Debian: DSA-2883-1: chromium-browser security update

    Date23 Mar 2014
    CategoryDebian
    35
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6653
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-2883-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Michael Gilbert
    March 23, 2014                         http://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 
                     CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660
                     CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665
                     CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700
                     CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704
                     CVE-2014-1705 CVE-2014-1713 CVE-2014-1715
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2013-6653
    
        Khalil Zhani discovered a use-after-free issue in chromium's web
        contents color chooser.
    
    CVE-2013-6654
    
        TheShow3511 discovered an issue in SVG handling.
    
    CVE-2013-6655
    
        cloudfuzzer discovered a use-after-free issue in dom event handling.
    
    CVE-2013-6656
    
        NeexEmil discovered an information leak in the XSS auditor.
    
    CVE-2013-6657
    
        NeexEmil discovered a way to bypass the Same Origin policy in the
        XSS auditor.
    
    CVE-2013-6658
    
        cloudfuzzer discovered multiple use-after-free issues surrounding
        the updateWidgetPositions function.
    
    CVE-2013-6659
    
        Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that
        it was possible to trigger an unexpected certificate chain during
        TLS renegotiation.
    
    CVE-2013-6660
    
        bishopjeffreys discovered an information leak in the drag and drop
        implementation.
    
    CVE-2013-6661
    
        The Google Chrome team discovered and fixed multiple issues in
        version 33.0.1750.117.
    
    CVE-2013-6663
    
        Atte Kettunen discovered a use-after-free issue in SVG handling.
    
    CVE-2013-6664
    
        Khalil Zhani discovered a use-after-free issue in the speech
        recognition feature.
    
    CVE-2013-6665
    
        cloudfuzzer discovered a buffer overflow issue in the software
        renderer.
    
    CVE-2013-6666
    
        netfuzzer discovered a restriction bypass in the Pepper Flash
        plugin.
    
    CVE-2013-6667
    
        The Google Chrome team discovered and fixed multiple issues in
        version 33.0.1750.146.
    
    CVE-2013-6668
    
        Multiple vulnerabilities were fixed in version 3.24.35.10 of
        the V8 javascript library.
    
    CVE-2014-1700
    
        Chamal de Silva discovered a use-after-free issue in speech
        synthesis.
    
    CVE-2014-1701
    
        aidanhs discovered a cross-site scripting issue in event handling.
    
    CVE-2014-1702
    
        Colin Payne discovered a use-after-free issue in the web database
        implementation.
    
    CVE-2014-1703
    
        VUPEN discovered a use-after-free issue in web sockets that
        could lead to a sandbox escape.
    
    CVE-2014-1704
    
        Multiple vulnerabilities were fixed in version 3.23.17.18 of
        the V8 javascript library.
    
    CVE-2014-1705
    
        A memory corruption issue was discovered in the V8 javascript
        library.
    
    CVE-2014-1713
    
        A use-after-free issue was discovered in the AttributeSetter
        function.    
    
    CVE-2014-1715
    
        A directory traversal issue was found and fixed.
    
    For the stable distribution (wheezy), these problems have been fixed in
    version 33.0.1750.152-1~deb7u1.
    
    For the testing distribution (jessie), these problems will be fixed soon.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 33.0.1750.152-1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.