Release notes in URL.
Please stabilize on amd64 and x86. =www-client/chromium-31.0.1650.63
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
CVE-2013-6640 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640): The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index. CVE-2013-6639 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639): The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index. CVE-2013-6638 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638): Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions. CVE-2013-6637 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637): Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2013-6636 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636): The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method. CVE-2013-6635 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635): Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing of the DOM tree, related to CompositeEditCommand.cpp and ReplaceSelectionCommand.cpp. CVE-2013-6634 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634): The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.
Cleanup was done, adding to existing GLSA request
This issue was resolved and addressed in GLSA 201403-01 at http://security.gentoo.org/glsa/glsa-201403-01.xml by GLSA coordinator Mikle Kolyada (Zlogene).