Bug 875408 - VUL-0: chromium: multiple security issues before 34.0.1847.132
VUL-0: chromium: multiple security issues before 34.0.1847.132
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 13.1
: P3 - Medium : Normal
: ---
Assigned To: Raymond Wooninck
Security Team bot
CVSSv2:NVD:CVE-2014-1731:7.5:(AV:N/AC...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-04-28 08:17 UTC by Alexander Bergmann
Modified: 2016-04-27 19:59 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2014-04-28 08:17:04 UTC
The following security issue have been discovered in chromium for Linux before 34.0.1847.132.

CVE-2014-1730:
http://www.cvedetails.com/cve/CVE-2014-1730
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc. 

CVE-2014-1731:
http://www.cvedetails.com/cve/CVE-2014-1731 
core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. 

CVE-2014-1732:
http://www.cvedetails.com/cve/CVE-2014-1732 
Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration. 

CVE-2014-1733:
http://www.cvedetails.com/cve/CVE-2014-1733 
The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access. 

CVE-2014-1734:
http://www.cvedetails.com/cve/CVE-2014-1734
Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 

CVE-2014-1735:
http://www.cvedetails.com/cve/CVE-2014-1735
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Comment 1 Swamp Workflow Management 2014-04-28 22:00:20 UTC
bugbot adjusting priority
Comment 2 Alexander Bergmann 2014-05-02 15:40:12 UTC
Official reference from googlechromereleases blog:

http://googlechromereleases.blogspot.de/2014/04/stable-channel-update_24.html

[354967] High CVE-2014-1730: Type confusion in V8. Credit to Anonymous.
[349903] High CVE-2014-1731: Type confusion in DOM. Credit to John Butler.
[359802] High CVE-2014-1736: Integer overflow in V8.  Credit to SkyLined working with HP's Zero Day Initiative
[352851] Medium CVE-2014-1732: Use-after-free in Speech Recognition. Credit to Khalil Zhani
[351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. Credit to Jed Davis 

[367314] CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives.
[359130, 359525, 360429] CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33.


Please submit for openSUSE 12.3 and 13.1.
Comment 3 Raymond Wooninck 2014-05-06 18:38:36 UTC
Updates submitted for openSUSE 12.3 and 13.1
Comment 4 Bernhard Wiedemann 2014-05-06 19:00:14 UTC
This is an autogenerated message for OBS integration:
This bug (875408) was mentioned in
https://build.opensuse.org/request/show/232875 12.3 / chromium
https://build.opensuse.org/request/show/232876 13.1 / chromium
Comment 5 Marcus Meissner 2014-05-23 07:19:30 UTC
i think this was done