Bug 1091834 (CVE-2014-1730)

Summary: CVE-2014-1730 v8: type confusion issue fixed in Google Chrome 34.0.1847.131
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, bdunne, bgollahe, bkearney, bleanhar, cbillett, ccoleman, chrisw, cpelland, dajohnso, dallan, dclarizi, dmcphers, drieden, gkotton, gmccullo, jdetiber, jfrey, jialiu, jkeck, jokerman, jomara, jorton, jprause, jrafanie, katello-bugs, kseifried, lhh, lmeyer, markmc, mfeifer, mmaslano, mmccomas, mmccune, obarenbo, rbryant, rhos-maint, sclewis, tcallawa, tchollingsworth, thrcka, tjay, tkramer, tomckay, tomspur, vdanen, xlecauch, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-16 20:09:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1091840    

Description Murray McAllister 2014-04-28 07:25:29 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1730 to
the following vulnerability:

Name: CVE-2014-1730
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1730
Assigned: 20140129
Reference: http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
Reference: https://code.google.com/p/chromium/issues/detail?id=354967
Reference: https://code.google.com/p/v8/source/detail?r=20375
Reference: https://code.google.com/p/v8/source/detail?r=20377
Reference: https://code.google.com/p/v8/source/detail?r=20388
Reference: https://code.google.com/p/v8/source/detail?r=20593
Reference: https://code.google.com/p/v8/source/detail?r=20595

Google V8, as used in Google Chrome before 34.0.1847.131 on Windows
and OS X and before 34.0.1847.132 on Linux, does not properly store
internationalization metadata, which allows remote attackers to bypass
intended access restrictions by leveraging "type confusion" and
reading property values, related to i18n.js and runtime.cc.

It appears as though the Fedora packages may not be affected.
Comment 1 Tomas Hoger 2014-06-16 20:09:36 UTC 
Not applicable to v8 3.14.