DebianDEBIAN:DSA-4395-1:E48C1[SECURITY] [DSA 4395-1] chromium security update
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.123 Low
EPSS
Percentile
95.3%
Debian Security Advisory DSA-4395-1 [email protected]
https://www.debian.org/security/ Michael Gilbert
February 18, 2019 https://www.debian.org/security/faq
Package : chromium
CVE ID : CVE-2018-17481 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756
CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760
CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765
CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769
CVE-2019-5770 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774
CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778
CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782
CVE-2019-5783 CVE-2019-5784
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2018-17481
A use-after-free issue was discovered in the pdfium library.
CVE-2019-5754
Klzgrad discovered an error in the QUIC networking implementation.
CVE-2019-5755
Jay Bosamiya discovered an implementation error in the v8 javascript
library.
CVE-2019-5756
A use-after-free issue was discovered in the pdfium library.
CVE-2019-5757
Alexandru Pitis discovered a type confusion error in the SVG image
format implementation.
CVE-2019-5758
Zhe Jin discovered a use-after-free issue in blink/webkit.
CVE-2019-5759
Almog Benin discovered a use-after-free issue when handling HTML pages
containing select elements.
CVE-2019-5760
Zhe Jin discovered a use-after-free issue in the WebRTC implementation.
CVE-2019-5762
A use-after-free issue was discovered in the pdfium library.
CVE-2019-5763
Guang Gon discovered an input validation error in the v8 javascript
library.
CVE-2019-5764
Eyal Itkin discovered a use-after-free issue in the WebRTC implementation.
CVE-2019-5765
Sergey Toshin discovered a policy enforcement error.
CVE-2019-5766
David Erceg discovered a policy enforcement error.
CVE-2019-5767
Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao reported an error
in the WebAPKs user interface.
CVE-2019-5768
Rob Wu discovered a policy enforcement error in the developer tools.
CVE-2019-5769
Guy Eshel discovered an input validation error in blink/webkit.
CVE-2019-5770
hemidallt discovered a buffer overflow issue in the WebGL implementation.
CVE-2019-5772
Zhen Zhou discovered a use-after-free issue in the pdfium library.
CVE-2019-5773
Yongke Wong discovered an input validation error in the IndexDB
implementation.
CVE-2019-5774
Jnghwan Kang and Juno Im discovered an input validation error in the
SafeBrowsing implementation.
CVE-2019-5775
evil1m0 discovered a policy enforcement error.
CVE-2019-5776
Lnyas Zhang discovered a policy enforcement error.
CVE-2019-5777
Khalil Zhani discovered a policy enforcement error.
CVE-2019-5778
David Erceg discovered a policy enforcement error in the Extensions
implementation.
CVE-2019-5779
David Erceg discovered a policy enforcement error in the ServiceWorker
implementation.
CVE-2019-5780
Andreas Hegenberg discovered a policy enforcement error.
CVE-2019-5781
evil1m0 discovered a policy enforcement error.
CVE-2019-5782
Qixun Zhao discovered an implementation error in the v8 javascript library.
CVE-2019-5783
Shintaro Kobori discovered an input validation error in the developer
tools.
CVE-2019-5784
Lucas Pinheiro discovered an implementation error in the v8 javascript
library.
For the stable distribution (stretch), these problems have been fixed in
version 72.0.3626.96-1~deb9u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | arm64 | chromium | < 72.0.3626.96-1~deb9u1 | chromium_72.0.3626.96-1~deb9u1_arm64.deb |
| Debian | 9 | i386 | chromium-shell-dbgsym | < 72.0.3626.96-1~deb9u1 | chromium-shell-dbgsym_72.0.3626.96-1~deb9u1_i386.deb |
| Debian | 9 | i386 | chromium-shell | < 72.0.3626.96-1~deb9u1 | chromium-shell_72.0.3626.96-1~deb9u1_i386.deb |
| Debian | 9 | i386 | chromium-driver-dbgsym | < 72.0.3626.96-1~deb9u1 | chromium-driver-dbgsym_72.0.3626.96-1~deb9u1_i386.deb |
| Debian | 9 | armhf | chromedriver | < 72.0.3626.96-1~deb9u1 | chromedriver_72.0.3626.96-1~deb9u1_armhf.deb |
| Debian | 9 | armhf | chromium-driver | < 72.0.3626.96-1~deb9u1 | chromium-driver_72.0.3626.96-1~deb9u1_armhf.deb |
| Debian | 9 | all | chromium | < 72.0.3626.96-1~deb9u1 | chromium_72.0.3626.96-1~deb9u1_all.deb |
| Debian | 9 | i386 | chromium-driver | < 72.0.3626.96-1~deb9u1 | chromium-driver_72.0.3626.96-1~deb9u1_i386.deb |
| Debian | 9 | amd64 | chromium | < 72.0.3626.96-1~deb9u1 | chromium_72.0.3626.96-1~deb9u1_amd64.deb |
| Debian | 9 | amd64 | chromedriver | < 72.0.3626.96-1~deb9u1 | chromedriver_72.0.3626.96-1~deb9u1_amd64.deb |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.123 Low
EPSS
Percentile
95.3%