[Pkg-chromium-maint] Bug#607843: chromium-browser: CVE-2010-4576 Segfault when dealing with Web Workers and MessageChannels

Jonathan Wiltshire jmw at debian.org
Wed Dec 22 22:03:45 UTC 2010 

Package: chromium-browser
Version: 6.0.472.63~r59945-3
Severity: important
Tags: upstream patch security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

browser/worker_host/message_port_dispatcher.cc in Google Chrome before
8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain
postMessage calls, which allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via crafted JavaScript code
that creates a web worker.

I tested this on sid and confirmed the error.

The attached patch comes from r66620 in the upstream repository and it's
issue 63529.



- -- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages chromium-browser depends on:
ii  chromium-browser-ins 6.0.472.63~r59945-3 page inspector for the chromium-br
ii  libasound2           1.0.23-2.1          shared library for ALSA applicatio
ii  libatk1.0-0          1.30.0-1            The ATK accessibility toolkit
ii  libbz2-1.0           1.0.5-6             high-quality block-sorting file co
ii  libc6                2.11.2-7            Embedded GNU C Library: Shared lib
ii  libcairo2            1.8.10-6            The Cairo 2D vector graphics libra
ii  libcups2             1.4.5-1             Common UNIX Printing System(tm) - 
ii  libdbus-1-3          1.2.24-3            simple interprocess messaging syst
ii  libdbus-glib-1-2     0.88-2              simple interprocess messaging syst
ii  libevent-1.4-2       1.4.13-stable-1     An asynchronous event notification
ii  libexpat1            2.0.1-7             XML parsing C library - runtime li
ii  libfontconfig1       2.8.0-2.1           generic font configuration library
ii  libfreetype6         2.4.2-2.1           FreeType 2 font engine, shared lib
ii  libgcc1              1:4.4.5-10          GCC support library
ii  libgconf2-4          2.28.1-6            GNOME configuration database syste
ii  libgcrypt11          1.4.5-2             LGPL Crypto library - runtime libr
ii  libgl1-mesa-glx [lib 7.7.1-4             A free implementation of the OpenG
ii  libglewmx1.5         1.5.4-1             The OpenGL Extension Wrangler - ru
ii  libglib2.0-0         2.24.2-1            The GLib library of C routines
ii  libgtk2.0-0          2.20.1-2            The GTK+ graphical user interface 
ii  libicu44             4.4.2-2             International Components for Unico
ii  libjpeg62            6b1-1               The Independent JPEG Group's JPEG 
ii  libnspr4-0d          4.8.6-1             NetScape Portable Runtime Library
ii  libnss3-1d           3.12.8-1            Network Security Service libraries
ii  libpango1.0-0        1.28.3-1            Layout and rendering of internatio
ii  libpng12-0           1.2.44-1            PNG library - runtime
ii  libstdc++6           4.4.5-10            The GNU Standard C++ Library v3
ii  libv8-2.2.24         2.2.24-7            V8 JavaScript Engine
ii  libvpx0              0.9.1-2             VP8 video codec (shared library)
ii  libx11-6             2:1.3.3-4           X11 client-side library
ii  libxext6             2:1.1.2-1           X11 miscellaneous extension librar
ii  libxml2              2.7.8.dfsg-1        GNOME XML library
ii  libxrender1          1:0.9.6-1           X Rendering Extension client libra
ii  libxslt1.1           1.1.26-6            XSLT 1.0 processing library - runt
ii  libxss1              1:1.2.1-1           X11 Screen Saver extension library
ii  xdg-utils            1.0.2+cvs20100307-3 desktop integration utilities from
ii  zlib1g               1:1.2.3.4.dfsg-3    compression library - runtime

chromium-browser recommends no packages.

Versions of packages chromium-browser suggests:
ii  chromium-browser-l10 6.0.472.63~r59945-3 chromium-browser language packages

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJNEnWtAAoJEFOUR53TUkxRzrEP+gLvZM5NskvzXQAY3+TSuorV
9hLK4OkHgOkkMTw4dgDT8ZwFhY2sxhTPZar4N65asJWzeCDlX+N7eg8mLfBpa0ac
AabslDPYq1hQxAWIU5EowK6PwRC2nTezGhTXmICvG2ogL9fTzdL7H/Yk40I2OI4z
sDETssZcrrI2Wq2f4WS44wvYvVNWrj6MJLPWIqO8msfwkMp4bZ3lzW5hYbwxEiLQ
+FSf0oK536st409mL94eI4vSGfEx+znn0cVqhJeJOi6+E2wzQZYyM75lFtdjpxnE
ldSFzYwFzTvPR3Yzqwj6VN2WimuT17BdmfX+SaYwdaDi99PaI0QhVMp3o4q4yMcr
OE54vwPd/GhrqkJ8WH4Puovp7x5OkCJTDYXgGRSkzHf/woXcCRNlHU186gTIoZ1M
j1sa0dItYgOQ2LxJKrZML5apsikrR1GSuKXp+24RM7zEPcpO4p0yc9FuamXsPaxn
/eulRJBicnMxmMuTnqHRANPc4OjaQcGFV8Ya76YRIG99sIDvI4OkcwULuj2QxOT1
VWN3470+xEOn+QRgrzbJ6n+LYb/VH/FyEjw3FF95EfGAeLobPyHwKVay4MIXyYc2
d5/jeLzmEJHWcWPsKhJvEsveCzma3IuPGldxSt2QfYY1OUazpvIaCS7L4IvtmNhC
2LQ1ePF0YblFrDJXxc/K
=eC7M
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2010-4576.patch
Type: text/x-c++
Size: 1256 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-chromium-maint/attachments/20101222/c4093089/attachment.bin>

More information about the Pkg-chromium-maint mailing list