AVG-861 log

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 71.0.3578.98-3
Fixed 72.0.3626.81-1
Current 129.0.6668.89-1 [extra]
Ticket None
Created Thu Jan 31 17:59:03 2019
Issue Severity Remote Type Description
CVE-2019-5783 Low Yes Insufficient validation
An insufficient validation of untrusted input issue has been found in the DevTools component of the chromium browser before 72.0.3626.81.
CVE-2019-5782 High Yes Arbitrary code execution
A security issue has been found in the V8 implementation of the chromium browser before 72.0.3626.81.
CVE-2019-5781 Low Yes Content spoofing
A security issue has been found in the Omnibox implementation of the chromium browser before 72.0.3626.81.
CVE-2019-5780 Low Yes Access restriction bypass
A security issue has been found in the chromium browser before 72.0.3626.81 leading to Insufficient policy enforcement.
CVE-2019-5779 Low Yes Access restriction bypass
An insufficient policy enforcement issue has been found in the ServiceWorker component of the chromium browser before 72.0.3626.81.
CVE-2019-5778 Low Yes Access restriction bypass
An insufficient policy enforcement issue has been found in the Extensions component of the chromium browser before 72.0.3626.81.
CVE-2019-5777 Medium Yes Content spoofing
An insufficient policy enforcement issue has been found in the OmniBox component of the chromium browser before 72.0.3626.81, allowing IDN URL spoofing.
CVE-2019-5776 Medium Yes Content spoofing
An insufficient policy enforcement issue has been found in the OmniBox component of the chromium browser before 72.0.3626.81, allowing IDN URL spoofing.
CVE-2019-5775 Medium Yes Content spoofing
An insufficient policy enforcement issue has been found in the OmniBox component of the chromium browser before 72.0.3626.81, allowing IDN URL spoofing.
CVE-2019-5774 Medium Yes Insufficient validation
An insufficient validation of untrusted input issue has been found in the SafeBrowsing component of the chromium browser before 72.0.3626.81.
CVE-2019-5773 Medium Yes Insufficient validation
An insufficient data validation issue has been found in the IndexedDB component of the chromium browser before 72.0.3626.81.
CVE-2019-5772 Medium Yes Arbitrary code execution
A use-after-free vulnerability has been found in the PDFium component of the chromium browser before 72.0.3626.81.
CVE-2019-5771 Medium Yes Arbitrary code execution
A heap-based buffer overflow vulnerability has been found in the SwiftShader component of the chromium browser before 72.0.3626.81.
CVE-2019-5770 Medium Yes Arbitrary code execution
A heap-based buffer overflow vulnerability has been found in the WebGL component of the chromium browser before 72.0.3626.81.
CVE-2019-5769 Medium Yes Insufficient validation
An insufficient validation of untrusted input issue has been found in the Blink component of the chromium browser before 72.0.3626.81.
CVE-2019-5768 Medium Yes Access restriction bypass
An insufficient policy enforcement issue has been found in the DevTools component of the chromium browser before 72.0.3626.81.
CVE-2019-5767 Medium Yes Content spoofing
An incorrect security UI issue has been found in the WebAPKs component of the chromium browser before 72.0.3626.81.
CVE-2019-5766 Medium Yes Access restriction bypass
An insufficient policy enforcement issue has been found in the Canvas component of the chromium browser before 72.0.3626.81.
CVE-2019-5765 High Yes Access restriction bypass
An insufficient policy enforcement issue has been found in the chromium browser before 72.0.3626.81.
CVE-2019-5764 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in the WebRTC component of the chromium browser before 72.0.3626.81.
CVE-2019-5763 High Yes Arbitrary code execution
A security issue has been found in the V8 implementation of the chromium browser before 72.0.3626.81.
CVE-2019-5762 High Yes Arbitrary code execution
A use after free issue has been found in the PDFium component of the chromium browser before 72.0.3626.81.
CVE-2019-5761 High Yes Arbitrary code execution
A use after free issue has been found in the SwiftShader component of the chromium browser before 72.0.3626.81.
CVE-2019-5760 High Yes Arbitrary code execution
A use after free issue has been found in the WebRTC implementation in the chromium browser before 72.0.3626.81.
CVE-2019-5759 High Yes Arbitrary code execution
A use after free issue has been found in the HTML select elements component of the chromium browser before 72.0.3626.81.
CVE-2019-5758 High Yes Arbitrary code execution
A use after free issue has been found in the blink component of the chromium browser before 72.0.3626.81.
CVE-2019-5757 High Yes Arbitrary code execution
A type confusion issue has been found in the SVG implementation in the chromium browser before 72.0.3626.81.
CVE-2019-5756 High Yes Arbitrary code execution
A use after free issue has been found in the PDFium component of the chromium browser before 72.0.3626.81.
CVE-2019-5755 High Yes Arbitrary code execution
A security issue has been found in the V8 implementation of the chromium browser before 72.0.3626.81.
CVE-2019-5754 Critical Yes Arbitrary code execution
A security issue has been found in the QUIC implementation of the chromium browser before 72.0.3626.81.
Date Advisory Package Type
11 Feb 2019 ASA-201902-3 chromium multiple issues
References
https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html