AVG-972 log

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 74.0.3729.169-2
Fixed 75.0.3770.80-1
Current 78.0.3904.108-1 [extra]
Ticket None
Created Thu Jun 6 09:45:49 2019
Issue Severity Remote Type Description
CVE-2019-5840 Low Yes Access restriction bypass
A popup blocker bypass vulnerability has been found in the chromium browser before 75.0.3770.80.
CVE-2019-5839 Low Yes Access restriction bypass
An incorrect handling of certain code points vulnerability has been found in the Blink component of the chromium browser before 75.0.3770.80.
CVE-2019-5838 Low Yes Access restriction bypass
An overly permissive tab access vulnerability has been found in the Extensions component of the chromium browser before 75.0.3770.80.
CVE-2019-5837 Medium Yes Information disclosure
A cross-origin resources size disclosure vulnerability has been found in the Appcache component of the chromium browser before 75.0.3770.80.
CVE-2019-5836 Medium Yes Arbitrary code execution
A heap-based buffer overflow vulnerability has been found in the Angle component of the chromium browser before 75.0.3770.80.
CVE-2019-5835 Medium Yes Information disclosure
An out-of-bounds read vulnerability has been found in the Swiftshader component of the chromium browser before 75.0.3770.80.
CVE-2019-5833 Medium Yes Content spoofing
An inconsistent security UI placement vulnerability has been found in the chromium browser before 75.0.3770.80.
CVE-2019-5832 Medium Yes Access restriction bypass
An incorrect CORS handling vulnerability has been found in the XHR component of the chromium browser before 75.0.3770.80.
CVE-2019-5831 Medium Yes Incorrect calculation
An incorrect map processing vulnerability has been found in the V8 component of the chromium browser before 75.0.3770.80.
CVE-2019-5830 Medium Yes Access restriction bypass
An incorrectly credentialed requests vulnerability has been found in the CORS component of the chromium browser before 75.0.3770.80.
CVE-2019-5829 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in the Download Manager component of the chromium browser before 75.0.3770.80.
CVE-2019-5828 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in the ServiceWorker component of the chromium browser before 75.0.3770.80.
Date Advisory Package Description
07 Jun 2019 ASA-201906-4 chromium multiple issues
References
https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html