Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 508788 (CVE-2014-1730) - <www-client/chromium-34.0.1847.132 : Multiple Vulnerabilities (CVE-2014-{1730,1731,1732,1733,1734,1735})
Summary: <www-client/chromium-34.0.1847.132 : Multiple Vulnerabilities (CVE-2014-{1730...
Status: RESOLVED FIXED
Alias: CVE-2014-1730
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://googlechromereleases.blogspot....
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-26 14:21 UTC by Agostino Sarubbo
Modified: 2014-09-02 07:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-04-26 14:21:39 UTC
From ${URL} :

The Stable Channel has been updated to 34.0.1847.131 for Windows, Mac, and 34.0.1847.132 for Linux.

This release also contains a Flash Player update, to version 13.0.0.206.

Security Fixes and Rewards
This update includes 9 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium 
security page for more information. 

[$5000][354967] High CVE-2014-1730: Type confusion in V8. Credit to Anonymous.
[$1500][349903] High CVE-2014-1731: Type confusion in DOM. Credit to John Butler.
[$1000][352851] Medium CVE-2014-1732: Use-after-free in Speech Recognition. Credit to Khalil Zhani
[$500][351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. Credit to jln@panix.org

As usual, our ongoing internal security work responsible for a wide range of fixes:
[367314] CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives.
[359130, 359525, 360429] CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33.


@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Comment 1 Mike Gilbert gentoo-dev 2014-04-26 15:02:28 UTC
Yeah, let's go ahead and stabilize www-client/chromium-34.0.1847.132.
Comment 2 Richard Freeman gentoo-dev 2014-04-26 16:28:20 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2014-04-27 09:09:52 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-04-28 11:48:12 UTC
CVE-2014-1730 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730):
  Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X
  and before 34.0.1847.132 on Linux, does not properly store
  internationalization metadata, which allows remote attackers to bypass
  intended access restrictions by leveraging "type confusion" and reading
  property values, related to i18n.js and runtime.cc.
Comment 5 Sergey Popov gentoo-dev Security 2014-04-28 11:49:59 UTC
Thanks, guys. Added to existing GLSA draft
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-04-29 21:37:11 UTC
CVE-2014-1735 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735):
  Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used
  in Google Chrome before 34.0.1847.131 on Windows and OS X and before
  34.0.1847.132 on Linux, allow attackers to cause a denial of service or
  possibly have other impact via unknown vectors.

CVE-2014-1734 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734):
  Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131
  on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to
  cause a denial of service or possibly have other impact via unknown vectors.

CVE-2014-1733 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733):
  The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google
  Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on
  Linux, does not properly merge blocks, which might allow remote attackers to
  bypass intended sandbox restrictions by leveraging renderer access.

CVE-2014-1732 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732):
  Use-after-free vulnerability in
  browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before
  34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows
  remote attackers to cause a denial of service or possibly have unspecified
  other impact via an INPUT element that triggers the presence of a Speech
  Recognition Bubble window for an incorrect duration.

CVE-2014-1731 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731):
  core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used
  in Google Chrome before 34.0.1847.131 on Windows and OS X and before
  34.0.1847.132 on Linux, does not properly check renderer state upon a focus
  event, which allows remote attackers to cause a denial of service or
  possibly have unspecified other impact via vectors that leverage "type
  confusion" for SELECT elements.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-09-02 07:58:34 UTC
This issue was resolved and addressed in
 GLSA 201408-16 at http://security.gentoo.org/glsa/glsa-201408-16.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).