Debian Security Advisory DSA 2939-1 (chromium-browser - security update)

Several vulnerabilities were discovered in the chromium web browser. CVE-2014-1743 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation. CVE-2014-1744 Aaron Staple discovered an integer overflow issue in audio input handling. CVE-2014-1745 Atte Kettunen discovered a use-after-free issue in the Blink/Webkit scalable vector graphics implementation. CVE-2014-1746 Holger Fuhrmannek discovered an out-of-bounds read issue in the URL protocol implementation for handling media. CVE-2014-1747 packagesu discovered a cross-site scripting issue involving malformed MHTML files. CVE-2014-1748 Jordan Milne discovered a user interface spoofing issue. CVE-2014-1749 The Google Chrome development team discovered and fixed multiple issues with potential security impact. CVE-2014-3152 An integer underflow issue was discovered in the v8 javascript library.

chromium-browser on Debian Linux

This check tests the installed software version using the apt package manager.

For the stable distribution (wheezy), these problems have been fixed in version 35.0.1916.114-1~deb7u2. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 35.0.1916.114-1. We recommend that you upgrade your chromium-browser packages.