http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html

openSUSE-SU-2014:0601

GLSA-201408-16

DSA-2905

https://code.google.com/p/chromium/issues/detail?id=353004

https://code.google.com/p/v8/source/detail?r=20020

The remote host is affected by the vulnerability described in GLSA-201408-16 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could conduct a number of attacks which include: cross       site scripting attacks, bypassing of sandbox protection,  potential       execution of arbitrary code with the privileges of the process, or cause       a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

This chromium version update fixes the following security and non-security issues :

  - Add patch chromium-fix-arm-skia-memset.patch to resolve     a linking issue on ARM with regards to missing symbols.

  - Add patch arm_use_gold.patch to use the right gold     binaries on ARM. Hopefully this resolves the build     issues with running out of memory

  - bnc#872805: Update to Chromium 34.0.1847.116

  - Responsive Images and Unprefixed Web Audio

  - Import supervised users onto new computers

  - A number of new apps/extension APIs 

  - Lots of under the hood changes for stability and     performance 

  - Security fixes :

  - CVE-2014-1716: UXSS in V8

  - CVE-2014-1717: OOB access in V8

  - CVE-2014-1718: Integer overflow in compositor

  - CVE-2014-1719: Use-after-free in web workers

  - CVE-2014-1720: Use-after-free in DOM

  - CVE-2014-1721: Memory corruption in V8

  - CVE-2014-1722: Use-after-free in rendering

  - CVE-2014-1723: Url confusion with RTL characters

  - CVE-2014-1724: Use-after-free in speech

  - CVE-2014-1725: OOB read with window property

  - CVE-2014-1726: Local cross-origin bypass

  - CVE-2014-1727: Use-after-free in forms

  - CVE-2014-1728: Various fixes from internal audits,     fuzzing and other initiatives

  - CVE-2014-1729: Multiple vulnerabilities in V8 

  - No longer build against system libraries as that     Chromium works a lot better and crashes less on websites     than with system libs

  - Added package depot_tools.tar.gz as that the chromium     build now requires it during the initial build phase. It     just contains some utilities and nothing from it is     being installed.

  - If people want to install newer versions of the ffmpeg     library then let them. This is what they want.

  - Remove the buildscript from the sources

Several vulnerabilities were discovered in the chromium web browser.

  - CVE-2014-1716     A cross-site scripting issue was discovered in the v8     JavaScript library.

  - CVE-2014-1717     An out-of-bounds read issue was discovered in the v8     JavaScript library.

  - CVE-2014-1718     Aaron Staple discovered an integer overflow issue in     chromium's software compositor.

  - CVE-2014-1719     Colin Payne discovered a use-after-free issue in the web     workers implementation.

  - CVE-2014-1720     cloudfuzzer discovered a use-after-free issue in the     Blink/Webkit document object model implementation.

  - CVE-2014-1721     Christian Holler discovered a memory corruption issue in     the v8 JavaScript library.

  - CVE-2014-1722     miaubiz discovered a use-after-free issue in block     rendering.

  - CVE-2014-1723     George McBay discovered a url spoofing issue. 

  - CVE-2014-1724     Atte Kettunen discovered a use-after-free issue in     freebsoft's libspeechd library.

  Because of this issue, the text-to-speech feature is now disabled by   default ('--enable-speech-dispatcher' at the command-line can   re-enable it).

  - CVE-2014-1725     An out-of-bounds read was discovered in the base64     implementation.

  - CVE-2014-1726     Jann Horn discovered a way to bypass the same origin     policy. 

  - CVE-2014-1727     Khalil Zhani discovered a use-after-free issue in the     web color chooser implementation.

  - CVE-2014-1728     The Google Chrome development team discovered and fixed     multiple issues with potential security impact.

  - CVE-2014-1729     The Google Chrome development team discovered and fixed     multiple issues in version 3.24.35.22 of the v8     JavaScript library.

The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116, and is thus affected by the following vulnerabilities :

  - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0506)
 - A buffer overflow error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0507)
 - An unspecified error exists in the included Flash version that could allow a security bypass leading to information disclosure. (CVE-2014-0508)
 - A flaw exists related to IPC message injection. Combined with another vulnerability that allows compromising a renderer, a context-dependent attacker can bypass sandbox restrictions. (2014-1709)
 - An unspecified error exists in the included Flash version that could allow cross-site scripting attacks. (CVE-2014-0509)
 - An input-validation error exists that could allow universal cross-site scripting (UXSS) attacks. (CVE-2014-1716)
 - An unspecified out-of-bounds access error exists related to the V8 JavaScript engine. (CVE-2014-1717)
 - An integer overflow error exists related to the compositor. (CVE-2014-1718)
 - Use-after-free errors exist related to web workers, DOM processing, rendering, speech handling and forms handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722, CVE-2014-1724, CVE-2014-1727)
 - An unspecified memory corruption error exists related to the V8 JavaScript engine. (CVE-2014-1721)
 - An URL confusion error exists related to handling RTL characters. (CVE-2014-1723)
 - An out-of-bounds read error exists related to handling 'window property' processing. (CVE-2014-1725)
 - An unspecified error exists that could allow local cross-origin bypasses. (CVE-2014-1726)
 - Various, unspecified memory handling errors exist. (CVE-2014-1728)
 - Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1729)

Google Chrome Releases reports :

31 vulnerabilities fixed in this release, including :

- [354123] High CVE-2014-1716: UXSS in V8. Credit to Anonymous.

- [353004] High CVE-2014-1717: OOB access in V8. Credit to Anonymous.

- [348332] High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple.

- [343661] High CVE-2014-1719: Use-after-free in web workers. Credit to Collin Payne.

- [356095] High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer.

- [350434] High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler.

- [330626] High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz.

- [337746] High CVE-2014-1723: Url confusion with RTL characters.
Credit to George McBay.

- [327295] High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen of OUSPG.

- [357332] Medium CVE-2014-1725: OOB read with window property. Credit to Anonymous

- [346135] Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn.

- [342735] Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani.

- [360298] CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives.

- [345820, 347262, 348319, 350863, 352982, 355586, 358059] CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22.

The version of Google Chrome installed on the remote Mac OS X host is a version prior to 34.0.1847.116. It is, therefore, affected by the following vulnerabilities :

  - A use-after-free error exists in the included Flash     version that could lead to arbitrary code execution.
    (CVE-2014-0506)

  - A buffer overflow error exists in the included Flash     version that could lead to arbitrary code execution.
    (CVE-2014-0507)

  - An unspecified error exists in the included Flash     version that could allow a security bypass leading to     information disclosure. (CVE-2014-0508)

  - An unspecified error exists in the included Flash     version that could allow cross-site scripting attacks.
    (CVE-2014-0509)

  - An unspecified flaw exists related to IPC message     injection that allows an unauthenticated, remote     attacker to bypass sandbox restrictions. (CVE-2014-1709)

  - An input validation error exists that could allow     universal cross-site scripting (UXSS) attacks.
    (CVE-2014-1716)

  - An unspecified out-of-bounds access error exists     related to the V8 JavaScript engine. (CVE-2014-1717)

  - An integer overflow error exists related to the     compositor. (CVE-2014-1718)

  - Use-after-free errors exist related to web workers,     DOM processing, rendering, speech handling and forms     handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722,     CVE-2014-1724, CVE-2014-1727)

  - An unspecified memory corruption error exists related     to the V8 JavaScript engine. (CVE-2014-1721)

  - An URL confusion error exists related to handling RTL     characters. (CVE-2014-1723)

  - An out-of-bounds read error exists related to handling     'window property' processing. (CVE-2014-1725)

  - An unspecified error exists that could allow local     cross-origin bypasses. (CVE-2014-1726)

  - Various, unspecified memory handling errors exist.
    (CVE-2014-1728)

  - Various, unspecified errors exist related to the V8     JavaScript engine. (CVE-2014-1729)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116. It is, therefore, affected by the following vulnerabilities :

  - A use-after-free error exists in the included Flash     version that could lead to arbitrary code execution.
    (CVE-2014-0506)

  - A buffer overflow error exists in the included Flash     version that could lead to arbitrary code execution.
    (CVE-2014-0507)

  - An unspecified error exists in the included Flash     version that could allow a security bypass leading to     information disclosure. (CVE-2014-0508)

  - An unspecified error exists in the included Flash     version that could allow cross-site scripting attacks.
    (CVE-2014-0509)

  - An unspecified flaw exists related to IPC message     injection that allows an unauthenticated, remote     attacker to bypass sandbox restrictions. (CVE-2014-1709)     
  - An input validation error exists that could allow     universal cross-site scripting (UXSS) attacks.
    (CVE-2014-1716)

  - An unspecified out-of-bounds access error exists     related to the V8 JavaScript engine. (CVE-2014-1717)

  - An integer overflow error exists related to the     compositor. (CVE-2014-1718)

  - Use-after-free errors exist related to web workers,     DOM processing, rendering, speech handling and forms     handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722,     CVE-2014-1724, CVE-2014-1727)

  - An unspecified memory corruption error exists related     to the V8 JavaScript engine. (CVE-2014-1721)

  - An URL confusion error exists related to handling RTL     characters. (CVE-2014-1723)

  - An out-of-bounds read error exists related to handling     'window property' processing. (CVE-2014-1725)

  - An unspecified error exists that could allow local     cross-origin bypasses. (CVE-2014-1726)

  - Various, unspecified memory handling errors exist.
    (CVE-2014-1728)

  - Various, unspecified errors exist related to the V8     JavaScript engine. (CVE-2014-1729)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
77460	GLSA-201408-16 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
75340	openSUSE Security Update : chromium (openSUSE-SU-2014:0601-1)	Nessus	SuSE Local Security Checks	high
73581	Debian DSA-2905-1 : chromium-browser - security update	Nessus	Debian Local Security Checks	high
8208	Google Chrome < 34.0.1847.116 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
73431	FreeBSD : chromium -- multiple vulnerabilities (963413a5-bf50-11e3-a2d6-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	high
73420	Google Chrome < 34.0.1847.116 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
73419	Google Chrome < 34.0.1847.116 Multiple Vulnerabilities	Nessus	Windows	high

CVE-2014-1717

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins