Advisories ยป MGASA-2013-0249

Updated chromium-browser-stable packages fix security vulnerabilities

Publication date: 17 Aug 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-2881 , CVE-2013-2882 , CVE-2013-2883 , CVE-2013-2884 , CVE-2013-2885 , CVE-2013-2886

Description

Updated chromium-browser-stable packages fix security vulnerabilities:

Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame
handling (CVE-2013-2881).

Cloudfuzzer discovered a type confusion issue in the V8 javascript library
(CVE-2013-2882).

Cloudfuzzer discovered a use-after-free issue in MutationObserver
(CVE-2013-2883).

Ivan Fratric of the Google Security Team discovered a use-after-free issue in
the DOM implementation (CVE-2013-2884).

Ivan Fratric of the Google Security Team discovered a use-after-free issue in
input handling (CVE-2013-2885).

The chrome 28 development team found various issues from internal fuzzing,
audits, and other studies (CVE-2013-2886).

This update provides version 28.0.1500.95, which fixes these issues.

Additionally, Google Sync should now work (mga#9851), and playing of media
files with certain codecs, such as mp3, should now work with the tainted
build (mga#10828) in Mageia 3.
                

References

SRPMS

3/core

3/tainted

2/core