Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6653 Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser. CVE-2013-6654 TheShow3511 discovered an issue in SVG handling. CVE-2013-6655 cloudfuzzer discovered a use-after-free issue in dom event handling. CVE-2013-6656 NeexEmil discovered an information leak in the XSS auditor. CVE-2013-6657 NeexEmil discovered a way to bypass the Same Origin policy in the XSS auditor. CVE-2013-6658 cloudfuzzer discovered multiple use-after-free issues surrounding the updateWidgetPositions function. CVE-2013-6659 Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to trigger an unexpected certificate chain during TLS renegotiation. CVE-2013-6660 bishopjeffreys discovered an information leak in the drag and drop implementation. CVE-2013-6661 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.117. CVE-2013-6663 Atte Kettunen discovered a use-after-free issue in SVG handling. CVE-2013-6664 Khalil Zhani discovered a use-after-free issue in the speech recognition feature. CVE-2013-6665 cloudfuzzer discovered a buffer overflow issue in the software renderer. CVE-2013-6666 netfuzzer discovered a restriction bypass in the Pepper Flash plugin. CVE-2013-6667 The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.146. CVE-2013-6668 Multiple vulnerabilities were fixed in version 3.24.35.10 of the V8 javascript library. CVE-2014-1700 Chamal de Silva discovered a use-after-free issue in speech synthesis. CVE-2014-1701 aidanhs discovered a cross-site scripting issue in event handling. CVE-2014-1702 Colin Payne discovered a use-after-free issue in the web database implementation. CVE-2014-1703 VUPEN discovered a use-after-free issue in web sockets that could lead to a sandbox escape. CVE-2014-1704 Multiple vulnerabilities were fixed in version 3.23.17.18 of the V8 javascript library. CVE-2014-1705 A memory corruption issue was discovered in the V8 javascript library. CVE-2014-1713 A use-after-free issue was discovered in the AttributeSetter function. CVE-2014-1715 A directory traversal issue was found and fixed. For the stable distribution (wheezy), these problems have been fixed in version 33.0.1750.152-1~deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 33.0.1750.152-1. We recommend that you upgrade your chromium-browser packages.
Several vulnerabilities have been discovered in the chromium web browser.
Khalil Zhani discovered a use-after-free issue in chromium's web contents color chooser.
TheShow3511 discovered an issue in SVG handling.
cloudfuzzer discovered a use-after-free issue in dom event handling.
NeexEmil discovered an information leak in the XSS auditor.
NeexEmil discovered a way to bypass the Same Origin policy in the XSS auditor.
cloudfuzzer discovered multiple use-after-free issues surrounding the updateWidgetPositions function.
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to trigger an unexpected certificate chain during TLS renegotiation.
bishopjeffreys discovered an information leak in the drag and drop implementation.
The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.117.
Atte Kettunen discovered a use-after-free issue in SVG handling.
Khalil Zhani discovered a use-after-free issue in the speech recognition feature.
cloudfuzzer discovered a buffer overflow issue in the software renderer.
netfuzzer discovered a restriction bypass in the Pepper Flash plugin.
The Google Chrome team discovered and fixed multiple issues in version 33.0.1750.146.
Multiple vulnerabilities were fixed in version 3.24.35.10 of the V8 javascript library.
Chamal de Silva discovered a use-after-free issue in speech synthesis.
aidanhs discovered a cross-site scripting issue in event handling.
Colin Payne discovered a use-after-free issue in the web database implementation.
VUPEN discovered a use-after-free issue in web sockets that could lead to a sandbox escape.
Multiple vulnerabilities were fixed in version 3.23.17.18 of the V8 javascript library.
A memory corruption issue was discovered in the V8 javascript library.
A use-after-free issue was discovered in the AttributeSetter function.
A directory traversal issue was found and fixed.
For the stable distribution (wheezy), these problems have been fixed in version 33.0.1750.152-1~deb7u1.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 33.0.1750.152-1.
We recommend that you upgrade your chromium-browser packages.