Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code.
|Package||www-client/chromium on all architectures|
|Affected versions||< 18.0.1025.142|
|Unaffected versions||>= 18.0.1025.142|
|Package||dev-lang/v8 on all architectures|
|Affected versions||< 220.127.116.11|
|Unaffected versions||>= 18.104.22.168|
Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.
The attacker could also entice a user to open a specially crafted web site using Chromium, possibly resulting in cross-site scripting (XSS), or an unspecified SPDY certificate checking error.
There is no known workaround at this time.
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-18.0.1025.142"
All V8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/v8-22.214.171.124"
March 30, 2012
March 30, 2012: 1