Security Information / 2014 / Security Information -- DSA-2920-1 chromium-browser

Debian Security Advisory

DSA-2920-1 chromium-browser -- security update

Date Reported:

03 May 2014

Affected Packages:

chromium-browser

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-1730, CVE-2014-1731, CVE-2014-1732, CVE-2014-1733, CVE-2014-1734, CVE-2014-1735, CVE-2014-1736.

More information:

Several vulnerabilities have been discovered in the chromium web browser.

• CVE-2014-1730

  A type confusion issue was discovered in the v8 javascript library.

• CVE-2014-1731

  John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation.

• CVE-2014-1732

  Khalil Zhani discovered a use-after-free issue in the speech recognition feature.

• CVE-2014-1733

  Jed Davis discovered a way to bypass the seccomp-bpf sandbox.

• CVE-2014-1734

  The Google Chrome development team discovered and fixed multiple issues with potential security impact.

• CVE-2014-1735

  The Google Chrome development team discovered and fixed multiple issues in version 3.24.35.33 of the v8 javascript library.

• CVE-2014-1736

  SkyLined discovered an integer overlflow issue in the v8 javascript library.

For the stable distribution (wheezy), these problems have been fixed in version 34.0.1847.132-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 34.0.1847.132-1.

We recommend that you upgrade your chromium-browser packages.