chromium -- multiple vulnerabilities

ID D2BBCC01-4EC3-11E4-AB3F-00262D5ED8EE
Type freebsd
Reporter FreeBSD
Modified 2014-10-07T00:00:00


Google Chrome Releases reports:

159 security fixes in this release, including 113 found using MemorySanitizer:

[416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox. [398384] High CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer. [400476] High CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer. [402407] High CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer. [403276] High CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer. [399655] High CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz. [401115] High CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne. [403409] Medium CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla. [338538] Medium CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw. [396544] Medium CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada. [415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen of OUSPG. [395411] Low CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne. [420899] CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38). Multiple vulnerabilities in V8 fixed at the tip of the 3.28 branch (currently