CVE-2014-7906

Publication date 19 November 2014

Last updated 24 July 2024

Ubuntu priority

Description

Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
chromium-browser	22.10 kinetic	Not affected
	22.04 LTS jammy	Not affected
	21.10 impish	Not affected
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Ignored end of standard support
	14.04 LTS trusty	Not in release

How can I get the fixes?
What do statuses mean?

Notes

alexmurray

The Debian chromium source package is called chromium-browser in Ubuntu

mdeslaur

starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap

References

MITRE
NVD
Launchpad
Debian

Other references

https://code.google.com/p/chromium/issues/detail?id=423030 (private)
https://www.cve.org/CVERecord?id=CVE-2014-7906