AVG-1053 log

Package chromium
Status Fixed
Severity High
Type multiple issues
Affected 77.0.3865.120-1
Fixed 78.0.3904.70-1
Current 78.0.3904.108-1 [extra]
Ticket None
Created Sat Oct 26 10:52:26 2019
Issue Severity Remote Type Description
CVE-2019-15903 Medium Yes Denial of service
A security issue has been found in libexpat before 2.2.8, where crafted XML input could fool the parser into changing from DTD parsing to document parsing...
CVE-2019-13719 Low Yes Content spoofing
A security issue has been found in chromium before 78.0.3904.70 where notifications could be obscured.
CVE-2019-13718 Low Yes Content spoofing
A security issue has been found in chromium before 78.0.3904.70 where IDNs could be spoofed.
CVE-2019-13717 Low Yes Content spoofing
A security issue has been found in chromium before 78.0.3904.70 where notifications could be obscured.
CVE-2019-13716 Low Yes Denial of service
A security issue has been found in chromium before 78.0.3904.70 where a service worker could end up in an invalid state.
CVE-2019-13715 Low Yes Content spoofing
A security issue has been found in chromium before 78.0.3904.70 where the content of the address bar could be spoofed.
CVE-2019-13714 Low Yes Cross-site scripting
A CSS injection has been found in chromium before 78.0.3904.70.
CVE-2019-13713 Medium Yes Information disclosure
A cross-origin data leak has been found in chromium before 78.0.3904.70.
CVE-2019-13711 Medium Yes Information disclosure
A cross-context information leak has been found in chromium before 78.0.3904.70.
CVE-2019-13710 Medium Yes Access restriction bypass
A security issue has been found in chromium before 78.0.3904.70 where the file download protection could be bypassed.
CVE-2019-13709 Medium Yes Access restriction bypass
A security issue has been found in chromium before 78.0.3904.70 where the file download protection could be bypassed.
CVE-2019-13708 Medium Yes Authentication bypass
A security issue has been found in chromium before 78.0.3904.70 where HTTP authentication could be spoofed.
CVE-2019-13707 Medium Yes Information disclosure
A file storage disclosure issue has been found in chromium before 78.0.3904.70.
CVE-2019-13706 Medium Yes Information disclosure
An out-of-bounds read has been found in the PDFium component of chromium before 78.0.3904.70.
CVE-2019-13705 Medium Yes Access restriction bypass
An extension permission bypass has been found in chromium before 78.0.3904.70.
CVE-2019-13704 Medium Yes Access restriction bypass
A CSP bypass has been found in chromium before 78.0.3904.70.
CVE-2019-13703 Medium Yes Content spoofing
A URL bar spoofing issue has been found in chromium before 78.0.3904.70.
CVE-2019-13702 Medium No Privilege escalation
A privilege escalation issue has been found in chromium before 78.0.3904.70.
CVE-2019-13701 High Yes Content spoofing
A URL spoofing issue has been found in chromium before 78.0.3904.70.
CVE-2019-13700 High Yes Arbitrary code execution
A buffer overrun issue has been found in the Blink component of chromium before 78.0.3904.70.
CVE-2019-13699 High Yes Arbitrary code execution
A use-after-free issue has been found in the media component of chromium before 78.0.3904.70.
Date Advisory Package Description
26 Oct 2019 ASA-201910-17 chromium multiple issues
References
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html