Lucene search

Gentoo FoundationGLSA-201203-19

HistoryMar 25, 2012 - 12:00 a.m.

Chromium: Multiple vulnerabilities

2012-03-2500:00:00

Gentoo Foundation

security.gentoo.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.021 Low

EPSS

Percentile

89.2%

JSON

Background

Chromium is an open source web browser project.

Description

Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, Universal Cross-Site Scripting, or installation of an extension without user interaction.

A remote attacker could also entice a user to install a specially crafted extension that would interfere with browser-issued web requests.

Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=www-client/chromium-17.0.963.83"

OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-client/chromium< 17.0.963.83UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	www-client/chromium	< 17.0.963.83	UNKNOWN

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.021 Low

EPSS

Percentile

89.2%

JSON

Related for GLSA-201203-19