Number:IRCNE2014052194
Date: 2014-05-18
According to “softpedia”, the latest stable version of Google Chrome, 34.0.1847.137, includes three security fixes. The issues, all of which are high-severity, have been given the following CVE identifiers: CVE-2014-1740, CVE-2014-1741 and CVE-2014-1742.
-CVE-2014-1740: a use-after-free in WebSockets reported by Collin Payne.
-CVE-2014-1741: integer overflow flaw in DOM ranges reported by John Butler.
-CVE-2014-1742: use-after-free in editing reported by cloudfuzzer.
Two of the vulnerabilities were identified with AddressSanitizer. The latest Chrome stable channel update also brings Flash Player to version 13.0.0.214.
Adobe has updated Flash Player to address six vulnerabilities, including a use-after-free reported by Zeguang Zhao of team509 and Liang Chen of Keen Team at Pwn2Own 2014.
The Flash Player security holes could have been exploited to bypass the same policy origin, bypass security mechanisms and execute arbitrary code.
Users are advised to update their installations as soon as possible.
- 3