From ${URL} : Description Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system. 1) A use-after-free error exists within web workers. 2) A use-after-free error exists related to forms. 3) An unspecified error can be exploited to spoof the address bar. 4) An error related to an unprompted sync with a Google account can be exploited to bypass certain security restrictions. 5) A use-after-free error exists related to speech input elements. 6) Multiple unspecified errors exist. Successful exploitation of the vulnerabilities #1, #2, #5, and #6 may allow execution of arbitrary code. The vulnerabilities are reported in the following products and versions: * Google Chrome for Windows and Chrome Frame prior to version 32.0.1700.76. * Google Chrome for Mac and Linux prior to version 32.0.1700.77. Solution: Upgrade to a fixed version. Further details available to Secunia VIM customers Provided and/or discovered by: 6) Reported by the vendor. The vendor credits: 1) Collin Payne. 2) Atte Kettunen of OUSPG. 3) lpilorz. 4) Joao Lucas Melo Brasio. 5) Khalil Zhani. Original Advisory: http://googlechromereleases.blogspot.com/2014/01/stable-channel-update.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Still waiting for upstream to post a source tarball.
www-client/chromium-32.0.1700.77 is now in the tree and should be stabilized.
Arches, please test and mark stable: =www-client/chromium-32.0.1700.77 Target Keywords : "amd64 x86"
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Maintainer(s), please drop the vulnerable version(s). Added to exiting GLSA Draft.
They have been gone since 17 Jan 2014.
CVE-2013-6646 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646): Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. CVE-2013-6645 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645): Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element. CVE-2013-6644 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644): Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2013-6643 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643): The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. CVE-2013-6641 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641): Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element.
This issue was resolved and addressed in GLSA 201403-01 at http://security.gentoo.org/glsa/glsa-201403-01.xml by GLSA coordinator Mikle Kolyada (Zlogene).
