This was reported to meego bugzilla but got no response. The meego-app-browser to be released in MeeGo 1.2 is still based on chromium 12.0.712.0. It is a trunk version released on late March and misses multiple security fixes in chrome 11.0.696.57, which was released on a different branch in late April.
At least the following security holes is not fixed: Medium CVE-2011-1434: Lack of thread safety in MIME handling. High CVE-2011-1439: Prevent interference between renderer processes. High CVE-2011-1444: Race condition in sandbox launcher. High CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads. Low CVE-2011-1450: Dangling pointers in file dialogs. Medium CVE-2011-1452: URL bar spoof with redirect and manual reload. http://build.chromium.org/official/ http://download.meego.com/live/MeeGo:/1.2:/oss/standard/src/meego-app-browser-12.0.712.0~2011WW19-1.2.src.rpm http://googlechromereleases.blogspot.com/search/label/Stable%20updates _______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev http://wiki.meego.com/Mailing_list_guidelines
