New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.7
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis chromium version update fixes the following security and non-security issues :
- Add patch chromium-fix-arm-skia-memset.patch to resolve a linking issue on ARM with regards to missing symbols.
- Add patch arm_use_gold.patch to use the right gold binaries on ARM. Hopefully this resolves the build issues with running out of memory
- bnc#872805: Update to Chromium 34.0.1847.116
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Security fixes :
- CVE-2014-1716: UXSS in V8
- CVE-2014-1717: OOB access in V8
- CVE-2014-1718: Integer overflow in compositor
- CVE-2014-1719: Use-after-free in web workers
- CVE-2014-1720: Use-after-free in DOM
- CVE-2014-1721: Memory corruption in V8
- CVE-2014-1722: Use-after-free in rendering
- CVE-2014-1723: Url confusion with RTL characters
- CVE-2014-1724: Use-after-free in speech
- CVE-2014-1725: OOB read with window property
- CVE-2014-1726: Local cross-origin bypass
- CVE-2014-1727: Use-after-free in forms
- CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives
- CVE-2014-1729: Multiple vulnerabilities in V8
- No longer build against system libraries as that Chromium works a lot better and crashes less on websites than with system libs
- Added package depot_tools.tar.gz as that the chromium build now requires it during the initial build phase. It just contains some utilities and nothing from it is being installed.
- If people want to install newer versions of the ffmpeg library then let them. This is what they want.
- Remove the buildscript from the sources
SolutionUpdate the affected chromium packages.