*** This bug is a security vulnerability *** Public security bug reported:
And again a new stable release with lots of security fixes: http://googlechromereleases.blogspot.de/2013/03/stable-channel- update_26.html Here are the CVEs: [$1000] [172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG. [180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar). [180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community. [Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer). [177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer). [174943] High CVE-2013-0921: Ensure isolated web sites run in their own processes. [174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to “t3553r”. [169981] [169972] [169765] Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer). [169632] Low CVE-2013-0924: Check an extension’s permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community. [168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google. [112325] Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c (xysec.com). ** Affects: chromium-browser (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0916 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0917 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0918 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0919 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0920 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0921 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0922 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0923 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0924 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0925 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0926 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1161296 Title: Please update to 26.0.1410.43 Status in “chromium-browser” package in Ubuntu: New Bug description: And again a new stable release with lots of security fixes: http://googlechromereleases.blogspot.de/2013/03/stable-channel- update_26.html Here are the CVEs: [$1000] [172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG. [180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar). [180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community. [Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer). [177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer). [174943] High CVE-2013-0921: Ensure isolated web sites run in their own processes. [174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to “t3553r”. [169981] [169972] [169765] Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer). [169632] Low CVE-2013-0924: Check an extension’s permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community. [168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google. [112325] Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c (xysec.com). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1161296/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
