Subject: [ASA-201907-6] chromium: multiple issues Arch Linux Security Advisory ASA-201907-6 ========================================= Severity: High Date : 2019-07-17 CVE-ID : CVE-2019-5847 CVE-2019-5848 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1005 Summary ======= The package chromium before version 75.0.3770.142-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. Resolution ========== Upgrade to 75.0.3770.142-1. # pacman -Syu "chromium>=75.0.3770.142-1" The problems have been fixed upstream in version 75.0.3770.142. Workaround ========== None. Description =========== - CVE-2019-5847 (arbitrary code execution) A security issue has been found in chromium before 75.0.3770.142, where V8 sealed/frozen elements can cause a crash. - CVE-2019-5848 (information disclosure) A security issue has been found in chromium before 75.0.3770.142, where font sizes may expose sensitive information. Impact ====== A remote attacker can access sensitive information and possibly execute arbitrary code. References ========== https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop.html https://crbug.com/972921 https://crbug.com/951487 https://security.archlinux.org/CVE-2019-5847 https://security.archlinux.org/CVE-2019-5848