chromium -- multiple vulnerabilities

Description:

Google Chrome Releases reports:

[117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson).

[118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).

[120912] High CVE-2011-3105: Use-after-free in first-letter handling. Credit to miaubiz.

[122654] Critical CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan).

[124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan).

[125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit to "efbiaiinzinz".

[Linux only] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholome.

[126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

[126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler.

[127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

[127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

[128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit to Google Chrome Security Team (scarybeasts).

[128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler.

References:

CVE name CVE-2011-3103
CVE name CVE-2011-3104
CVE name CVE-2011-3105
CVE name CVE-2011-3106
CVE name CVE-2011-3107
CVE name CVE-2011-3108
CVE name CVE-2011-3110
CVE name CVE-2011-3111
CVE name CVE-2011-3112
CVE name CVE-2011-3113
CVE name CVE-2011-3114
CVE name CVE-2011-3115
URL: <http://googlechromereleases.blogspot.com/search/label/Stable%20updates>

Affects:

chromium <19.0.1084.52

portaudit: chromium -- multiple vulnerabilities

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>