ArchLinux: 201908-6: chromium: arbitrary code execution

    Date12 Aug 2019
    CategoryArchLinux
    392
    Posted ByLinuxSecurity Advisories
    The package chromium before version 76.0.3809.100-1 is vulnerable to arbitrary code execution.
    Arch Linux Security Advisory ASA-201908-6
    =========================================
    
    Severity: High
    Date    : 2019-08-10
    CVE-ID  : CVE-2019-5867 CVE-2019-5868
    Package : chromium
    Type    : arbitrary code execution
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1018
    
    Summary
    =======
    
    The package chromium before version 76.0.3809.100-1 is vulnerable to
    arbitrary code execution.
    
    Resolution
    ==========
    
    Upgrade to 76.0.3809.100-1.
    
    # pacman -Syu "chromium>=76.0.3809.100-1"
    
    The problems have been fixed upstream in version 76.0.3809.100.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-5867 (arbitrary code execution)
    
    An out-of-bounds read has been found in the V8 component of the
    chromium browser before 76.0.3809.100.
    
    - CVE-2019-5868 (arbitrary code execution)
    
    A use-after-free issue has been found in PDFium's ExecuteFieldAction,
    in the chromium browser before 76.0.3809.100.
    
    Impact
    ======
    
    A remote attacker can execute arbitrary code on the affected host.
    
    References
    ==========
    
    https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop.html
    https://crbug.com/984344
    https://crbug.com/983867
    https://security.archlinux.org/CVE-2019-5867
    https://security.archlinux.org/CVE-2019-5868
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.