Bugzilla – Bug 866959
VUL-0: chromium stable release 33.0.1750.146
Last modified: 2015-02-19 02:20:21 UTC
via cve db
Stable Channel Update
The Stable Channel has been updated to 33.0.1750.146 for Windows, Mac, and Linux.
Security Fixes and Rewards
This update includes 19 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
[$1000] High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG.
[$500] High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani.
[$2000] High CVE-2013-6665: Heap buffer overflow in software rendering. Credit to cloudfuzzer.
 Medium CVE-2013-6666: Chrome allows requests in flash header request. Credit to netfuzzerr.
As usual, our ongoing internal security work responsible for a wide range of fixes:
 CVE-2013-6667: Various fixes from internal audits, fuzzing and other initiatives.
[343964, 344186, 347909] CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 126.96.36.199.
Many of the above bugs were detected using AddressSanitizer.
This release fixes a number of crashes and other bugs. A full list of changes is available in the SVN log. If you find a new issue, please let us know by filing a bug.
bugbot adjusting priority
I got a newer one :) Chromium 33.0.1750.152, which also resolves the following
* CVE-2014-1713: Use-after-free in Blink bindings
* CVE-2014-1714: Windows clipboard vulnerability
* CVE-2014-1705: Memory corruption in V8
* CVE-2014-1715: Directory traversal issue
and the ones from 33.0.1750.149
* CVE-2014-1700: Use-after-free in speech
* CVE-2014-1701: UXSS in events
* CVE-2014-1702: Use-after-free in web database
* CVE-2014-1703: Potential sandbox escape due to a
use-after-free in web sockets
* CVE-2014-1704: Multiple vulnerabilities in V8 fixed in
This version is now submitted with maintenance requests 227543 for 12.3 and 227544 for 13.1
accepted as maintenance update
openSUSE-SU-2014:0501-1: An update that fixes 9 vulnerabilities is now available.
Category: security (important)
Bug References: 866959
CVE References: CVE-2014-1700,CVE-2014-1701,CVE-2014-1702,CVE-2014-1703,CVE-2014-1704,CVE-2014-1705,CVE-2014-1713,CVE-2014-1714,CVE-2014-1715
openSUSE 13.1 (src): chromium-33.0.1750.152-25.2
openSUSE 12.3 (src): chromium-33.0.1750.152-1.33.2