Debian Security Advisory
DSA-2920-1 chromium-browser -- security update
- Date Reported:
- 03 May 2014
- Affected Packages:
- chromium-browser
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-1730, CVE-2014-1731, CVE-2014-1732, CVE-2014-1733, CVE-2014-1734, CVE-2014-1735, CVE-2014-1736.
- More information:
-
Several vulnerabilities have been discovered in the chromium web browser.
- CVE-2014-1730
A type confusion issue was discovered in the v8 javascript library.
- CVE-2014-1731
John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation.
- CVE-2014-1732
Khalil Zhani discovered a use-after-free issue in the speech recognition feature.
- CVE-2014-1733
Jed Davis discovered a way to bypass the seccomp-bpf sandbox.
- CVE-2014-1734
The Google Chrome development team discovered and fixed multiple issues with potential security impact.
- CVE-2014-1735
The Google Chrome development team discovered and fixed multiple issues in version 3.24.35.33 of the v8 javascript library.
- CVE-2014-1736
SkyLined discovered an integer overlflow issue in the v8 javascript library.
For the stable distribution (wheezy), these problems have been fixed in version 34.0.1847.132-1~deb7u1.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 34.0.1847.132-1.
We recommend that you upgrade your chromium-browser packages.
- CVE-2014-1730