8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.328 Low
EPSS
Percentile
97.0%
Severity: High
Date : 2019-03-13
CVE-ID : CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790
CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794
CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798
CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-923
The package chromium before version 73.0.3683.75-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, content spoofing and information disclosure.
Upgrade to 73.0.3683.75-1.
The problems have been fixed upstream in version 73.0.3683.75.
None.
A use-after-free issue has been found in the Canvas component of the
chromium browser before 73.0.3683.75.
A use-after-free issue has been found in the FileAPI component of the
chromium browser before 73.0.3683.75.
A use-after-free issue has been found in the WebMIDI component of the
chromium browser before 73.0.3683.75.
A heap-based buffer overflow has been found in the V8 component of the
chromium browser before 73.0.3683.75.
A type confusion issue has been found in the V8 component of the
chromium browser before 73.0.3683.75.
An integer overflow issue has been found in the PDFium component of the
chromium browser before 73.0.3683.75.
An excessive permissions for private API issue has been found in the
Extensions component of the chromium browser before 73.0.3683.75.
A UI spoofing issue has been found in the chromium browser before
73.0.3683.75.
An integer overflow issue has been found in the PDFium component of the
chromium browser before 73.0.3683.75.
A race condition has been found in the Extensions component of the
chromium browser before 73.0.3683.75.
A race condition has been found in the DOMStorage component of the
chromium browser before 73.0.3683.75.
An out-of-bounds read has been found in the Skia component of the
chromium browser before 73.0.3683.75.
A CSP bypass issue with blob URLs has been found in the chromium
browser before 73.0.3683.75.
A CSP bypass issue with blob URLs has been found in the chromium
browser before 73.0.3683.75.
A UI spoofing issue has been found in the chromium browser before
73.0.3683.75.
A CSP bypass issue with Javascript URLs has been found in the chromium
browser before 73.0.3683.75.
A remote attacker can access sensitive information, bypass security
restrictions and execute arbitrary code via crafted web content.
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
https://bugs.chromium.org/p/chromium/issues/detail?id=913964
https://bugs.chromium.org/p/chromium/issues/detail?id=925864
https://bugs.chromium.org/p/chromium/issues/detail?id=921581
https://bugs.chromium.org/p/chromium/issues/detail?id=914736
https://bugs.chromium.org/p/chromium/issues/detail?id=926651
https://bugs.chromium.org/p/chromium/issues/detail?id=914983
https://bugs.chromium.org/p/chromium/issues/detail?id=937487
https://bugs.chromium.org/p/chromium/issues/detail?id=935175
https://bugs.chromium.org/p/chromium/issues/detail?id=919643
https://bugs.chromium.org/p/chromium/issues/detail?id=918861
https://bugs.chromium.org/p/chromium/issues/detail?id=916523
https://bugs.chromium.org/p/chromium/issues/detail?id=883596
https://bugs.chromium.org/p/chromium/issues/detail?id=905301
https://bugs.chromium.org/p/chromium/issues/detail?id=894228
https://bugs.chromium.org/p/chromium/issues/detail?id=632514
https://bugs.chromium.org/p/chromium/issues/detail?id=909865
https://security.archlinux.org/CVE-2019-5787
https://security.archlinux.org/CVE-2019-5788
https://security.archlinux.org/CVE-2019-5789
https://security.archlinux.org/CVE-2019-5790
https://security.archlinux.org/CVE-2019-5791
https://security.archlinux.org/CVE-2019-5792
https://security.archlinux.org/CVE-2019-5793
https://security.archlinux.org/CVE-2019-5794
https://security.archlinux.org/CVE-2019-5795
https://security.archlinux.org/CVE-2019-5796
https://security.archlinux.org/CVE-2019-5797
https://security.archlinux.org/CVE-2019-5798
https://security.archlinux.org/CVE-2019-5799
https://security.archlinux.org/CVE-2019-5800
https://security.archlinux.org/CVE-2019-5802
https://security.archlinux.org/CVE-2019-5803
bugs.chromium.org/p/chromium/issues/detail?id=632514
bugs.chromium.org/p/chromium/issues/detail?id=883596
bugs.chromium.org/p/chromium/issues/detail?id=894228
bugs.chromium.org/p/chromium/issues/detail?id=905301
bugs.chromium.org/p/chromium/issues/detail?id=909865
bugs.chromium.org/p/chromium/issues/detail?id=913964
bugs.chromium.org/p/chromium/issues/detail?id=914736
bugs.chromium.org/p/chromium/issues/detail?id=914983
bugs.chromium.org/p/chromium/issues/detail?id=916523
bugs.chromium.org/p/chromium/issues/detail?id=918861
bugs.chromium.org/p/chromium/issues/detail?id=919643
bugs.chromium.org/p/chromium/issues/detail?id=921581
bugs.chromium.org/p/chromium/issues/detail?id=925864
bugs.chromium.org/p/chromium/issues/detail?id=926651
bugs.chromium.org/p/chromium/issues/detail?id=935175
bugs.chromium.org/p/chromium/issues/detail?id=937487
chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
security.archlinux.org/AVG-923
security.archlinux.org/CVE-2019-5787
security.archlinux.org/CVE-2019-5788
security.archlinux.org/CVE-2019-5789
security.archlinux.org/CVE-2019-5790
security.archlinux.org/CVE-2019-5791
security.archlinux.org/CVE-2019-5792
security.archlinux.org/CVE-2019-5793
security.archlinux.org/CVE-2019-5794
security.archlinux.org/CVE-2019-5795
security.archlinux.org/CVE-2019-5796
security.archlinux.org/CVE-2019-5797
security.archlinux.org/CVE-2019-5798
security.archlinux.org/CVE-2019-5799
security.archlinux.org/CVE-2019-5800
security.archlinux.org/CVE-2019-5802
security.archlinux.org/CVE-2019-5803
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.328 Low
EPSS
Percentile
97.0%