Chromium, V8: Multiple vulnerabilities Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. chromium v8 2014-03-05 2014-03-05 486742 488148 491128 491326 493364 498168 499502 501948 503372 remote 33.0.1750.146 33.0.1750.146 3.20.17.13

Chromium is an open-source web browser project. V8 is Google’s open source JavaScript engine.

Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.

A context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other unspecified impact.

There is no known workaround at this time.

All chromium users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-33.0.1750.146"

Gentoo has discontinued support for separate V8 package. We recommend that users unmerge V8:

# emerge --unmerge "dev-lang/v8"
CVE-2013-2906 CVE-2013-2907 CVE-2013-2908 CVE-2013-2909 CVE-2013-2910 CVE-2013-2911 CVE-2013-2912 CVE-2013-2913 CVE-2013-2915 CVE-2013-2916 CVE-2013-2917 CVE-2013-2918 CVE-2013-2919 CVE-2013-2920 CVE-2013-2921 CVE-2013-2922 CVE-2013-2923 CVE-2013-2925 CVE-2013-2926 CVE-2013-2927 CVE-2013-2928 CVE-2013-2931 CVE-2013-6621 CVE-2013-6622 CVE-2013-6623 CVE-2013-6624 CVE-2013-6625 CVE-2013-6626 CVE-2013-6627 CVE-2013-6628 CVE-2013-6632 CVE-2013-6634 CVE-2013-6635 CVE-2013-6636 CVE-2013-6637 CVE-2013-6638 CVE-2013-6639 CVE-2013-6640 CVE-2013-6641 CVE-2013-6643 CVE-2013-6644 CVE-2013-6645 CVE-2013-6646 CVE-2013-6649 CVE-2013-6650 CVE-2013-6652 CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656 CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660 CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665 CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2013-6802 CVE-2014-1681 pinkbyte pinkbyte