SB2014091922 - Gentoo update for Chromium

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2014-3178)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>

2) Input validation error (CVE-ID: CVE-2014-3179)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Remediation

Install update from vendor's website.

References

• https://security.gentoo.org/
• https://security.gentoo.org/glsa/201409-06