CVE-2014-1733

Upstream information

CVE-2014-1733 at MITRE

Description

The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.

---

SUSE information

CVSS v2 Scores

	National Vulnerability Database
Base Score	7.48
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

SUSE Bugzilla entry: 875408 [RESOLVED / FIXED]

SUSE Security Advisories:

• openSUSE-SU-2014:0668-1, published Fri, 16 May 2014 15:04:15 +0200 (CEST)
• openSUSE-SU-2014:0669-1, published Fri, 16 May 2014 16:04:35 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 12.3	chromedriver >= 34.0.1847.132-1.41.2 chromedriver-debuginfo >= 34.0.1847.132-1.41.2 chromium >= 34.0.1847.132-1.41.2 chromium-debuginfo >= 34.0.1847.132-1.41.2 chromium-debugsource >= 34.0.1847.132-1.41.2 chromium-desktop-gnome >= 34.0.1847.132-1.41.2 chromium-desktop-kde >= 34.0.1847.132-1.41.2 chromium-ffmpegsumo >= 34.0.1847.132-1.41.2 chromium-ffmpegsumo-debuginfo >= 34.0.1847.132-1.41.2 chromium-suid-helper >= 34.0.1847.132-1.41.2 chromium-suid-helper-debuginfo >= 34.0.1847.132-1.41.2	Patchnames: openSUSE-2014-370
openSUSE 13.1	chromedriver >= 34.0.1847.132-33.1 chromedriver-debuginfo >= 34.0.1847.132-33.1 chromium >= 34.0.1847.132-33.1 chromium-debuginfo >= 34.0.1847.132-33.1 chromium-debugsource >= 34.0.1847.132-33.1 chromium-desktop-gnome >= 34.0.1847.132-33.1 chromium-desktop-kde >= 34.0.1847.132-33.1 chromium-ffmpegsumo >= 34.0.1847.132-33.1 chromium-ffmpegsumo-debuginfo >= 34.0.1847.132-33.1 chromium-suid-helper >= 34.0.1847.132-33.1 chromium-suid-helper-debuginfo >= 34.0.1847.132-33.1	Patchnames: openSUSE-2014-371