Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1721 to the following vulnerability: Name: CVE-2014-1721 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1721 Assigned: 20140129 Reference: http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html Reference: https://code.google.com/p/chromium/issues/detail?id=350434 Reference: https://code.google.com/p/v8/source/detail?r=19834 Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range. This is possibly impact moderate or low with the way v8 is used in Red Hat products and Fedora. Investigation ongoing.
Created v8 tracking bugs for this issue: Affects: fedora-all [bug 1086118] Affects: epel-6 [bug 1086119]
Most of the patch is applicable to v8 3.14. However, the test case form upstream commit does not reproduce any issue with 3.14. It requires removal of %SetAllocationTimeout which is not supported in that version. It does not seem such change should break the test.
Not reproducible with the other test case from the other bug: https://code.google.com/p/chromium/issues/detail?id=350434#c12 Assuming this is not needed for 3.14.