And another release: http://googlechromereleases.blogspot.de/2013/03
/stable-channel-update_4.html
The new CVEs:
[$1000] [176882] High CVE-2013-0902: Use-after-free in frame loader. Credit
to Chamal de Silva.
[$1000] [176252] High CVE-2013-0903: Use-after-free in browser navigation
handling. Credit to “chromium.khalil”.
[$2000] [172926] [172331] High CVE-2013-0904: Memory corruption in Web
Audio. Credit to Atte Kettunen of OUSPG.
[$1000] [168982] High CVE-2013-0905: Use-after-free with SVG animations.
Credit to Atte Kettunen of OUSPG.
[174895] High CVE-2013-0906: Memory corruption in Indexed DB. Credit to
Google Chrome Security Team (Jüri Aedla).
[174150] Medium CVE-2013-0907: Race condition in media thread handling.
Credit to Andrew Scherkus of the Chromium development community.
[174059] Medium CVE-2013-0908: Incorrect handling of bindings for extension
processes.
[173906] Low CVE-2013-0909: Referer leakage with XSS Auditor. Credit to
Egor Homakov.
[172573] Medium CVE-2013-0910: Mediate renderer -> browser plug-in loads
more strictly. Credit to Google Chrome Security Team (Chris Evans).
[172264] High CVE-2013-0911: Possible path traversal in database handling.
Credit to Google Chrome Security Team (Jüri Aedla).
** Summary changed:
- Please update to 25.0.1364.97
+ Please update to 25.0.1364.152
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0902
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0903
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0904
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0905
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0906
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0907
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0908
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0909
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0910
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0911
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1132568
Title:
Please update to 25.0.1364.152
Status in “chromium-browser” package in Ubuntu:
Triaged
Status in “chromium-browser” source package in Lucid:
Triaged
Status in “chromium-browser” source package in Oneiric:
Triaged
Status in “chromium-browser” source package in Precise:
Triaged
Status in “chromium-browser” source package in Quantal:
Triaged
Status in “chromium-browser” source package in Raring:
Triaged
Bug description:
Please update chromium-browser 25.0.1364.97 [1]. v25 fixes several new
security issues.
[1]http://googlechromereleases.blogspot.com/2013/02/stable-channel-
update_21.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1132568/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
