Advisories ยป MGASA-2014-0107

Updated chromium-browser-stable packages address multiple vulnerabilities

Publication date: 27 Feb 2014
Modification date: 27 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-6653 , CVE-2013-6654 , CVE-2013-6655 , CVE-2013-6656 , CVE-2013-6657 , CVE-2013-6658 , CVE-2013-6659 , CVE-2013-6660 , CVE-2013-6661

Description

Use-after-free related to web contents (CVE-2013-6653).

Bad cast in SVG (CVE-2013-6654).

Use-after-free in layout (CVE-2013-6655).

Information leaks in XSS auditor (CVE-2013-6656, CVE-2013-6657).

Use-after-free in layout (CVE-2013-6658).

Issue with certificates validation in TLS handshake (CVE-2013-6659).

Information leak in drag and drop (CVE-2013-6660).

Various fixes from internal audits, fuzzing and other initiatives. Of these,
seven are fixes for issues that could have allowed for sandbox escapes from
compromised renderers (CVE-2013-6661).
                

References

SRPMS

3/core

3/tainted

4/core

4/tainted