[ASA-201908-6] chromium: arbitrary code execution
Arch Linux Security Advisory ASA-201908-6 ========================================= Severity: High Date : 2019-08-10 CVE-ID : CVE-2019-5867 CVE-2019-5868 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1018 Summary ======= The package chromium before version 76.0.3809.100-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 76.0.3809.100-1. # pacman -Syu "chromium>=76.0.3809.100-1" The problems have been fixed upstream in version 76.0.3809.100. Workaround ========== None. Description =========== - CVE-2019-5867 (arbitrary code execution) An out-of-bounds read has been found in the V8 component of the chromium browser before 76.0.3809.100. - CVE-2019-5868 (arbitrary code execution) A use-after-free issue has been found in PDFium's ExecuteFieldAction, in the chromium browser before 76.0.3809.100. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desk... https://crbug.com/984344 https://crbug.com/983867 https://security.archlinux.org/CVE-2019-5867 https://security.archlinux.org/CVE-2019-5868
participants (1)
-
Remi Gacogne