ArchLinux: 201910-17: chromium: multiple issues

    Date28 Oct 2019
    CategoryArchLinux
    478
    Posted ByLinuxSecurity Advisories
    The package chromium before version 78.0.3904.70-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, access restriction bypass, authentication bypass, denial of service, information disclosure, privilege escalation and cross-site scripting.
    Arch Linux Security Advisory ASA-201910-17
    ==========================================
    
    Severity: High
    Date    : 2019-10-26
    CVE-ID  : CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702
              CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706
              CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710
              CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715
              CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719
              CVE-2019-15903
    Package : chromium
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1053
    
    Summary
    =======
    
    The package chromium before version 78.0.3904.70-1 is vulnerable to
    multiple issues including arbitrary code execution, content spoofing,
    access restriction bypass, authentication bypass, denial of service,
    information disclosure, privilege escalation and cross-site scripting.
    
    Resolution
    ==========
    
    Upgrade to 78.0.3904.70-1.
    
    # pacman -Syu "chromium>=78.0.3904.70-1"
    
    The problems have been fixed upstream in version 78.0.3904.70.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-13699 (arbitrary code execution)
    
    A use-after-free issue has been found in the media component of
    chromium before 78.0.3904.70.
    
    - CVE-2019-13700 (arbitrary code execution)
    
    A buffer overrun issue has been found in the Blink component of
    chromium before 78.0.3904.70.
    
    - CVE-2019-13701 (content spoofing)
    
    A URL spoofing issue has been found in chromium before 78.0.3904.70.
    
    - CVE-2019-13702 (privilege escalation)
    
    A privilege escalation issue has been found in chromium before
    78.0.3904.70.
    
    - CVE-2019-13703 (content spoofing)
    
    A URL bar spoofing issue has been found in chromium before
    78.0.3904.70.
    
    - CVE-2019-13704 (access restriction bypass)
    
    A CSP bypass has been found in chromium before 78.0.3904.70.
    
    - CVE-2019-13705 (access restriction bypass)
    
    An extension permission bypass has been found in chromium before
    78.0.3904.70.
    
    - CVE-2019-13706 (information disclosure)
    
    An out-of-bounds read has been found in the PDFium component of
    chromium before 78.0.3904.70.
    
    - CVE-2019-13707 (information disclosure)
    
    A file storage disclosure issue has been found in chromium before
    78.0.3904.70.
    
    - CVE-2019-13708 (authentication bypass)
    
    A security issue has been found in chromium before 78.0.3904.70 where
    HTTP authentication could be spoofed.
    
    - CVE-2019-13709 (access restriction bypass)
    
    A security issue has been found in chromium before 78.0.3904.70 where
    the file download protection could be bypassed.
    
    - CVE-2019-13710 (access restriction bypass)
    
    A security issue has been found in chromium before 78.0.3904.70 where
    the file download protection could be bypassed.
    
    - CVE-2019-13711 (information disclosure)
    
    A cross-context information leak has been found in chromium before
    78.0.3904.70.
    
    - CVE-2019-13713 (information disclosure)
    
    A cross-origin data leak has been found in chromium before
    78.0.3904.70.
    
    - CVE-2019-13714 (cross-site scripting)
    
    A CSS injection has been found in chromium before 78.0.3904.70.
    
    - CVE-2019-13715 (content spoofing)
    
    A security issue has been found in chromium before 78.0.3904.70 where
    the content of the address bar could be spoofed.
    
    - CVE-2019-13716 (denial of service)
    
    A security issue has been found in chromium before 78.0.3904.70 where a
    service worker could end up in an invalid state.
    
    - CVE-2019-13717 (content spoofing)
    
    A security issue has been found in chromium before 78.0.3904.70 where
    notifications could be obscured.
    
    - CVE-2019-13718 (content spoofing)
    
    A security issue has been found in chromium before 78.0.3904.70 where
    IDNs could be spoofed.
    
    - CVE-2019-13719 (content spoofing)
    
    A security issue has been found in chromium before 78.0.3904.70 where
    notifications could be obscured.
    
    - CVE-2019-15903 (denial of service)
    
    A security issue has been found in libexpat before 2.2.8, where crafted
    XML input could fool the parser into changing from DTD parsing to
    document parsing too early; a consecutive call to
    XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted
    in a heap-based buffer over-read
    
    Impact
    ======
    
    A remote attacker can crash chromium, spoof various parts of the user
    interface, bypass security measures, access sensitive information,
    elevate privileges or execute arbitrary code.
    
    References
    ==========
    
    https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
    https://crbug.com/1001503
    https://crbug.com/998431
    https://crbug.com/998284
    https://crbug.com/991125
    https://crbug.com/992838
    https://crbug.com/1001283
    https://crbug.com/989078
    https://crbug.com/1001159
    https://crbug.com/859349
    https://crbug.com/931894
    https://crbug.com/1005218
    https://crbug.com/756825
    https://crbug.com/986063
    https://crbug.com/993288
    https://crbug.com/982812
    https://crbug.com/760855
    https://crbug.com/1005948
    https://crbug.com/839239
    https://crbug.com/866162
    https://crbug.com/927150
    https://crbug.com/1004341
    https://github.com/libexpat/libexpat/issues/317
    https://github.com/libexpat/libexpat/pull/318
    https://security.archlinux.org/CVE-2019-13699
    https://security.archlinux.org/CVE-2019-13700
    https://security.archlinux.org/CVE-2019-13701
    https://security.archlinux.org/CVE-2019-13702
    https://security.archlinux.org/CVE-2019-13703
    https://security.archlinux.org/CVE-2019-13704
    https://security.archlinux.org/CVE-2019-13705
    https://security.archlinux.org/CVE-2019-13706
    https://security.archlinux.org/CVE-2019-13707
    https://security.archlinux.org/CVE-2019-13708
    https://security.archlinux.org/CVE-2019-13709
    https://security.archlinux.org/CVE-2019-13710
    https://security.archlinux.org/CVE-2019-13711
    https://security.archlinux.org/CVE-2019-13713
    https://security.archlinux.org/CVE-2019-13714
    https://security.archlinux.org/CVE-2019-13715
    https://security.archlinux.org/CVE-2019-13716
    https://security.archlinux.org/CVE-2019-13717
    https://security.archlinux.org/CVE-2019-13718
    https://security.archlinux.org/CVE-2019-13719
    https://security.archlinux.org/CVE-2019-15903
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.