[ASA-201906-11] chromium: arbitrary code execution

Remi Gacogne rgacogne at archlinux.org
Fri Jun 14 15:10:53 UTC 2019


Arch Linux Security Advisory ASA-201906-11
==========================================

Severity: High
Date    : 2019-06-14
CVE-ID  : CVE-2019-5842
Package : chromium
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-981

Summary
=======

The package chromium before version 75.0.3770.90-1 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 75.0.3770.90-1.

# pacman -Syu "chromium>=75.0.3770.90-1"

The problem has been fixed upstream in version 75.0.3770.90.

Workaround
==========

None.

Description
===========

A use-after-free vulnerability has been found in the Blink component of
the chromium browser before 75.0.3770.90.

Impact
======

A remote attacker might be able to execute arbitrary code on the
affected host.

References
==========

https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop_13.html
https://crbug.com/961413
https://security.archlinux.org/CVE-2019-5842

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20190614/8654cc13/attachment.sig>


More information about the arch-security mailing list