Chromium: Multiple vulnerabilities Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. chromium 2012-02-18 2012-02-18 402841 404067 remote 17.0.963.56 17.0.963.56

Chromium is an open source web browser project.

Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details.

A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, information leak (clipboard contents), bypass of the Same Origin Policy, or escape from NativeClient's sandbox.

A remote attacker could also entice the user to perform a set of UI actions (drag and drop) to trigger an URL bar spoofing vulnerability.

There is no known workaround at this time.

All Chromium users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-17.0.963.56" CVE-2011-3016 CVE-2011-3017 CVE-2011-3018 CVE-2011-3019 CVE-2011-3020 CVE-2011-3021 CVE-2011-3022 CVE-2011-3023 CVE-2011-3024 CVE-2011-3025 CVE-2011-3027 CVE-2011-3953 CVE-2011-3954 CVE-2011-3955 CVE-2011-3956 CVE-2011-3957 CVE-2011-3958 CVE-2011-3959 CVE-2011-3960 CVE-2011-3961 CVE-2011-3962 CVE-2011-3963 CVE-2011-3964 CVE-2011-3965 CVE-2011-3966 CVE-2011-3967 CVE-2011-3968 CVE-2011-3969 CVE-2011-3970 CVE-2011-3971 CVE-2011-3972 Release Notes 17.0.963.46 Release Notes 17.0.963.56 phajdan.jr phajdan.jr