Arch Linux Security Advisory ASA-201910-17 ========================================== Severity: High Date : 2019-10-26 CVE-ID : CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719 CVE-2019-15903 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1053 Summary ======= The package chromium before version 78.0.3904.70-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, access restriction bypass, authentication bypass, denial of service, information disclosure, privilege escalation and cross-site scripting. Resolution ========== Upgrade to 78.0.3904.70-1. # pacman -Syu "chromium>=78.0.3904.70-1" The problems have been fixed upstream in version 78.0.3904.70. Workaround ========== None. Description =========== - CVE-2019-13699 (arbitrary code execution) A use-after-free issue has been found in the media component of chromium before 78.0.3904.70. - CVE-2019-13700 (arbitrary code execution) A buffer overrun issue has been found in the Blink component of chromium before 78.0.3904.70. - CVE-2019-13701 (content spoofing) A URL spoofing issue has been found in chromium before 78.0.3904.70. - CVE-2019-13702 (privilege escalation) A privilege escalation issue has been found in chromium before 78.0.3904.70. - CVE-2019-13703 (content spoofing) A URL bar spoofing issue has been found in chromium before 78.0.3904.70. - CVE-2019-13704 (access restriction bypass) A CSP bypass has been found in chromium before 78.0.3904.70. - CVE-2019-13705 (access restriction bypass) An extension permission bypass has been found in chromium before 78.0.3904.70. - CVE-2019-13706 (information disclosure) An out-of-bounds read has been found in the PDFium component of chromium before 78.0.3904.70. - CVE-2019-13707 (information disclosure) A file storage disclosure issue has been found in chromium before 78.0.3904.70. - CVE-2019-13708 (authentication bypass) A security issue has been found in chromium before 78.0.3904.70 where HTTP authentication could be spoofed. - CVE-2019-13709 (access restriction bypass) A security issue has been found in chromium before 78.0.3904.70 where the file download protection could be bypassed. - CVE-2019-13710 (access restriction bypass) A security issue has been found in chromium before 78.0.3904.70 where the file download protection could be bypassed. - CVE-2019-13711 (information disclosure) A cross-context information leak has been found in chromium before 78.0.3904.70. - CVE-2019-13713 (information disclosure) A cross-origin data leak has been found in chromium before 78.0.3904.70. - CVE-2019-13714 (cross-site scripting) A CSS injection has been found in chromium before 78.0.3904.70. - CVE-2019-13715 (content spoofing) A security issue has been found in chromium before 78.0.3904.70 where the content of the address bar could be spoofed. - CVE-2019-13716 (denial of service) A security issue has been found in chromium before 78.0.3904.70 where a service worker could end up in an invalid state. - CVE-2019-13717 (content spoofing) A security issue has been found in chromium before 78.0.3904.70 where notifications could be obscured. - CVE-2019-13718 (content spoofing) A security issue has been found in chromium before 78.0.3904.70 where IDNs could be spoofed. - CVE-2019-13719 (content spoofing) A security issue has been found in chromium before 78.0.3904.70 where notifications could be obscured. - CVE-2019-15903 (denial of service) A security issue has been found in libexpat before 2.2.8, where crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read Impact ====== A remote attacker can crash chromium, spoof various parts of the user interface, bypass security measures, access sensitive information, elevate privileges or execute arbitrary code. References ========== https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html https://crbug.com/1001503 https://crbug.com/998431 https://crbug.com/998284 https://crbug.com/991125 https://crbug.com/992838 https://crbug.com/1001283 https://crbug.com/989078 https://crbug.com/1001159 https://crbug.com/859349 https://crbug.com/931894 https://crbug.com/1005218 https://crbug.com/756825 https://crbug.com/986063 https://crbug.com/993288 https://crbug.com/982812 https://crbug.com/760855 https://crbug.com/1005948 https://crbug.com/839239 https://crbug.com/866162 https://crbug.com/927150 https://crbug.com/1004341 https://github.com/libexpat/libexpat/issues/317 https://github.com/libexpat/libexpat/pull/318 https://security.archlinux.org/CVE-2019-13699 https://security.archlinux.org/CVE-2019-13700 https://security.archlinux.org/CVE-2019-13701 https://security.archlinux.org/CVE-2019-13702 https://security.archlinux.org/CVE-2019-13703 https://security.archlinux.org/CVE-2019-13704 https://security.archlinux.org/CVE-2019-13705 https://security.archlinux.org/CVE-2019-13706 https://security.archlinux.org/CVE-2019-13707 https://security.archlinux.org/CVE-2019-13708 https://security.archlinux.org/CVE-2019-13709 https://security.archlinux.org/CVE-2019-13710 https://security.archlinux.org/CVE-2019-13711 https://security.archlinux.org/CVE-2019-13713 https://security.archlinux.org/CVE-2019-13714 https://security.archlinux.org/CVE-2019-13715 https://security.archlinux.org/CVE-2019-13716 https://security.archlinux.org/CVE-2019-13717 https://security.archlinux.org/CVE-2019-13718 https://security.archlinux.org/CVE-2019-13719 https://security.archlinux.org/CVE-2019-15903