Security Information / 2014 / Security Information -- DSA-2862-1 chromium-browser

Debian Security Advisory

DSA-2862-1 chromium-browser -- several vulnerabilities

Date Reported:

16 Feb 2014

Affected Packages:

chromium-browser

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2013-6641, CVE-2013-6643, CVE-2013-6644, CVE-2013-6645, CVE-2013-6646, CVE-2013-6649, CVE-2013-6650.

More information:

Several vulnerabilities have been discovered in the chromium web browser.

• CVE-2013-6641

  Atte Kettunen discovered a use-after-free issue in Blink/Webkit form elements.

• CVE-2013-6643

  Joao Lucas Melo Brasio discovered a Google account information disclosure issue related to the one-click sign-on feature.

• CVE-2013-6644

  The chrome development team discovered and fixed multiple issues with potential security impact.

• CVE-2013-6645

  Khalil Zhani discovered a use-after-free issue related to speech input.

• CVE-2013-6646

  Colin Payne discovered a use-after-free issue in the web workers implementation.

• CVE-2013-6649

  Atte Kettunen discovered a use-after-free issue in the Blink/Webkit SVG implementation.

• CVE-2013-6650

  Christian Holler discovered a memory corruption in the v8 javascript library.

For the stable distribution (wheezy), these problems have been fixed in version 32.0.1700.123-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 32.0.1700.123-1.

We recommend that you upgrade your chromium-browser packages.