V8 is Google’s open source JavaScript engine. It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an application using V8. (CVE-2014-5256) Multiple flaws were discovered in V8. Untrusted JavaScript code executed by V8 could use either of these flaws to crash V8 or, possibly, execute arbitrary code with the privileges of the user running V8. (CVE-2013-6639, CVE-2013-6640, CVE-2013-6650, CVE-2013-6668, CVE-2014-1704) All v8314-v8 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using V8 must be restarted for this update to take effect.
googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html
lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html
security.gentoo.org/glsa/glsa-201408-16.xml
www.debian.org/security/2014/dsa-2883
www.securitytracker.com/id/1029914
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1149781
code.google.com/p/chromium/issues/detail?id=328202
code.google.com/p/chromium/issues/detail?id=345715
code.google.com/p/chromium/issues/detail?id=349079
code.google.com/p/v8/source/detail?r=18564
code.google.com/p/v8/source/detail?r=19614
code.google.com/p/v8/source/detail?r=19668
rhn.redhat.com/errata/RHSA-2014-1744.html