Arch Linux Security Advisory ASA-201910-7 ========================================= Severity: High Date : 2019-10-11 CVE-ID : CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1043 Summary ======= The package chromium before version 77.0.3865.120-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. Resolution ========== Upgrade to 77.0.3865.120-1. # pacman -Syu "chromium>=77.0.3865.120-1" The problems have been fixed upstream in version 77.0.3865.120. Workaround ========== None. Description =========== - CVE-2019-13693 (arbitrary code execution) A use-after-free vulnerability has been found in the IndexedDB component of the chromium browser before 77.0.3865.120. - CVE-2019-13694 (arbitrary code execution) A use-after-free vulnerability has been found in the WebRTC component of the chromium browser before 77.0.3865.120. - CVE-2019-13695 (arbitrary code execution) A use-after-free vulnerability has been found in the audio component of the chromium browser before 77.0.3865.120. - CVE-2019-13696 (arbitrary code execution) A use-after-free vulnerability has been found in the V8 component of the chromium browser before 77.0.3865.120. - CVE-2019-13697 (information disclosure) A cross-origin size leak vulnerability has been found in the chromium browser before 77.0.3865.120. Impact ====== A remote attacker can access sensitive information or execute arbitrary code on the affected host. References ========== https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html https://crbug.com/1005753 https://crbug.com/1005251 https://crbug.com/1004730 https://crbug.com/1000635 https://crbug.com/990849 https://security.archlinux.org/CVE-2019-13693 https://security.archlinux.org/CVE-2019-13694 https://security.archlinux.org/CVE-2019-13695 https://security.archlinux.org/CVE-2019-13696 https://security.archlinux.org/CVE-2019-13697