[Pkg-chromium-maint] Bug#607846: chromium-browser: CVE-2010-4575 (DoS) Does not properly handle incorrect tab interaction by an extension

Jonathan Wiltshire jmw at debian.org
Wed Dec 22 22:39:12 UTC 2010 

Package: chromium-browser
Version: 6.0.472.63~r59945-3
Severity: important
Tags: upstream patch security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The ThemeInstalledInfoBarDelegate::Observe function in
browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome
before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle
incorrect tab interaction by an extension, which allows user-assisted remote
attackers to cause a denial of service (application crash) via a crafted
extension.

I tested this on sid and confirmed the error.

The attached patch comes from r68112 in the upstream repository and it's
issue 60761 (code review at http://codereview.chromium.org/5326011/).


- -- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages chromium-browser depends on:
ii  chromium-browser-ins 6.0.472.63~r59945-3 page inspector for the chromium-br
ii  libasound2           1.0.23-2.1          shared library for ALSA applicatio
ii  libatk1.0-0          1.30.0-1            The ATK accessibility toolkit
ii  libbz2-1.0           1.0.5-6             high-quality block-sorting file co
ii  libc6                2.11.2-7            Embedded GNU C Library: Shared lib
ii  libcairo2            1.8.10-6            The Cairo 2D vector graphics libra
ii  libcups2             1.4.5-1             Common UNIX Printing System(tm) - 
ii  libdbus-1-3          1.2.24-3            simple interprocess messaging syst
ii  libdbus-glib-1-2     0.88-2              simple interprocess messaging syst
ii  libevent-1.4-2       1.4.13-stable-1     An asynchronous event notification
ii  libexpat1            2.0.1-7             XML parsing C library - runtime li
ii  libfontconfig1       2.8.0-2.1           generic font configuration library
ii  libfreetype6         2.4.2-2.1           FreeType 2 font engine, shared lib
ii  libgcc1              1:4.4.5-10          GCC support library
ii  libgconf2-4          2.28.1-6            GNOME configuration database syste
ii  libgcrypt11          1.4.5-2             LGPL Crypto library - runtime libr
ii  libgl1-mesa-glx [lib 7.7.1-4             A free implementation of the OpenG
ii  libglewmx1.5         1.5.4-1             The OpenGL Extension Wrangler - ru
ii  libglib2.0-0         2.24.2-1            The GLib library of C routines
ii  libgtk2.0-0          2.20.1-2            The GTK+ graphical user interface 
ii  libicu44             4.4.2-2             International Components for Unico
ii  libjpeg62            6b1-1               The Independent JPEG Group's JPEG 
ii  libnspr4-0d          4.8.6-1             NetScape Portable Runtime Library
ii  libnss3-1d           3.12.8-1            Network Security Service libraries
ii  libpango1.0-0        1.28.3-1            Layout and rendering of internatio
ii  libpng12-0           1.2.44-1            PNG library - runtime
ii  libstdc++6           4.4.5-10            The GNU Standard C++ Library v3
ii  libv8-2.2.24         2.2.24-7            V8 JavaScript Engine
ii  libvpx0              0.9.1-2             VP8 video codec (shared library)
ii  libx11-6             2:1.3.3-4           X11 client-side library
ii  libxext6             2:1.1.2-1           X11 miscellaneous extension librar
ii  libxml2              2.7.8.dfsg-1        GNOME XML library
ii  libxrender1          1:0.9.6-1           X Rendering Extension client libra
ii  libxslt1.1           1.1.26-6            XSLT 1.0 processing library - runt
ii  libxss1              1:1.2.1-1           X11 Screen Saver extension library
ii  xdg-utils            1.0.2+cvs20100307-3 desktop integration utilities from
ii  zlib1g               1:1.2.3.4.dfsg-3    compression library - runtime

chromium-browser recommends no packages.

Versions of packages chromium-browser suggests:
ii  chromium-browser-l10 6.0.472.63~r59945-3 chromium-browser language packages

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJNEn4LAAoJEFOUR53TUkxRgWMP/3JCWhyGJqy57mp0F+M1cr5b
kHNrmUKiCTdcRB+stV/hsnz0MJ6gsdGbSCbBpIh6kLQN+k5XHNGjzClGKvUk0bJP
shfBcjxLjlgvorocEORRlxbgD+yRYIe/9fdkaNks/TGwLLYro/gVz8Y/nbAr1KdT
q+CFKYus+GnZB7Mat5GHnvFZo0wO+LNyjN3llyRWPyfJvpl/lvlEWgOxdtVstKX1
51J/99PYKVHHF0Tw1LGqiWQl8ilWLKdHcm42bqUyS6nU60Z28rr+qUmmUxh0unL3
J+/qYrz02P1gLht8Q3ioQlkN1E+Cr9jF59PvufQ2df1a1aTQ46ffX7UfVoNw6Fi2
Xc1UH+F2KJy32W/SiKqzGsSfliswtub5SkS3trr1l4eYunamcmNfVSXgrpNnKiR8
p7zG07YdDkkg8rTYAhaPz66ZG1AL+teYUZdvhQC3CVavjcAfdR+w8Q27X0R9dTbv
Fz0bolGuAxVauE0VVg6xEhEmQ7I2K6mYcFyJHui3QJJYawuUE7WLwdgVztTEcsNG
MpnZQOYy/m8AxQTcS7OYQykILiL10+gifBZvT/SrcZtAgPquzwvZVANnT9HivOE5
hTVmCb/Bnyb8hrhgY8lrMTf8/ipLnicb03yjMF8VveYGVYLGl9Mb/hNr5L26aAO4
APY9KNe1rs9E35HAjqIS
=COxd
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2010-4575.patch
Type: text/x-c++
Size: 1465 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-chromium-maint/attachments/20101222/6622e1ff/attachment.bin>

More information about the Pkg-chromium-maint mailing list