From ${URL} : The Stable Channel has been updated to 34.0.1847.131 for Windows, Mac, and 34.0.1847.132 for Linux. This release also contains a Flash Player update, to version 13.0.0.206. Security Fixes and Rewards This update includes 9 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information. [$5000][354967] High CVE-2014-1730: Type confusion in V8. Credit to Anonymous. [$1500][349903] High CVE-2014-1731: Type confusion in DOM. Credit to John Butler. [$1000][352851] Medium CVE-2014-1732: Use-after-free in Speech Recognition. Credit to Khalil Zhani [$500][351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. Credit to jln@panix.org As usual, our ongoing internal security work responsible for a wide range of fixes: [367314] CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives. [359130, 359525, 360429] CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33. @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Yeah, let's go ahead and stabilize www-client/chromium-34.0.1847.132.
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
CVE-2014-1730 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730): Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.
Thanks, guys. Added to existing GLSA draft
CVE-2014-1735 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735): Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2014-1734 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734): Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2014-1733 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733): The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access. CVE-2014-1732 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732): Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration. CVE-2014-1731 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731): core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.
This issue was resolved and addressed in GLSA 201408-16 at http://security.gentoo.org/glsa/glsa-201408-16.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
