ArchLinux: 201903-8: chromium: multiple issues
Summary
- CVE-2019-5787 (arbitrary code execution)
A use-after-free issue has been found in the Canvas component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5788 (arbitrary code execution)
A use-after-free issue has been found in the FileAPI component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5789 (arbitrary code execution)
A use-after-free issue has been found in the WebMIDI component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5790 (arbitrary code execution)
A heap-based buffer overflow has been found in the V8 component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5791 (arbitrary code execution)
A type confusion issue has been found in the V8 component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5792 (arbitrary code execution)
An integer overflow issue has been found in the PDFium component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5793 (access restriction bypass)
An excessive permissions for private API issue has been found in the
Extensions component of the chromium browser before 73.0.3683.75.
- CVE-2019-5794 (content spoofing)
A UI spoofing issue has been found in the chromium browser before
73.0.3683.75.
- CVE-2019-5795 (arbitrary code execution)
An integer overflow issue has been found in the PDFium component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5796 (arbitrary code execution)
A race condition has been found in the Extensions component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5797 (arbitrary code execution)
A race condition has been found in the DOMStorage component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5798 (information disclosure)
An out-of-bounds read has been found in the Skia component of the
chromium browser before 73.0.3683.75.
- CVE-2019-5799 (access restriction bypass)
A CSP bypass issue with blob URLs has been found in the chromium
browser before 73.0.3683.75.
- CVE-2019-5800 (access restriction bypass)
A CSP bypass issue with blob URLs has been found in the chromium
browser before 73.0.3683.75.
- CVE-2019-5802 (content spoofing)
A UI spoofing issue has been found in the chromium browser before
73.0.3683.75.
- CVE-2019-5803 (access restriction bypass)
A CSP bypass issue with Javascript URLs has been found in the chromium
browser before 73.0.3683.75.
Resolution
Upgrade to 73.0.3683.75-1.
# pacman -Syu "chromium>=73.0.3683.75-1"
The problems have been fixed upstream in version 73.0.3683.75.
References
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://bugs.chromium.org/p/chromium/issues/detail?id=913964 https://bugs.chromium.org/p/chromium/issues/detail?id=925864 https://bugs.chromium.org/p/chromium/issues/detail?id=921581 https://bugs.chromium.org/p/chromium/issues/detail?id=914736 https://bugs.chromium.org/p/chromium/issues/detail?id=926651 https://bugs.chromium.org/p/chromium/issues/detail?id=914983 https://bugs.chromium.org/p/chromium/issues/detail?id=937487 https://bugs.chromium.org/p/chromium/issues/detail?id=935175 https://bugs.chromium.org/p/chromium/issues/detail?id=919643 https://bugs.chromium.org/p/chromium/issues/detail?id=918861 https://bugs.chromium.org/p/chromium/issues/detail?id=916523 https://bugs.chromium.org/p/chromium/issues/detail?id=883596 https://bugs.chromium.org/p/chromium/issues/detail?id=905301 https://bugs.chromium.org/p/chromium/issues/detail?id=894228 https://bugs.chromium.org/p/chromium/issues/detail?id=632514 https://bugs.chromium.org/p/chromium/issues/detail?id=909865 https://security.archlinux.org/CVE-2019-5787 https://security.archlinux.org/CVE-2019-5788 https://security.archlinux.org/CVE-2019-5789 https://security.archlinux.org/CVE-2019-5790 https://security.archlinux.org/CVE-2019-5791 https://security.archlinux.org/CVE-2019-5792 https://security.archlinux.org/CVE-2019-5793 https://security.archlinux.org/CVE-2019-5794 https://security.archlinux.org/CVE-2019-5795 https://security.archlinux.org/CVE-2019-5796 https://security.archlinux.org/CVE-2019-5797 https://security.archlinux.org/CVE-2019-5798 https://security.archlinux.org/CVE-2019-5799 https://security.archlinux.org/CVE-2019-5800 https://security.archlinux.org/CVE-2019-5802 https://security.archlinux.org/CVE-2019-5803
Workaround
None.