9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.149 Low
EPSS
Percentile
95.7%
Severity: Critical
Date : 2019-02-11
CVE-ID : CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757
CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5761
CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765
CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769
CVE-2019-5770 CVE-2019-5771 CVE-2019-5772 CVE-2019-5773
CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777
CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781
CVE-2019-5782 CVE-2019-5783
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-861
The package chromium before version 72.0.3626.81-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, content spoofing and insufficient validation.
Upgrade to 72.0.3626.81-1.
The problems have been fixed upstream in version 72.0.3626.81.
None.
A security issue has been found in the QUIC implementation of the
chromium browser before 72.0.3626.81.
A security issue has been found in the V8 implementation of the
chromium browser before 72.0.3626.81.
A use after free issue has been found in the PDFium component of the
chromium browser before 72.0.3626.81.
A type confusion issue has been found in the SVG implementation in the
chromium browser before 72.0.3626.81.
A use after free issue has been found in the blink component of the
chromium browser before 72.0.3626.81.
A use after free issue has been found in the HTML select elements
component of the chromium browser before 72.0.3626.81.
A use after free issue has been found in the WebRTC implementation in
the chromium browser before 72.0.3626.81.
A use after free issue has been found in the SwiftShader component of
the chromium browser before 72.0.3626.81.
A use after free issue has been found in the PDFium component of the
chromium browser before 72.0.3626.81.
A security issue has been found in the V8 implementation of the
chromium browser before 72.0.3626.81.
A use-after-free vulnerability has been found in the WebRTC component
of the chromium browser before 72.0.3626.81.
An insufficient policy enforcement issue has been found in the chromium
browser before 72.0.3626.81.
An insufficient policy enforcement issue has been found in the Canvas
component of the chromium browser before 72.0.3626.81.
An incorrect security UI issue has been found in the WebAPKs component
of the chromium browser before 72.0.3626.81.
An insufficient policy enforcement issue has been found in the DevTools
component of the chromium browser before 72.0.3626.81.
An insufficient validation of untrusted input issue has been found in
the Blink component of the chromium browser before 72.0.3626.81.
A heap-based buffer overflow vulnerability has been found in the WebGL
component of the chromium browser before 72.0.3626.81.
A heap-based buffer overflow vulnerability has been found in the
SwiftShader component of the chromium browser before 72.0.3626.81.
A use-after-free vulnerability has been found in the PDFium component
of the chromium browser before 72.0.3626.81.
An insufficient data validation issue has been found in the IndexedDB
component of the chromium browser before 72.0.3626.81.
An insufficient validation of untrusted input issue has been found in
the SafeBrowsing component of the chromium browser before 72.0.3626.81.
An insufficient policy enforcement issue has been found in the OmniBox
component of the chromium browser before 72.0.3626.81, allowing IDN URL
spoofing.
An insufficient policy enforcement issue has been found in the OmniBox
component of the chromium browser before 72.0.3626.81, allowing IDN URL
spoofing.
An insufficient policy enforcement issue has been found in the OmniBox
component of the chromium browser before 72.0.3626.81, allowing IDN URL
spoofing.
An insufficient policy enforcement issue has been found in the
Extensions component of the chromium browser before 72.0.3626.81.
An insufficient policy enforcement issue has been found in the
ServiceWorker component of the chromium browser before 72.0.3626.81.
A security issue has been found in the chromium browser before
72.0.3626.81 leading to Insufficient policy enforcement.
A security issue has been found in the Omnibox implementation of the
chromium browser before 72.0.3626.81.
A security issue has been found in the V8 implementation of the
chromium browser before 72.0.3626.81.
An insufficient validation of untrusted input issue has been found in
the DevTools component of the chromium browser before 72.0.3626.81.
A remote attacker can spoof the URL in the address bar, bypass security
policies or execute arbitrary code.
https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
https://bugs.chromium.org/p/chromium/issues/detail?id=914497
https://bugs.chromium.org/p/chromium/issues/detail?id=913296
https://bugs.chromium.org/p/chromium/issues/detail?id=895152
https://bugs.chromium.org/p/chromium/issues/detail?id=915469
https://bugs.chromium.org/p/chromium/issues/detail?id=913970
https://bugs.chromium.org/p/chromium/issues/detail?id=912211
https://bugs.chromium.org/p/chromium/issues/detail?id=912074
https://bugs.chromium.org/p/chromium/issues/detail?id=904714
https://bugs.chromium.org/p/chromium/issues/detail?id=900552
https://bugs.chromium.org/p/chromium/issues/detail?id=914731
https://bugs.chromium.org/p/chromium/issues/detail?id=913246
https://bugs.chromium.org/p/chromium/issues/detail?id=922627
https://bugs.chromium.org/p/chromium/issues/detail?id=907047
https://bugs.chromium.org/p/chromium/issues/detail?id=902427
https://bugs.chromium.org/p/chromium/issues/detail?id=805557
https://bugs.chromium.org/p/chromium/issues/detail?id=913975
https://bugs.chromium.org/p/chromium/issues/detail?id=908749
https://bugs.chromium.org/p/chromium/issues/detail?id=904265
https://bugs.chromium.org/p/chromium/issues/detail?id=908292
https://bugs.chromium.org/p/chromium/issues/detail?id=917668
https://bugs.chromium.org/p/chromium/issues/detail?id=904182
https://bugs.chromium.org/p/chromium/issues/detail?id=896722
https://bugs.chromium.org/p/chromium/issues/detail?id=863663
https://bugs.chromium.org/p/chromium/issues/detail?id=849421
https://bugs.chromium.org/p/chromium/issues/detail?id=918470
https://bugs.chromium.org/p/chromium/issues/detail?id=891697
https://bugs.chromium.org/p/chromium/issues/detail?id=896725
https://bugs.chromium.org/p/chromium/issues/detail?id=906043
https://bugs.chromium.org/p/chromium/issues/detail?id=895081
https://security.archlinux.org/CVE-2019-5754
https://security.archlinux.org/CVE-2019-5755
https://security.archlinux.org/CVE-2019-5756
https://security.archlinux.org/CVE-2019-5757
https://security.archlinux.org/CVE-2019-5758
https://security.archlinux.org/CVE-2019-5759
https://security.archlinux.org/CVE-2019-5760
https://security.archlinux.org/CVE-2019-5761
https://security.archlinux.org/CVE-2019-5762
https://security.archlinux.org/CVE-2019-5763
https://security.archlinux.org/CVE-2019-5764
https://security.archlinux.org/CVE-2019-5765
https://security.archlinux.org/CVE-2019-5766
https://security.archlinux.org/CVE-2019-5767
https://security.archlinux.org/CVE-2019-5768
https://security.archlinux.org/CVE-2019-5769
https://security.archlinux.org/CVE-2019-5770
https://security.archlinux.org/CVE-2019-5771
https://security.archlinux.org/CVE-2019-5772
https://security.archlinux.org/CVE-2019-5773
https://security.archlinux.org/CVE-2019-5774
https://security.archlinux.org/CVE-2019-5775
https://security.archlinux.org/CVE-2019-5776
https://security.archlinux.org/CVE-2019-5777
https://security.archlinux.org/CVE-2019-5778
https://security.archlinux.org/CVE-2019-5779
https://security.archlinux.org/CVE-2019-5780
https://security.archlinux.org/CVE-2019-5781
https://security.archlinux.org/CVE-2019-5782
https://security.archlinux.org/CVE-2019-5783
bugs.chromium.org/p/chromium/issues/detail?id=805557
bugs.chromium.org/p/chromium/issues/detail?id=849421
bugs.chromium.org/p/chromium/issues/detail?id=863663
bugs.chromium.org/p/chromium/issues/detail?id=891697
bugs.chromium.org/p/chromium/issues/detail?id=895081
bugs.chromium.org/p/chromium/issues/detail?id=895152
bugs.chromium.org/p/chromium/issues/detail?id=896722
bugs.chromium.org/p/chromium/issues/detail?id=896725
bugs.chromium.org/p/chromium/issues/detail?id=900552
bugs.chromium.org/p/chromium/issues/detail?id=902427
bugs.chromium.org/p/chromium/issues/detail?id=904182
bugs.chromium.org/p/chromium/issues/detail?id=904265
bugs.chromium.org/p/chromium/issues/detail?id=904714
bugs.chromium.org/p/chromium/issues/detail?id=906043
bugs.chromium.org/p/chromium/issues/detail?id=907047
bugs.chromium.org/p/chromium/issues/detail?id=908292
bugs.chromium.org/p/chromium/issues/detail?id=908749
bugs.chromium.org/p/chromium/issues/detail?id=912074
bugs.chromium.org/p/chromium/issues/detail?id=912211
bugs.chromium.org/p/chromium/issues/detail?id=913246
bugs.chromium.org/p/chromium/issues/detail?id=913296
bugs.chromium.org/p/chromium/issues/detail?id=913970
bugs.chromium.org/p/chromium/issues/detail?id=913975
bugs.chromium.org/p/chromium/issues/detail?id=914497
bugs.chromium.org/p/chromium/issues/detail?id=914731
bugs.chromium.org/p/chromium/issues/detail?id=915469
bugs.chromium.org/p/chromium/issues/detail?id=917668
bugs.chromium.org/p/chromium/issues/detail?id=918470
bugs.chromium.org/p/chromium/issues/detail?id=922627
chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
security.archlinux.org/AVG-861
security.archlinux.org/CVE-2019-5754
security.archlinux.org/CVE-2019-5755
security.archlinux.org/CVE-2019-5756
security.archlinux.org/CVE-2019-5757
security.archlinux.org/CVE-2019-5758
security.archlinux.org/CVE-2019-5759
security.archlinux.org/CVE-2019-5760
security.archlinux.org/CVE-2019-5761
security.archlinux.org/CVE-2019-5762
security.archlinux.org/CVE-2019-5763
security.archlinux.org/CVE-2019-5764
security.archlinux.org/CVE-2019-5765
security.archlinux.org/CVE-2019-5766
security.archlinux.org/CVE-2019-5767
security.archlinux.org/CVE-2019-5768
security.archlinux.org/CVE-2019-5769
security.archlinux.org/CVE-2019-5770
security.archlinux.org/CVE-2019-5771
security.archlinux.org/CVE-2019-5772
security.archlinux.org/CVE-2019-5773
security.archlinux.org/CVE-2019-5774
security.archlinux.org/CVE-2019-5775
security.archlinux.org/CVE-2019-5776
security.archlinux.org/CVE-2019-5777
security.archlinux.org/CVE-2019-5778
security.archlinux.org/CVE-2019-5779
security.archlinux.org/CVE-2019-5780
security.archlinux.org/CVE-2019-5781
security.archlinux.org/CVE-2019-5782
security.archlinux.org/CVE-2019-5783
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.149 Low
EPSS
Percentile
95.7%