Upstream has released version 40.0.2214.111 on February 5: http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html This fixes several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates There were a couple of intermediate bugfix releases since our last update: http://googlechromereleases.blogspot.com/2015/01/stable-channel-update_26.html http://googlechromereleases.blogspot.com/2015/01/stable-channel-update_30.html Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO
Updated packages are ready for testing. MGA4 SRPM: chromium-browser-stable-40.0.2214.111-1.mga4.src.rpm RPMS: chromium-browser-stable-40.0.2214.111-1.mga4.i586.rpm chromium-browser-40.0.2214.111-1.mga4.i586.rpm chromium-browser-stable-40.0.2214.111-1.mga4.x86_64.rpm chromium-browser-40.0.2214.111-1.mga4.x86_64.rpm Advisory: Chromium-browser 40.0.2214.111 fixes security issues: Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor. (CVE-2015-1209) The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. (CVE-2015-1210) The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. (CVE-2015-1211) Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2015-1212) References: http://googlechromereleases.blogspot.com/2015/01/stable-channel-update_26.html http://googlechromereleases.blogspot.com/2015/01/stable-channel-update_30.html http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1209 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1210 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1211 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1212
Assignee: cjw => qa-bugs
Thanks! Freeze push for Cauldron still pending. Re-formatting the advisory. Updated chromium-browser packages fix security vulnerabilities: Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor (CVE-2015-1209). The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site (CVE-2015-1210). The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI (CVE-2015-1211). Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 allow attackers to cause a denial of service or possibly have other impact via unknown vectors (CVE-2015-1212). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1210 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1212 http://googlechromereleases.blogspot.com/2015/01/stable-channel-update_26.html http://googlechromereleases.blogspot.com/2015/01/stable-channel-update_30.html http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html
Version: Cauldron => 4Whiteboard: MGA4TOO => (none)
Tested general use, acid3 test at acidtests.org and sunspider for javascript. No plugins tested. All OK.
CC: (none) => wrw105Whiteboard: (none) => mga4-64-ok
CC: (none) => cjw
Works fine for me on Mageia 4 i586. Validating now. The advisory still needs to be uploaded. Please push to core/updates once the advisory is uploaded. Thanks.
Keywords: (none) => validated_updateWhiteboard: mga4-64-ok => mga4-64-ok mga4-32-okCC: (none) => sysadmin-bugs
Advisory from comment 2 uploaded.
Whiteboard: mga4-64-ok mga4-32-ok => advisory mga4-64-ok mga4-32-ok
RedHat has issued an advisory for this on February 10: https://rhn.redhat.com/errata/RHSA-2015-0163.html
URL: (none) => http://lwn.net/Vulnerabilities/632901/
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0062.html
Status: NEW => RESOLVEDResolution: (none) => FIXED