Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0647 to the following vulnerability: WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence. http://code.google.com/p/chromium/issues/detail?id=31692 http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs http://trac.webkit.org/changeset/53525 https://bugs.webkit.org/show_bug.cgi?id=33266 http://www.securityfocus.com/bid/38177 http://www.osvdb.org/62317 http://securitytracker.com/id?1023583 http://secunia.com/advisories/38545 http://www.vupen.com/english/advisories/2010/0361 http://xforce.iss.net/xforce/xfdb/56214 Note: this would only affect any browser using webkit with HTML5 Ruby support.
This issue does NOT affect the versions of the webkitgtk package, as shipped with Fedora release of 11 and 12. This issue does NOT affect the versions of the qt package, as shipped with Fedora release of 11 and 12.