ArchLinux: 201910-7: chromium: multiple issues

    Date11 Oct 2019
    362
    Posted ByLinuxSecurity Advisories
    The package chromium before version 77.0.3865.120-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.
    Arch Linux Security Advisory ASA-201910-7
    =========================================
    
    Severity: High
    Date    : 2019-10-11
    CVE-ID  : CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696
              CVE-2019-13697
    Package : chromium
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1043
    
    Summary
    =======
    
    The package chromium before version 77.0.3865.120-1 is vulnerable to
    multiple issues including arbitrary code execution and information
    disclosure.
    
    Resolution
    ==========
    
    Upgrade to 77.0.3865.120-1.
    
    # pacman -Syu "chromium>=77.0.3865.120-1"
    
    The problems have been fixed upstream in version 77.0.3865.120.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-13693 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in the IndexedDB
    component of the chromium browser before 77.0.3865.120.
    
    - CVE-2019-13694 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in the WebRTC component
    of the chromium browser before 77.0.3865.120.
    
    - CVE-2019-13695 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in the audio component of
    the chromium browser before 77.0.3865.120.
    
    - CVE-2019-13696 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in the V8 component of
    the chromium browser before 77.0.3865.120.
    
    - CVE-2019-13697 (information disclosure)
    
    A cross-origin size leak vulnerability has been found in the chromium
    browser before 77.0.3865.120.
    
    Impact
    ======
    
    A remote attacker can access sensitive information or execute arbitrary
    code on the affected host.
    
    References
    ==========
    
    https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html
    https://crbug.com/1005753
    https://crbug.com/1005251
    https://crbug.com/1004730
    https://crbug.com/1000635
    https://crbug.com/990849
    https://security.archlinux.org/CVE-2019-13693
    https://security.archlinux.org/CVE-2019-13694
    https://security.archlinux.org/CVE-2019-13695
    https://security.archlinux.org/CVE-2019-13696
    https://security.archlinux.org/CVE-2019-13697
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.