Comment 6 for bug 671420

This bug was fixed in the package chromium-browser - 7.0.517.44~r64615-0ubuntu0.10.10.1

---------------
chromium-browser (7.0.517.44~r64615-0ubuntu0.10.10.1) maverick-security; urgency=high

  * New upstream Major release from the Stable Channel (LP: #671420), also
    fixing the following security issues:
    - [51602] High, Use-after-free in text editing. Credit to David Bloom of
      the Google Security Team, Google Chrome Security Team (Inferno) and
      Google Chrome Security Team (Cris Neckar).
    - [55257] High, Memory corruption with enormous text area. Credit to wushi
      of team509.
    - [58657] High, Bad cast with the SVG use element. Credit to the kuzzcc.
    - [58731] High, Invalid memory read in XPath handling. Credit to Bui Quang
      Minh from Bkis (www.bkis.com).
    - [58741] High, Use-after-free in text control selections. Credit to
      “vkouchna”.
    - [59320] High, Integer overflows in font handling. Credit to Aki Helin of
      OUSPG.
    - [60055] High, Memory corruption in libvpx. Credit to Christoph Diehl.
    - [60238] High, Bad use of destroyed frame object. Credit to various
      developers, including “gundlach”.
    - [60327] [60769] [61255] High, Type confusions with event objects. Credit
      to “fam.lam” and Google Chrome Security Team (Inferno).
    - [60688] High, Out-of-bounds array access in SVG handling. Credit to wushi
      of team509.
 -- Fabien Tassin <email address hidden> Thu, 04 Nov 2010 20:53:09 +0100