Several vulnerabilities were discovered in the chromium web browser. CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium 36.0.1985.125. CVE-2014-3165 Colin Payne discovered a use-after-free issue in the Web Sockets implementation. CVE-2014-3166 Antoine Delignat-Lavaud discovered an information leak in the SPDY protocol implementation. CVE-2014-3167 The Google Chrome development team addressed multiple issues with potential security impact for chromium 36.0.1985.143. CVE-2014-3168 cloudfuzzer discovered a use-after-free issue in SVG image file handling. CVE-2014-3169 Andrzej Dyjak discovered a use-after-free issue in the Webkit/Blink Document Object Model implementation. CVE-2014-3170 Rob Wu discovered a way to spoof the url of chromium extensions. CVE-2014-3171 cloudfuzzer discovered a use-after-free issue in chromium's v8 bindings. CVE-2014-3172 Eli Grey discovered a way to bypass access restrictions using chromium's Debugger extension API. CVE-2014-3173 jmuizelaar discovered an uninitialized read issue in WebGL. CVE-2014-3174 Atte Kettunen discovered an uninitialized read issue in Web Audio. CVE-2014-3175 The Google Chrome development team addressed multiple issues with potential security impact for chromium 37.0.2062.94. CVE-2014-3176 lokihardt@asrt discovered a combination of flaws that can lead to remote code execution outside of chromium's sandbox. CVE-2014-3177 lokihardt@asrt discovered a combination of flaws that can lead to remote code execution outside of chromium's sandbox. CVE-2014-3178 miaubiz discovered a use-after-free issue in the Document Object Model implementation in Blink/Webkit. CVE-2014-3179 The Google Chrome development team addressed multiple issues with potential security impact for chromium 37.0.2062.120.

For the stable distribution (wheezy), these problems have been fixed in version 37.0.2062.120-1~deb7u1. For the testing (jessie) and unstable (sid) distributions, these problems have been fixed in version 37.0.2062.120-1. We recommend that you upgrade your chromium-browser packages.

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all Internet users to experience the web.

chromium-browser on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2014/dsa-3039.html

---

Updated on 2015-03-25