AVG-923

Package chromium
Status Fixed
Severity High
Type multiple issues
Affected 72.0.3626.121-1
Fixed 73.0.3683.75-1
Current 75.0.3770.100-1 [extra]
Ticket None
Created Wed Mar 13 13:05:45 2019
Issue Severity Remote Type Description
CVE-2019-5803 Low Yes Access restriction bypass
A CSP bypass issue with Javascript URLs has been found in the chromium browser before 73.0.3683.75.
CVE-2019-5802 Medium Yes Content spoofing
A UI spoofing issue has been found in the chromium browser before 73.0.3683.75.
CVE-2019-5800 Medium Yes Access restriction bypass
A CSP bypass issue with blob URLs has been found in the chromium browser before 73.0.3683.75.
CVE-2019-5799 Medium Yes Access restriction bypass
A CSP bypass issue with blob URLs has been found in the chromium browser before 73.0.3683.75.
CVE-2019-5798 Medium Yes Information disclosure
An out-of-bounds read has been found in the Skia component of the chromium browser before 73.0.3683.75 and Thunderbird before 60.7.0.
CVE-2019-5797 Medium Yes Arbitrary code execution
A race condition has been found in the DOMStorage component of the chromium browser before 73.0.3683.75.
CVE-2019-5796 Medium Yes Arbitrary code execution
A race condition has been found in the Extensions component of the chromium browser before 73.0.3683.75.
CVE-2019-5795 Medium Yes Arbitrary code execution
An integer overflow issue has been found in the PDFium component of the chromium browser before 73.0.3683.75.
CVE-2019-5794 Medium Yes Content spoofing
A UI spoofing issue has been found in the chromium browser before 73.0.3683.75.
CVE-2019-5793 Medium Yes Access restriction bypass
An excessive permissions for private API issue has been found in the Extensions component of the chromium browser before 73.0.3683.75.
CVE-2019-5792 High Yes Arbitrary code execution
An integer overflow issue has been found in the PDFium component of the chromium browser before 73.0.3683.75.
CVE-2019-5791 High Yes Arbitrary code execution
A type confusion issue has been found in the V8 component of the chromium browser before 73.0.3683.75.
CVE-2019-5790 High Yes Arbitrary code execution
A heap-based buffer overflow has been found in the V8 component of the chromium browser before 73.0.3683.75.
CVE-2019-5789 High Yes Arbitrary code execution
A use-after-free issue has been found in the WebMIDI component of the chromium browser before 73.0.3683.75.
CVE-2019-5788 High Yes Arbitrary code execution
A use-after-free issue has been found in the FileAPI component of the chromium browser before 73.0.3683.75.
CVE-2019-5787 High Yes Arbitrary code execution
A use-after-free issue has been found in the Canvas component of the chromium browser before 73.0.3683.75.
Date Advisory Package Description
13 Mar 2019 ASA-201903-8 chromium multiple issues
References
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html