ArchLinux: 201903-1 High: Chromium Arbitrary Code Execution Advisory
Mar 03, 2019
•
LinuxSecurity Advisories
1 min read
The package chromium before version 72.0.3626.121-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201903-1 ======================================== Severity: High Date : 2019-03-02 CVE-ID : CVE-2019-5786 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-916 Summary ====== The package chromium before version 72.0.3626.121-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 72.0.3626.121-1. # pacman -Syu "chromium>=72.0.3626.121-1" The problem has been fixed upstream in version 72.0.3626.121. Workaround ========= None. Description ========== A use-after-free issue has been found in the FileReader component of the chromium browser before 72.0.3626.121. Impact ===== A remote attacker can execute arbitrary code via a crafted file. References ========= https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail?id=936448 https://security.archlinux.org/CVE-2019-5786
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!