chromium: multiple issues

CVE-2014-7899 (address bar spoofing)
A flaw allows remote attackers to spoof the address bar by placing a
blob: substring at the beginning of the URL, followed by the original
URI scheme and a long username string.

CVE-2014-7900 (use-after-free)
Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile
function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted PDF document.

CVE-2014-7901 (integer overflow)
Integer overflow in the opj_t2_read_packet_data function in
fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a long segment in a JPEG image.

CVE-2014-7902 (use-after-free)
Use-after-free vulnerability in PDFium allows remote attackers to cause
a denial of service or possibly have unspecified other impact via a
crafted PDF document.

CVE-2014-7903 (buffer overflow)
Buffer overflow in OpenJPEG before r2911 in PDFium allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via a crafted JPEG image.

CVE-2014-7904 (buffer overflow)
Buffer overflow in Skia allows remote attackers to cause a denial of
service or possibly have unspecified other impact via unknown vectors.

CVE-2014-7906 (use-after-free)
Use-after-free vulnerability in the Pepper plugins allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via crafted Flash content that triggers an attempted
PepperMediaDeviceManager access outside of the object’s lifetime.

CVE-2014-7907 (use-after-free)
Multiple use-after-free vulnerabilities in
modules/screen_orientation/ScreenOrientationController.cpp in Blink
allow remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors that trigger improper handling of a
detached frame, related to the (1) lock and (2) unlock methods.

CVE-2014-7908 (integer overflow)
Multiple integer overflows in the CheckMov function in
media/base/container_names.cc allow remote attackers to cause a denial
of service or possibly have unspecified other impact via a large atom in
(1) MPEG-4 or (2) QuickTime .mov data.

CVE-2014-7909 (uninitialized memory read)
A flaw in effects/SkDashPathEffect.cpp in Skia computes a hash key using
uninitialized integer values, which might allow remote attackers to
cause a denial of service by rendering crafted data.

CVE-2014-7910 (various issues)
Various issues from internal audits, fuzzing and other initiatives that
allow attackers to cause a denial of service or possibly have other impact.