9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
57.0%
Severity: High
Date : 2019-08-02
CVE-ID : CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853
CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857
CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861
CVE-2019-5862 CVE-2019-5864 CVE-2019-5865
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1013
The package chromium before version 76.0.3809.87-1 is vulnerable to
multiple issues including access restriction bypass, arbitrary code
execution, content spoofing, denial of service and insufficient
validation.
Upgrade to 76.0.3809.87-1.
The problems have been fixed upstream in version 76.0.3809.87.
None.
A use-after-free issue has been found in the offline page fetcher
component of Chromium before 76.0.3809.87.
A use-after-poison issue has been found in the offline audio context
component of Chromium before 76.0.3809.87.
An object leak issue has been found in the utility functions of
Chromium before 76.0.3809.87.
A memory corruption issue has been found in the regexp length checks of
Chromium before 76.0.3809.87.
An integer overflow issue has been found in the text rendering of the
PDFium component of Chromium before 76.0.3809.87.
An integer overflow issue has been found in the text rendering of the
PDFium component of Chromium before 76.0.3809.87.
An insufficient checks on filesystem: URI permissions issue has been
found in Chromium before 76.0.3809.87.
An issue has been found in Chromium before 76.0.3809.87 where the
comparison of -0 and null yields a crash.
An insufficient filtering of Open URL service parameters issue has been
found in Chromium before 76.0.3809.87.
An issue has been found in Chromium before 76.0.3809.87, where res:
URIs can load alternative browsers.
A use-after-free issue has been found in the PDFium component of
Chromium before 76.0.3809.87.
An issue has been found in Chromium before 76.0.3809.87, where click
location was incorrectly checked.
An issue with AppCache not being robust to compromised renderers has
been found in Chromium before 76.0.3809.87.
An insufficient port filtering in CORS for extensions issue has been
found in Chromium before 76.0.3809.87.
A site isolation bypass from a compromised renderer has been found in
Chromium before 76.0.3809.87.
A remote attacker can bypass security measures, cause a crash or
execute arbitrary code on the affected host.
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
https://crbug.com/977462
https://crbug.com/977107
https://crbug.com/976713
https://crbug.com/976627
https://crbug.com/966263
https://crbug.com/964872
https://crbug.com/964245
https://crbug.com/961237
https://crbug.com/960209
https://crbug.com/959438
https://crbug.com/956947
https://crbug.com/951525
https://crbug.com/946260
https://crbug.com/936900
https://crbug.com/973103
https://security.archlinux.org/CVE-2019-5850
https://security.archlinux.org/CVE-2019-5851
https://security.archlinux.org/CVE-2019-5852
https://security.archlinux.org/CVE-2019-5853
https://security.archlinux.org/CVE-2019-5854
https://security.archlinux.org/CVE-2019-5855
https://security.archlinux.org/CVE-2019-5856
https://security.archlinux.org/CVE-2019-5857
https://security.archlinux.org/CVE-2019-5858
https://security.archlinux.org/CVE-2019-5859
https://security.archlinux.org/CVE-2019-5860
https://security.archlinux.org/CVE-2019-5861
https://security.archlinux.org/CVE-2019-5862
https://security.archlinux.org/CVE-2019-5864
https://security.archlinux.org/CVE-2019-5865
chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
crbug.com/936900
crbug.com/946260
crbug.com/951525
crbug.com/956947
crbug.com/959438
crbug.com/960209
crbug.com/961237
crbug.com/964245
crbug.com/964872
crbug.com/966263
crbug.com/973103
crbug.com/976627
crbug.com/976713
crbug.com/977107
crbug.com/977462
security.archlinux.org/AVG-1013
security.archlinux.org/CVE-2019-5850
security.archlinux.org/CVE-2019-5851
security.archlinux.org/CVE-2019-5852
security.archlinux.org/CVE-2019-5853
security.archlinux.org/CVE-2019-5854
security.archlinux.org/CVE-2019-5855
security.archlinux.org/CVE-2019-5856
security.archlinux.org/CVE-2019-5857
security.archlinux.org/CVE-2019-5858
security.archlinux.org/CVE-2019-5859
security.archlinux.org/CVE-2019-5860
security.archlinux.org/CVE-2019-5861
security.archlinux.org/CVE-2019-5862
security.archlinux.org/CVE-2019-5864
security.archlinux.org/CVE-2019-5865
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
57.0%