You are here

T-632: Google Chrome OS before R12 0.12.433.38 Beta Update

May 31, 2011 - 2:00pm

Addthis

PROBLEM:

Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors. The Chrome OS Beta channel has announced an updated to R12 release 0.12.433.38 features of Chrome 12 Beta include, new trackpad, new flash player and several stability and functional improvements over the previous releases.

PLATFORM:

Products Affected By CVE-2011-2171: Google Chrome OS (Previous Releases)

ABSTRACT:

CVE-2011-2171 addresses unspecified vulnerabilities in the dbugs package of Google Chrome OS. Prior versions of Google Chrome can be fixed by updating to the current release. Information and content related to this CVE was last updated on 05/25/2011. To find out more information about Chromium OS Security and Reported Bugs, please visit: The Chromium Projects Security Overview.

reference LINKS:

Google Chrome OS before R12 0.12.433.38 Beta
Releases >> Chrome OS Beta: Channel Update
Google >> Chrome Os : Vulnerability Statistics
Chromium Security >> Reporting Security Bugs

IMPACT ASSESSMENT:

High

Discussion:

CVE-2011-2171 addresses unspecified vulnerabilities in the dbugs package of Google Chrome OS. Prior versions of Google Chrome can be fixed by updating to the current release. Information and content related to this CVE was last updated on 05/25/2011. To find out more information about Chromium OS Security and Reported Bugs please visit The Chromium Projects Security Overview.

Impact:

Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors

Solution:

This release contains the following security fixes:
* Disallow root escalation by creating /var/lib/chromeos-aliases.conf and inserting commands
* Disallow modification of about:flags in Guest mode
* Multiple package updates (openssl, dbugs, pango, sudo, strongswan, acl, libxml2, dhcpd)

Addthis