Summary: | <www-client/chromium-35.0.1916.114-r1: Multiple Vulnerabilities (CVE-2014-{1743,1744,1745,1746,1747,1748,1749}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chromium |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/58811/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-05-21 08:15:09 UTC
Yes, please proceed with stabilization on amd64 and x86. =www-client/chromium-35.0.1916.114-r1 amd64 stable CVE-2014-1749 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749): Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2014-1748 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748): The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame. CVE-2014-1747 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747): Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)." CVE-2014-1746 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746): The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer. CVE-2014-1745 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745): Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp. CVE-2014-1744 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744): Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation. CVE-2014-1743 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743): Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation. x86 stable.added to existing glsa draft. @maintainers, cleanup,please Cleanup done. This issue was resolved and addressed in GLSA 201408-16 at http://security.gentoo.org/glsa/glsa-201408-16.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |