From ${URL} : Description Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. 1) The application bundles a vulnerable version of the Adobe Flash Player. For more information: SA58465 2) A use-after-free error exists in filesystem api. 3) An error within SPDY can be exploited to cause an out-of-bounds read access. 4) An error within clipboard can be exploited to cause a buffer overflow. 5) An error within media can be exploited to cause a heap-based buffer overflow. Successful exploitation of vulnerabilities #2, #4, and #5 may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 35.0.1916.153. Solution: Update to version 35.0.1916.153. Provided and/or discovered by: 5) Reported by the vendor. The vendor credits: 2) Collin Payne. 3) James March, Daniel Sommermann, and Alan Frindell, Facebook. 4) Atte Kettunen, OUSPG. Original Advisory: http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Please stabilize. =www-client/chromium-35.0.1916.153
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
CVE-2014-3157 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157): Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library. CVE-2014-3156 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156): Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_client.cc and content/renderer/webclipboard_impl.cc. CVE-2014-3155 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155): net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance. CVE-2014-3154 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154): Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown.
Arches and Mainter(s), Thank you for your work. Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 201408-16 at http://security.gentoo.org/glsa/glsa-201408-16.xml by GLSA coordinator Kristian Fiskerstrand (K_F).