*** This bug is a security vulnerability *** Public security bug reported:
And again a new stable release with lots of security fixes: http://googlechromereleases.blogspot.de/2013/05/stable-channel- release.html Here are the CVEs: CVE-2013-2837: Use-after-free in SVG. CVE-2013-2838: Out-of-bounds read in v8. CVE-2013-2839: Bad cast in clipboard handling. CVE-2013-2840: Use-after-free in media loader. CVE-2013-2841: Use-after-free in Pepper resource handling. CVE-2013-2842: Use-after-free in widget handling. CVE-2013-2843: Use-after-free in speech handling. CVE-2013-2844: Use-after-free in style resolution. CVE-2013-2845: Memory safety issues in Web Audio. CVE-2013-2846: Use-after-free in media loader. CVE-2013-2847: Use-after-free race condition with workers. CVE-2013-2848: Possible data extraction with XSS Auditor. CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Please update and keep current. Thanks. ** Affects: chromium-browser (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2837 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2838 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2839 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2840 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2841 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2842 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2843 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2844 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2847 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2848 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2845 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2846 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2849 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1183086 Title: Please update to 27.0.1453.93 Status in “chromium-browser” package in Ubuntu: New Bug description: And again a new stable release with lots of security fixes: http://googlechromereleases.blogspot.de/2013/05/stable-channel- release.html Here are the CVEs: CVE-2013-2837: Use-after-free in SVG. CVE-2013-2838: Out-of-bounds read in v8. CVE-2013-2839: Bad cast in clipboard handling. CVE-2013-2840: Use-after-free in media loader. CVE-2013-2841: Use-after-free in Pepper resource handling. CVE-2013-2842: Use-after-free in widget handling. CVE-2013-2843: Use-after-free in speech handling. CVE-2013-2844: Use-after-free in style resolution. CVE-2013-2845: Memory safety issues in Web Audio. CVE-2013-2846: Use-after-free in media loader. CVE-2013-2847: Use-after-free race condition with workers. CVE-2013-2848: Possible data extraction with XSS Auditor. CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Please update and keep current. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1183086/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
