From ${URL} : Description Multiple vulnerabilities have been reported in Google Chrome, where multiple have an unknown impact and the others can be exploited by malicious people to conduct spoofing and cross-site scripting attacks and compromise a user's system. 1) A use-after-free error exists within styles. 2) An integer overflow error exists within audio. 3) A use-after-free error exists within SVG. 4) An error within media filters can be exploited to cause an out-of-bounds read access. 5) An error related to a local MHTML file can be exploited to conduct cross-site scripting attacks. 6) An error related to scroll bars can be exploited to spoof the UI. 7) Multiple unspecified errors exist. 8) An integer overflow error exists in v8. The vulnerabilities are reported in versions prior to 35.0.1916.114. Solution: Upgrade to version 35.0.1916.114. Provided and/or discovered by: 7, 8) Reported by the vendor The vendor credits: 1) cloudfuzzer 2) Aaron Staple 3) Atte Kettunen, OUSPG 4) Holger Fuhrmannek 5) packagesu 6) Jordan Milne Original Advisory: http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Yes, please proceed with stabilization on amd64 and x86. =www-client/chromium-35.0.1916.114-r1
amd64 stable
CVE-2014-1749 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749): Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2014-1748 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748): The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame. CVE-2014-1747 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747): Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)." CVE-2014-1746 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746): The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer. CVE-2014-1745 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745): Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp. CVE-2014-1744 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744): Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation. CVE-2014-1743 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743): Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation.
x86 stable.added to existing glsa draft. @maintainers, cleanup,please
Cleanup done.
This issue was resolved and addressed in GLSA 201408-16 at http://security.gentoo.org/glsa/glsa-201408-16.xml by GLSA coordinator Kristian Fiskerstrand (K_F).