ormandy of the Google Security Team.
+ libxslt:
- [73716] Low, Leak of heap address in XSLT. Credit to Google Chrome
Security Team (Chris Evans).
Packaging chan...