Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 510904 (CVE-2014-1743) - <www-client/chromium-35.0.1916.114-r1: Multiple Vulnerabilities (CVE-2014-{1743,1744,1745,1746,1747,1748,1749})
Summary: <www-client/chromium-35.0.1916.114-r1: Multiple Vulnerabilities (CVE-2014-{17...
Status: RESOLVED FIXED
Alias: CVE-2014-1743
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/58811/
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-21 08:15 UTC by Agostino Sarubbo
Modified: 2014-09-02 07:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-05-21 08:15:09 UTC
From ${URL} :

Description

Multiple vulnerabilities have been reported in Google Chrome, where multiple have an unknown impact and the others can be exploited by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system.

1) A use-after-free error exists within styles.

2) An integer overflow error exists within audio.

3) A use-after-free error exists within SVG.

4) An error within media filters can be exploited to cause an out-of-bounds read access.

5) An error related to a local MHTML file can be exploited to conduct cross-site scripting attacks.

6) An error related to scroll bars can be exploited to spoof the UI.

7) Multiple unspecified errors exist.

8) An integer overflow error exists in v8.

The vulnerabilities are reported in versions prior to 35.0.1916.114.


Solution:
Upgrade to version 35.0.1916.114.

Provided and/or discovered by:
7, 8) Reported by the vendor

The vendor credits:
1) cloudfuzzer
2) Aaron Staple
3) Atte Kettunen, OUSPG
4) Holger Fuhrmannek
5) packagesu
6) Jordan Milne

Original Advisory:
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html


@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Comment 1 Mike Gilbert gentoo-dev 2014-05-21 14:43:25 UTC
Yes, please proceed with stabilization on amd64 and x86.

=www-client/chromium-35.0.1916.114-r1
Comment 2 Richard Freeman gentoo-dev 2014-05-21 20:50:30 UTC
amd64 stable
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-05-23 09:35:44 UTC
CVE-2014-1749 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749):
  Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114
  allow attackers to cause a denial of service or possibly have other impact
  via unknown vectors.

CVE-2014-1748 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748):
  The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink,
  as used in Google Chrome before 35.0.1916.114, allows remote attackers to
  spoof the UI by extending scrollbar painting into the parent frame.

CVE-2014-1747 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747):
  Cross-site scripting (XSS) vulnerability in the
  DocumentLoader::maybeCreateArchive function in
  core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before
  35.0.1916.114, allows remote attackers to inject arbitrary web script or
  HTML via crafted MHTML content, aka "Universal XSS (UXSS)."

CVE-2014-1746 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746):
  The InMemoryUrlProtocol::Read function in
  media/filters/in_memory_url_protocol.cc in Google Chrome before
  35.0.1916.114 relies on an insufficiently large integer data type, which
  allows remote attackers to cause a denial of service (out-of-bounds read)
  via vectors that trigger use of a large buffer.

CVE-2014-1745 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745):
  Use-after-free vulnerability in the SVG implementation in Blink, as used in
  Google Chrome before 35.0.1916.114, allows remote attackers to cause a
  denial of service or possibly have unspecified other impact via vectors that
  trigger removal of an SVGFontFaceElement object, related to
  core/svg/SVGFontFaceElement.cpp.

CVE-2014-1744 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744):
  Integer overflow in the AudioInputRendererHost::OnCreateStream function in
  content/browser/renderer_host/media/audio_input_renderer_host.cc in Google
  Chrome before 35.0.1916.114 allows remote attackers to cause a denial of
  service or possibly have unspecified other impact via vectors that trigger a
  large shared-memory allocation.

CVE-2014-1743 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743):
  Use-after-free vulnerability in the StyleElement::removedFromDocument
  function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome
  before 35.0.1916.114, allows remote attackers to cause a denial of service
  (application crash) or possibly have unspecified other impact via crafted
  JavaScript code that triggers tree mutation.
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-05-23 09:37:54 UTC
x86 stable.added to existing glsa draft.

@maintainers, cleanup,please
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-05-24 10:34:39 UTC
Cleanup done.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-09-02 07:58:50 UTC
This issue was resolved and addressed in
 GLSA 201408-16 at http://security.gentoo.org/glsa/glsa-201408-16.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).