the google-chrome installed is google-chrome-35.0.1916.153_p1 which comes with adobe-flash 14.0.0.125 which is affected by the vulnerabilities CVE-2014-0537, CVE-2014-0539 and CVE-2014-4671 plus a number of older vulnerabilities. These vulnerabilities are fixed in adobe-flash pepper 14.0.0.145 (notice that current stable google-chrome for Linux comes with only version 14.0.0.125). NOTE: The current way of releasing google-chrome ain't optimal, there should be a plugin package which keeps the plugins up to date as the automatic update do not work in Linux version. Reproducible: Always
This will be resolved once Google cuts a new release on Linux. Nothing we can do until then.
(In reply to Mike Gilbert from comment #1) > This will be resolved once Google cuts a new release on Linux. Nothing we > can do until then. Would it make sense to strip the plugins out of the chrome install, and instead use chrome-binary-plugins? I think that the plugins ships a more recent version of flash.
chrome-binary-plugins uses exactly the same deb files as google-chrome.
(In reply to Mike Gilbert from comment #3) > chrome-binary-plugins uses exactly the same deb files as google-chrome. The beta plugins ship the new version. Would it work with the stable browser? If not then I agree our hands are tied here. I imagine Google would be acting on this soon in any case...
(In reply to Richard Freeman from comment #4) > The beta plugins ship the new version. Would it work with the stable > browser? Interesting. It might work, but I have not tested it. And to be honest, I would prefer to let Google complete their QA process rather than hacking it into the "stable" ebuild ourselves.
www-client/google-chrome-36.0.1985.125_p1 has the updated version of flash included.
@security: This bug should really be closed. There is nothing for anybody to do here.
(In reply to Mike Gilbert from comment #7) > @security: This bug should really be closed. There is nothing for anybody to > do here. Meaning that google chrome no longer ships a vulnerable version, or the package shipping it is removed from the tree or package.masked? Since which version has the issue been fixed? Have old versions containing vulnerable binary been cleaned up?
(In reply to Kristian Fiskerstrand from comment #8) > Meaning that google chrome no longer ships a vulnerable version, or the > package shipping it is removed from the tree or package.masked? Since which > version has the issue been fixed? Have old versions containing vulnerable > binary been cleaned up? The vulnerable versions have gone from the tree for several months. See comment 6. Also, google-chrome is never marked stable, so we usually don't do the whole security bug song-and-dance.