Bugzilla – Bug 875408
VUL-0: chromium: multiple security issues before 34.0.1847.132
Last modified: 2016-04-27 19:59:08 UTC
The following security issue have been discovered in chromium for Linux before 34.0.1847.132. CVE-2014-1730: http://www.cvedetails.com/cve/CVE-2014-1730 Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc. CVE-2014-1731: http://www.cvedetails.com/cve/CVE-2014-1731 core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1732: http://www.cvedetails.com/cve/CVE-2014-1732 Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration. CVE-2014-1733: http://www.cvedetails.com/cve/CVE-2014-1733 The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access. CVE-2014-1734: http://www.cvedetails.com/cve/CVE-2014-1734 Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2014-1735: http://www.cvedetails.com/cve/CVE-2014-1735 Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
bugbot adjusting priority
Official reference from googlechromereleases blog: http://googlechromereleases.blogspot.de/2014/04/stable-channel-update_24.html [354967] High CVE-2014-1730: Type confusion in V8. Credit to Anonymous. [349903] High CVE-2014-1731: Type confusion in DOM. Credit to John Butler. [359802] High CVE-2014-1736: Integer overflow in V8. Credit to SkyLined working with HP's Zero Day Initiative [352851] Medium CVE-2014-1732: Use-after-free in Speech Recognition. Credit to Khalil Zhani [351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. Credit to Jed Davis [367314] CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives. [359130, 359525, 360429] CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33. Please submit for openSUSE 12.3 and 13.1.
Updates submitted for openSUSE 12.3 and 13.1
This is an autogenerated message for OBS integration: This bug (875408) was mentioned in https://build.opensuse.org/request/show/232875 12.3 / chromium https://build.opensuse.org/request/show/232876 13.1 / chromium
i think this was done