Chrome version 38.0.2125.101 fixes two flaws in the embedded PDF viewer PDFium: CVE-2014-3189 The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors. https://crbug.com/398384 https://codereview.chromium.org/519873002/ CVE-2014-3198 The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. https://crbug.com/415307 https://codereview.chromium.org/560133004 External References: http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html
This issue has been addressed in the following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1626 https://rhn.redhat.com/errata/RHSA-2014-1626.html