chromium-browser - security update

2014-05-1700:00:00

Google

osv.dev

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Several vulnerabilties have been discovered in the chromium web browser.

CVE-2014-1740
Collin Payne discovered a use-after-free issue in chromium’s
WebSockets implementation.
CVE-2014-1741
John Butler discovered multiple integer overflow issues in the
Blink/Webkit document object model implementation.
CVE-2014-1742
cloudfuzzer discovered a use-after-free issue in the Blink/Webkit
text editing feature.

For the stable distribution (wheezy), these problems have been fixed in
version 34.0.1847.137-1~deb7u1.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 34.0.1847.137-1.

We recommend that you upgrade your chromium-browser packages.

CPENameOperatorVersion
chromium-browsereq33.0.1750.152-1
chromium-browsereq31.0.1650.57-1
chromium-browsereq27.0.1453.93-1
chromium-browsereq29.0.1547.57-3
chromium-browsereq31.0.1650.57-1~deb7u1
chromium-browsereq29.0.1547.57-2
chromium-browsereq34.0.1847.116-1~deb7u1
chromium-browsereq34.0.1847.116-2
chromium-browsereq28.0.1500.95-2
chromium-browsereq27.0.1453.93-1~deb7u1

Name	Operator	Version
chromium-browser	eq	33.0.1750.152-1
chromium-browser	eq	31.0.1650.57-1
chromium-browser	eq	27.0.1453.93-1
chromium-browser	eq	29.0.1547.57-3
chromium-browser	eq	31.0.1650.57-1~deb7u1
chromium-browser	eq	29.0.1547.57-2
chromium-browser	eq	34.0.1847.116-1~deb7u1
chromium-browser	eq	34.0.1847.116-2
chromium-browser	eq	28.0.1500.95-2
chromium-browser	eq	27.0.1453.93-1~deb7u1