CVE-2014-3178, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192)Multiple security issues were discovered in Chromium. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to read uninitialized memory, cause a denial ofservice via application crash or execute arbitrary code with theprivileges of the user invoking the program. (CVE-2014-3179,CVE-2014-3200)It was discovered that Chromium did not properly handle the interaction ofIPC and V8. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit this to execute arbitrarycode with the privileges of the user invoking the program. (CVE-2014-3188)A use-after-free was discovered in the web workers implementation inChromium. If a user were tricked in to opening a specially crafted website,an attacker could potentially exploit this to cause a denial of servicevia applicatin crash or execute arbitrary code with the privileges of theuser invoking the program. (CVE-2014-3194)It was discovered that V8 did not correctly handle Javascript heapallocations in some circumstances. If a user were tricked in to opening aspecially crafted website, an attacker could potentially exploit this tosteal sensitive information. (CVE-2014-3195)It was discovered that Blink did not properly provide substitute data forpages blocked by the XSS auditor. If a user were tricked in to opening aspecially crafter website, an attacker could potentially exploit this tosteal sensitive information. (CVE-2014-3197)It was discovered that the wrap function for Event's in the V8 bindingsin Blink produced an erroneous result in some circumstances. If a userwere tricked in to opening a specially crafted website, an attacker couldpotentially exploit this to cause a denial of service by stopping a workerprocess that was handling an Event object. (CVE-2014-3199)Multiple security issues were discovered in V8. If a user were tricked into opening a specially crafted website, an attacker could potentiallyexploit these to read uninitialized memory, cause a denial of service viarenderer crash or execute arbitrary code with the privileges of thesandboxed render process. (CVE-2014-7967)"> OVAL Reference oval:org.mitre.oval:def:27038 - CERT Civis.Net
Oval Definition:oval:org.mitre.oval:def:27038
Revision Date:2014-11-24Version:3
Title:USN-2345-1 -- Oxide vulnerabilities
Description:Multiple use-after-free issues were discovered in Blink. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service via renderer crash,or execute arbitrary code with the privileges of the sandboxed renderprocess. (CVE-2014-3178, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192)Multiple security issues were discovered in Chromium. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to read uninitialized memory, cause a denial ofservice via application crash or execute arbitrary code with theprivileges of the user invoking the program. (CVE-2014-3179,CVE-2014-3200)It was discovered that Chromium did not properly handle the interaction ofIPC and V8. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit this to execute arbitrarycode with the privileges of the user invoking the program. (CVE-2014-3188)A use-after-free was discovered in the web workers implementation inChromium. If a user were tricked in to opening a specially crafted website,an attacker could potentially exploit this to cause a denial of servicevia applicatin crash or execute arbitrary code with the privileges of theuser invoking the program. (CVE-2014-3194)It was discovered that V8 did not correctly handle Javascript heapallocations in some circumstances. If a user were tricked in to opening aspecially crafted website, an attacker could potentially exploit this tosteal sensitive information. (CVE-2014-3195)It was discovered that Blink did not properly provide substitute data forpages blocked by the XSS auditor. If a user were tricked in to opening aspecially crafter website, an attacker could potentially exploit this tosteal sensitive information. (CVE-2014-3197)It was discovered that the wrap function for Event's in the V8 bindingsin Blink produced an erroneous result in some circumstances. If a userwere tricked in to opening a specially crafted website, an attacker couldpotentially exploit this to cause a denial of service by stopping a workerprocess that was handling an Event object. (CVE-2014-3199)Multiple security issues were discovered in V8. If a user were tricked into opening a specially crafted website, an attacker could potentiallyexploit these to read uninitialized memory, cause a denial of service viarenderer crash or execute arbitrary code with the privileges of thesandboxed render process. (CVE-2014-7967)
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2014-3178
CVE-2014-3179
CVE-2014-3188
CVE-2014-3190
CVE-2014-3191
CVE-2014-3192
CVE-2014-3194
CVE-2014-3195
CVE-2014-3197
CVE-2014-3199
CVE-2014-3200
CVE-2014-7967
USN-2345-1
Platform(s):Ubuntu 14.04
Product(s):oxide-qt
Definition Synopsis
  • Ubuntu 14.04 is installed
  • AND Packages match section
  • liboxideqtcore0 is earlier than 0:1.2.5-0ubuntu0.14.04.1
  • OR oxideqt-codecs is earlier than 0:1.2.5-0ubuntu0.14.04.1
  • OR oxideqt-codecs-extra is earlier than 0:1.2.5-0ubuntu0.14.04.1
    • BACK