CVE-2014-1730high
Description
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.
References
https://code.google.com/p/v8/source/detail?r=20595
https://code.google.com/p/v8/source/detail?r=20377
https://code.google.com/p/v8/source/detail?r=20388
https://code.google.com/p/chromium/issues/detail?id=354967
https://code.google.com/p/v8/source/detail?r=20593
https://code.google.com/p/v8/source/detail?r=20375
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
http://secunia.com/advisories/58301
http://www.debian.org/security/2014/dsa-2920
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html