Summary: | <www-client/chromium-33.0.1750.149 : Multiple Vulnerabilities (CVE-2014-{1700,1701,1702,1703,1704}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chromium, hanno |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/57164/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-03-12 15:59:31 UTC
Please go ahead and stabilize. =www-client/chromium-33.0.1750.149 amd64 stable You might want to CC x86 34.x and 35.x are probably also affected (?). Upstream release notes don't tell and bugs are not public yet. (In reply to Hanno Boeck from comment #3) Google never discloses that information for the beta and dev channel releases, and we have never worried about warning ~arch users about it. @Mike Gilbert: Probably bumping to the latest 34.x/35.x versions will do. (In reply to Hanno Boeck from comment #5) Right, we do that anyway, regardless of security bugs. x86: We can skip this in favor of bug 504890. Added to existing GLSA draft CVE-2014-1704 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704): Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2014-1703 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703): Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case. CVE-2014-1702 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702): Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of scheduled tasks during shutdown of a thread. CVE-2014-1701 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701): The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events. CVE-2014-1700 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700): Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure. This issue was resolved and addressed in GLSA 201408-16 at http://security.gentoo.org/glsa/glsa-201408-16.xml by GLSA coordinator Kristian Fiskerstrand (K_F). This issue was resolved and addressed in GLSA 201408-16 at http://security.gentoo.org/glsa/glsa-201408-16.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |