AVG-1013

Package chromium
Status Fixed
Severity High
Type multiple issues
Affected 75.0.3770.142-1
Fixed 76.0.3809.87-1
Current 76.0.3809.100-1 [extra]
Ticket None
Created Tue Jul 30 20:27:17 2019
Issue Severity Remote Type Description
CVE-2019-5865 Medium Yes Access restriction bypass
A site isolation bypass from a compromised renderer has been found in Chromium before 76.0.3809.87.
CVE-2019-5864 Low Yes Access restriction bypass
An insufficient port filtering in CORS for extensions issue has been found in Chromium before 76.0.3809.87.
CVE-2019-5862 Low Yes Access restriction bypass
An issue with AppCache not being robust to compromised renderers has been found in Chromium before 76.0.3809.87.
CVE-2019-5861 Low Yes Content spoofing
An issue has been found in Chromium before 76.0.3809.87, where click location was incorrectly checked.
CVE-2019-5860 High Yes Arbitrary code execution
A use-after-free issue has been found in the PDFium component of Chromium before 76.0.3809.87.
CVE-2019-5859 High Yes Access restriction bypass
An issue has been found in Chromium before 76.0.3809.87, where res: URIs can load alternative browsers.
CVE-2019-5858 Low Yes Insufficient validation
An insufficient filtering of Open URL service parameters issue has been found in Chromium before 76.0.3809.87.
CVE-2019-5857 Low Yes Denial of service
An issue has been found in Chromium before 76.0.3809.87 where the comparison of -0 and null yields a crash.
CVE-2019-5856 Medium Yes Access restriction bypass
An insufficient checks on filesystem: URI permissions issue has been found in Chromium before 76.0.3809.87.
CVE-2019-5855 Medium Yes Arbitrary code execution
An integer overflow issue has been found in the text rendering of the PDFium component of Chromium before 76.0.3809.87.
CVE-2019-5854 Low Yes Arbitrary code execution
An integer overflow issue has been found in the text rendering of the PDFium component of Chromium before 76.0.3809.87.
CVE-2019-5853 High Yes Arbitrary code execution
A memory corruption issue has been found in the regexp length checks of Chromium before 76.0.3809.87.
CVE-2019-5852 Low Yes Denial of service
An object leak issue has been found in the utility functions of Chromium before 76.0.3809.87.
CVE-2019-5851 High Yes Arbitrary code execution
A use-after-poison issue has been found in the offline audio context component of Chromium before 76.0.3809.87.
CVE-2019-5850 High Yes Arbitrary code execution
A use-after-free issue has been found in the offline page fetcher component of Chromium before 76.0.3809.87.
Date Advisory Package Description
02 Aug 2019 ASA-201908-1 chromium multiple issues
References
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html