Debian Security Advisory
DSA-2939-1 chromium-browser -- security update
- Date Reported:
- 31 May 2014
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-1743, CVE-2014-1744, CVE-2014-1745, CVE-2014-1746, CVE-2014-1747, CVE-2014-1748, CVE-2014-1749, CVE-2014-3152.
- More information:
Several vulnerabilities were discovered in the chromium web browser.
cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation.
Aaron Staple discovered an integer overflow issue in audio input handling.
Atte Kettunen discovered a use-after-free issue in the Blink/Webkit scalable vector graphics implementation.
Holger Fuhrmannek discovered an out-of-bounds read issue in the URL protocol implementation for handling media.
packagesu discovered a cross-site scripting issue involving malformed MHTML files.
Jordan Milne discovered a user interface spoofing issue.
The Google Chrome development team discovered and fixed multiple issues with potential security impact.
For the stable distribution (wheezy), these problems have been fixed in version 35.0.1916.114-1~deb7u2.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 35.0.1916.114-1.
We recommend that you upgrade your chromium-browser packages.