Lucene search

K
debianDebianDEBIAN:DSA-4500-1:C7649
HistoryAug 13, 2019 - 5:17 a.m.

[SECURITY] [DSA 4500-1] chromium security update

2019-08-1305:17:57
lists.debian.org
69
chromium
security update
vulnerabilities
cve
pdfium
angle library
javascript
use-after-free
integer overflow
buffer overflow
resource sharing
out-of-bounds read
uninitialized value
media player
sqlite
credential error
url spoofing

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.6

Confidence

Low

EPSS

0.661

Percentile

98.0%


Debian Security Advisory DSA-4500-1 [email protected]
https://www.debian.org/security/ Michael Gilbert
August 12, 2019 https://www.debian.org/security/faq


Package : chromium
CVE ID : CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808
CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813
CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819
CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823
CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827
CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831
CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5836
CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840
CVE-2019-5842 CVE-2019-5847 CVE-2019-5848 CVE-2019-5849
CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853
CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857
CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861
CVE-2019-5862 CVE-2019-5864 CVE-2019-5865 CVE-2019-5867
CVE-2019-5868

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2019-5805

A use-after-free issue was discovered in the pdfium library.

CVE-2019-5806

Wen Xu discovered an integer overflow issue in the Angle library.

CVE-2019-5807

TimGMichaud discovered a memory corruption issue in the v8 javascript
library.

CVE-2019-5808

cloudfuzzer discovered a use-after-free issue in Blink/Webkit.

CVE-2019-5809

Mark Brand discovered a use-after-free issue in Blink/Webkit.

CVE-2019-5810

Mark Amery discovered an information disclosure issue.

CVE-2019-5811

Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing
feature.

CVE-2019-5813

Aleksandar Nikolic discovered an out-of-bounds read issue in the v8
javascript library.

CVE-2019-5814

@AaylaSecura1138 discovered a way to bypass the Cross-Origin Resource
Sharing feature.

CVE-2019-5815

Nicolas Grégoire discovered a buffer overflow issue in Blink/Webkit.

CVE-2019-5818

Adrian Tolbaru discovered an uninitialized value issue.

CVE-2019-5819

Svyat Mitin discovered an error in the developer tools.

CVE-2019-5820

pdknsk discovered an integer overflow issue in the pdfium library.

CVE-2019-5821

pdknsk discovered another integer overflow issue in the pdfium library.

CVE-2019-5822

Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing
feature.

CVE-2019-5823

David Erceg discovered a navigation error.

CVE-2019-5824

leecraso and Guang Gong discovered an error in the media player.

CVE-2019-5825

Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered an
out-of-bounds write issue in the v8 javascript library.

CVE-2019-5826

Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered a
use-after-free issue.

CVE-2019-5827

mlfbrown discovered an out-of-bounds read issue in the sqlite library.

CVE-2019-5828

leecraso and Guang Gong discovered a use-after-free issue.

CVE-2019-5829

Lucas Pinheiro discovered a use-after-free issue.

CVE-2019-5830

Andrew Krashichkov discovered a credential error in the Cross-Origin
Resource Sharing feature.

CVE-2019-5831

yngwei discovered a map error in the v8 javascript library.

CVE-2019-5832

Sergey Shekyan discovered an error in the Cross-Origin Resource Sharing
feature.

CVE-2019-5833

Khalil Zhani discovered a user interface error.

CVE-2019-5834

Khalil Zhani discovered a URL spoofing issue.

CVE-2019-5836

Omair discovered a buffer overflow issue in the Angle library.

CVE-2019-5837

Adam Iawniuk discovered an information disclosure issue.

CVE-2019-5838

David Erceg discovered an error in extension permissions.

CVE-2019-5839

Masato Kinugawa discovered implementation errors in Blink/Webkit.

CVE-2019-5840

Eliya Stein and Jerome Dangu discovered a way to bypass the popup blocker.

CVE-2019-5842

BUGFENSE discovered a use-after-free issue in Blink/Webkit.

CVE-2019-5847

m3plex discovered an error in the v8 javascript library.

CVE-2019-5848

Mark Amery discovered an information disclosure issue.

CVE-2019-5849

Zhen Zhou discovered an out-of-bounds read in the Skia library.

CVE-2019-5850

Brendon Tiszka discovered a use-after-free issue in the offline page
fetcher.

CVE-2019-5851

Zhe Jin discovered a use-after-poison issue.

CVE-2019-5852

David Erceg discovered an information disclosure issue.

CVE-2019-5853

Yngwei and sakura discovered a memory corruption issue.

CVE-2019-5854

Zhen Zhou discovered an integer overflow issue in the pdfium library.

CVE-2019-5855

Zhen Zhou discovered an integer overflow issue in the pdfium library.

CVE-2019-5856

Yongke Wang discovered an error related to file system URL permissions.

CVE-2019-5857

cloudfuzzer discovered a way to crash chromium.

CVE-2019-5858

evil1m0 discovered an information disclosure issue.

CVE-2019-5859

James Lee discovered a way to launch alternative browsers.

CVE-2019-5860

A use-after-free issue was discovered in the v8 javascript library.

CVE-2019-5861

Robin Linus discovered an error determining click location.

CVE-2019-5862

Jun Kokatsu discovered an error in the AppCache implementation.

CVE-2019-5864

Devin Grindle discovered an error in the Cross-Origin Resourse Sharing
feature for extensions.

CVE-2019-5865

Ivan Fratric discovered a way to bypass the site isolation feature.

CVE-2019-5867

Lucas Pinheiro discovered an out-of-bounds read issue in the v8 javascript
library.

CVE-2019-5868

banananapenguin discovered a use-after-free issue in the v8 javascript
library.

For the stable distribution (buster), these problems have been fixed in
version 76.0.3809.100-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.6

Confidence

Low

EPSS

0.661

Percentile

98.0%