[ASA-201903-8] chromium: multiple issues

Wed Mar 13 18:39:18 UTC 2019

Arch Linux Security Advisory ASA-201903-8
=========================================

Severity: High
Date    : 2019-03-13
CVE-ID  : CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790
          CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794
          CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798
          CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-923

Summary
=======

The package chromium before version 73.0.3683.75-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, content spoofing and information disclosure.

Resolution
==========

Upgrade to 73.0.3683.75-1.

# pacman -Syu "chromium>=73.0.3683.75-1"

The problems have been fixed upstream in version 73.0.3683.75.

Workaround
==========

None.

Description
===========

- CVE-2019-5787 (arbitrary code execution)

A use-after-free issue has been found in the Canvas component of the
chromium browser before 73.0.3683.75.

- CVE-2019-5788 (arbitrary code execution)

A use-after-free issue has been found in the FileAPI component of the
chromium browser before 73.0.3683.75.

- CVE-2019-5789 (arbitrary code execution)

A use-after-free issue has been found in the WebMIDI component of the
chromium browser before 73.0.3683.75.

- CVE-2019-5790 (arbitrary code execution)

A heap-based buffer overflow has been found in the V8 component of the
chromium browser before 73.0.3683.75.

- CVE-2019-5791 (arbitrary code execution)

A type confusion issue has been found in the V8 component of the
chromium browser before 73.0.3683.75.

- CVE-2019-5792 (arbitrary code execution)

An integer overflow issue has been found in the PDFium component of the
chromium browser before 73.0.3683.75.

- CVE-2019-5793 (access restriction bypass)

An excessive permissions for private API issue has been found in the
Extensions component of the chromium browser before 73.0.3683.75.

- CVE-2019-5794 (content spoofing)

A UI spoofing issue has been found in the chromium browser before
73.0.3683.75.

- CVE-2019-5795 (arbitrary code execution)

An integer overflow issue has been found in the PDFium component of the
chromium browser before 73.0.3683.75.

- CVE-2019-5796 (arbitrary code execution)

A race condition has been found in the Extensions component of the
chromium browser before 73.0.3683.75.

- CVE-2019-5797 (arbitrary code execution)

A race condition has been found in the DOMStorage component of the
chromium browser before 73.0.3683.75.

- CVE-2019-5798 (information disclosure)

An out-of-bounds read has been found in the Skia component of the
chromium browser before 73.0.3683.75.

- CVE-2019-5799 (access restriction bypass)

A CSP bypass issue with blob URLs has been found in the chromium
browser before 73.0.3683.75.

- CVE-2019-5800 (access restriction bypass)

A CSP bypass issue with blob URLs has been found in the chromium
browser before 73.0.3683.75.

- CVE-2019-5802 (content spoofing)

A UI spoofing issue has been found in the chromium browser before
73.0.3683.75.

- CVE-2019-5803 (access restriction bypass)

A CSP bypass issue with Javascript URLs has been found in the chromium
browser before 73.0.3683.75.

Impact
======

A remote attacker can access sensitive information, bypass security
restrictions and execute arbitrary code via crafted web content.

References
==========

https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
https://bugs.chromium.org/p/chromium/issues/detail?id=913964
https://bugs.chromium.org/p/chromium/issues/detail?id=925864
https://bugs.chromium.org/p/chromium/issues/detail?id=921581
https://bugs.chromium.org/p/chromium/issues/detail?id=914736
https://bugs.chromium.org/p/chromium/issues/detail?id=926651
https://bugs.chromium.org/p/chromium/issues/detail?id=914983
https://bugs.chromium.org/p/chromium/issues/detail?id=937487
https://bugs.chromium.org/p/chromium/issues/detail?id=935175
https://bugs.chromium.org/p/chromium/issues/detail?id=919643
https://bugs.chromium.org/p/chromium/issues/detail?id=918861
https://bugs.chromium.org/p/chromium/issues/detail?id=916523
https://bugs.chromium.org/p/chromium/issues/detail?id=883596
https://bugs.chromium.org/p/chromium/issues/detail?id=905301
https://bugs.chromium.org/p/chromium/issues/detail?id=894228
https://bugs.chromium.org/p/chromium/issues/detail?id=632514
https://bugs.chromium.org/p/chromium/issues/detail?id=909865
https://security.archlinux.org/CVE-2019-5787
https://security.archlinux.org/CVE-2019-5788
https://security.archlinux.org/CVE-2019-5789
https://security.archlinux.org/CVE-2019-5790
https://security.archlinux.org/CVE-2019-5791
https://security.archlinux.org/CVE-2019-5792
https://security.archlinux.org/CVE-2019-5793
https://security.archlinux.org/CVE-2019-5794
https://security.archlinux.org/CVE-2019-5795
https://security.archlinux.org/CVE-2019-5796
https://security.archlinux.org/CVE-2019-5797
https://security.archlinux.org/CVE-2019-5798
https://security.archlinux.org/CVE-2019-5799
https://security.archlinux.org/CVE-2019-5800
https://security.archlinux.org/CVE-2019-5802
https://security.archlinux.org/CVE-2019-5803

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20190313/30341eeb/attachment.sig>