*** This bug is a security vulnerability *** Public security bug reported:
And again a new stable release with lots of security fixes: http://googlechromereleases.blogspot.com/2013/07/stable-channel- update.html Here are the CVEs: CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. CVE-2013-2867: Block pop-unders in various scenarios. CVE-2013-2868: Incorrect sync of NPAPI extension component. CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. CVE-2013-2870: Use-after-free with network sockets. CVE-2013-2871: Use-after-free in input handling. CVE-2013-2872: Possible lack of entropy in renderers. CVE-2013-2873: Use-after-free in resource loading. CVE-2013-2874: Screen data leak with GL textures. CVE-2013-2875: Out-of-bounds-read in SVG. CVE-2013-2876: Extensions permissions confusion with interstitials. CVE-2013-2877: Out-of-bounds read in XML parsing. CVE-2013-2878: Out-of-bounds read in text handling. CVE-2013-2879: Confusion setting up sign-in and sync. ** Affects: chromium-browser (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2853 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2867 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2868 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2869 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2870 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2871 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2872 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2873 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2874 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2875 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2876 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2877 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2878 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2879 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1199644 Title: Please update to 28.0.1500.71 Status in “chromium-browser” package in Ubuntu: New Bug description: And again a new stable release with lots of security fixes: http://googlechromereleases.blogspot.com/2013/07/stable-channel- update.html Here are the CVEs: CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. CVE-2013-2867: Block pop-unders in various scenarios. CVE-2013-2868: Incorrect sync of NPAPI extension component. CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. CVE-2013-2870: Use-after-free with network sockets. CVE-2013-2871: Use-after-free in input handling. CVE-2013-2872: Possible lack of entropy in renderers. CVE-2013-2873: Use-after-free in resource loading. CVE-2013-2874: Screen data leak with GL textures. CVE-2013-2875: Out-of-bounds-read in SVG. CVE-2013-2876: Extensions permissions confusion with interstitials. CVE-2013-2877: Out-of-bounds read in XML parsing. CVE-2013-2878: Out-of-bounds read in text handling. CVE-2013-2879: Confusion setting up sign-in and sync. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1199644/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
