Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to some unspecified errors and can be exploited to corrupt memory. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 31.0.1650.57 running on Windows, Mac, Linux, and Chrome Frame. Solution: Update to version 31.0.1650.57.
I am still waiting for a source tarball to be posted upstream.
Ok, I rolled my own tarball. Please stabilize on amd64 and x86. =www-client/chromium-31.0.1650.57
amd64 stable x86 stable Security please file the request.
CVE-2013-6802 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802): Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632. CVE-2013-6632 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632): Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
Added to existing GLSA Draft
This issue was resolved and addressed in GLSA 201403-01 at http://security.gentoo.org/glsa/glsa-201403-01.xml by GLSA coordinator Mikle Kolyada (Zlogene).
