Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code.
|Package||www-client/chromium on all architectures|
|Affected versions||< 18.0.1025.142|
|Unaffected versions||>= 18.0.1025.142|
|Package||dev-lang/v8 on all architectures|
|Affected versions||< 22.214.171.124|
|Unaffected versions||>= 126.96.36.199|
Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.
The attacker could also entice a user to open a specially crafted web site using Chromium, possibly resulting in cross-site scripting (XSS), or an unspecified SPDY certificate checking error.
There is no known workaround at this time.
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-18.0.1025.142"
All V8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-188.8.131.52"
March 30, 2012
March 30, 2012: 1