ASA-201903-8 log original external raw
[ASA-201903-8] chromium: multiple issues |
---|
Arch Linux Security Advisory ASA-201903-8
=========================================
Severity: High
Date : 2019-03-13
CVE-ID : CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790
CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794
CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798
CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-923
Summary
=======
The package chromium before version 73.0.3683.75-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, content spoofing and information disclosure.
Resolution
==========
Upgrade to 73.0.3683.75-1.
# pacman -Syu "chromium>=73.0.3683.75-1"
The problems have been fixed upstream in version 73.0.3683.75.
Workaround
==========
None.
Description
===========
- CVE-2019-5787 (arbitrary code execution)
A use-after-free issue has been found in the Canvas component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5788 (arbitrary code execution)
A use-after-free issue has been found in the FileAPI component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5789 (arbitrary code execution)
A use-after-free issue has been found in the WebMIDI component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5790 (arbitrary code execution)
A heap-based buffer overflow has been found in the V8 component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5791 (arbitrary code execution)
A type confusion issue has been found in the V8 component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5792 (arbitrary code execution)
An integer overflow issue has been found in the PDFium component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5793 (access restriction bypass)
An excessive permissions for private API issue has been found in the
Extensions component of the chromium browser before 73.0.3683.75.
- CVE-2019-5794 (content spoofing)
A UI spoofing issue has been found in the chromium browser before
73.0.3683.75.
- CVE-2019-5795 (arbitrary code execution)
An integer overflow issue has been found in the PDFium component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5796 (arbitrary code execution)
A race condition has been found in the Extensions component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5797 (arbitrary code execution)
A race condition has been found in the DOMStorage component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5798 (information disclosure)
An out-of-bounds read has been found in the Skia component of the
chromium browser before 73.0.3683.75 and Thunderbird before 60.7.0.
- CVE-2019-5799 (access restriction bypass)
A CSP bypass issue with blob URLs has been found in the chromium
browser before 73.0.3683.75.
- CVE-2019-5800 (access restriction bypass)
A CSP bypass issue with blob URLs has been found in the chromium
browser before 73.0.3683.75.
- CVE-2019-5802 (content spoofing)
A UI spoofing issue has been found in the chromium browser before
73.0.3683.75.
- CVE-2019-5803 (access restriction bypass)
A CSP bypass issue with Javascript URLs has been found in the chromium
browser before 73.0.3683.75.
Impact
======
A remote attacker can access sensitive information, bypass security
restrictions and execute arbitrary code via crafted web content.
References
==========
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
https://bugs.chromium.org/p/chromium/issues/detail?id=913964
https://bugs.chromium.org/p/chromium/issues/detail?id=925864
https://bugs.chromium.org/p/chromium/issues/detail?id=921581
https://bugs.chromium.org/p/chromium/issues/detail?id=914736
https://bugs.chromium.org/p/chromium/issues/detail?id=926651
https://bugs.chromium.org/p/chromium/issues/detail?id=914983
https://bugs.chromium.org/p/chromium/issues/detail?id=937487
https://bugs.chromium.org/p/chromium/issues/detail?id=935175
https://bugs.chromium.org/p/chromium/issues/detail?id=919643
https://bugs.chromium.org/p/chromium/issues/detail?id=918861
https://bugs.chromium.org/p/chromium/issues/detail?id=916523
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-5798
https://bugs.chromium.org/p/chromium/issues/detail?id=883596
https://bugs.chromium.org/p/chromium/issues/detail?id=905301
https://bugs.chromium.org/p/chromium/issues/detail?id=894228
https://bugs.chromium.org/p/chromium/issues/detail?id=632514
https://bugs.chromium.org/p/chromium/issues/detail?id=909865
https://security.archlinux.org/CVE-2019-5787
https://security.archlinux.org/CVE-2019-5788
https://security.archlinux.org/CVE-2019-5789
https://security.archlinux.org/CVE-2019-5790
https://security.archlinux.org/CVE-2019-5791
https://security.archlinux.org/CVE-2019-5792
https://security.archlinux.org/CVE-2019-5793
https://security.archlinux.org/CVE-2019-5794
https://security.archlinux.org/CVE-2019-5795
https://security.archlinux.org/CVE-2019-5796
https://security.archlinux.org/CVE-2019-5797
https://security.archlinux.org/CVE-2019-5798
https://security.archlinux.org/CVE-2019-5799
https://security.archlinux.org/CVE-2019-5800
https://security.archlinux.org/CVE-2019-5802
https://security.archlinux.org/CVE-2019-5803
|