Launchpad.net

CVE 2014-7941

The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data.

Related bugs and status

CVE-2014-7941 (Candidate) is related to these bugs:

Bug #1378627: chromium-browser crashed with SIGSEGV

		In	Importance	Status
1378627	chromium-browser crashed with SIGSEGV	chromium-browser (Ubuntu)	Medium	Fix Released
1378627	chromium-browser crashed with SIGSEGV	Chromium Browser	Unknown	Unknown
1378627	chromium-browser crashed with SIGSEGV	Mesa	Medium	Won't Fix
1378627	chromium-browser crashed with SIGSEGV	chromium-browser (Debian)	Unknown	Fix Released
1378627	chromium-browser crashed with SIGSEGV	chromium-browser (Fedora)	Undecided	Won't Fix

Bug #1398900: No search suggestions in chromium omnibox

Summary				In	Importance	Status
	1398900	No search suggestions in chromium omnibox		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1414753: Chromium browser 39.0.2171.65 does not load policies

Summary				In	Importance	Status
	1414753	Chromium browser 39.0.2171.65 does not load policies		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1415555: error while loading shared libraries: libui_base.so

Summary				In	Importance	Status
	1415555	error while loading shared libraries: libui_base.so		chromium-browser (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://googlechromerel...
CONFIRM: https://code.google.co...
CONFIRM: https://codereview.chr...
GENTOO: GLSA-201502-13
REDHAT: RHSA-2015:0093
SUSE: openSUSE-SU-2015:0441
BID: 72288
SECTRACK: 1031623
SECUNIA: 62383
SECUNIA: 62665