Feeds

Actualités informatiques

DSA-4421 chromium

Debian Security Advisory

DSA-4421-1 chromium -- security update

Date Reported:
31 Mar 2019
Affected Packages:
chromium
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2019-5787, CVE-2019-5788, CVE-2019-5789, CVE-2019-5790, CVE-2019-5791, CVE-2019-5792, CVE-2019-5793, CVE-2019-5794, CVE-2019-5795, CVE-2019-5796, CVE-2019-5797, CVE-2019-5798, CVE-2019-5799, CVE-2019-5800, CVE-2019-5802, CVE-2019-5803.
More information:

Several vulnerabilities have been discovered in the chromium web browser.

  • CVE-2019-5787

    Zhe Jin discovered a use-after-free issue.

  • CVE-2019-5788

    Mark Brand discovered a use-after-free issue in the FileAPI implementation.

  • CVE-2019-5789

    Mark Brand discovered a use-after-free issue in the WebMIDI implementation.

  • CVE-2019-5790

    Dimitri Fourny discovered a buffer overflow issue in the v8 javascript library.

  • CVE-2019-5791

    Choongwoo Han discovered a type confusion issue in the v8 javascript library.

  • CVE-2019-5792

    pdknsk discovered an integer overflow issue in the pdfium library.

  • CVE-2019-5793

    Jun Kokatsu discovered a permissions issue in the Extensions implementation.

  • CVE-2019-5794

    Juno Im of Theori discovered a user interface spoofing issue.

  • CVE-2019-5795

    pdknsk discovered an integer overflow issue in the pdfium library.

  • CVE-2019-5796

    Mark Brand discovered a race condition in the Extensions implementation.

  • CVE-2019-5797

    Mark Brand discovered a race condition in the DOMStorage implementation.

  • CVE-2019-5798

    Tran Tien Hung discovered an out-of-bounds read issue in the skia library.

  • CVE-2019-5799

    sohalt discovered a way to bypass the Content Security Policy.

  • CVE-2019-5800

    Jun Kokatsu discovered a way to bypass the Content Security Policy.

  • CVE-2019-5802

    Ronni Skansing discovered a user interface spoofing issue.

  • CVE-2019-5803

    Andrew Comminos discovered a way to bypass the Content Security Policy.

For the stable distribution (stretch), these problems have been fixed in version 73.0.3683.75-1~deb9u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium