ArchLinux: 201910-7: chromium: multiple issues

    Date11 Oct 2019
    CategoryArchLinux
    255
    Posted ByLinuxSecurity Advisories
    Archlinux Large
    The package chromium before version 77.0.3865.120-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.
    Arch Linux Security Advisory ASA-201910-7
    =========================================
    
    Severity: High
    Date    : 2019-10-11
    CVE-ID  : CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696
              CVE-2019-13697
    Package : chromium
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1043
    
    Summary
    =======
    
    The package chromium before version 77.0.3865.120-1 is vulnerable to
    multiple issues including arbitrary code execution and information
    disclosure.
    
    Resolution
    ==========
    
    Upgrade to 77.0.3865.120-1.
    
    # pacman -Syu "chromium>=77.0.3865.120-1"
    
    The problems have been fixed upstream in version 77.0.3865.120.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-13693 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in the IndexedDB
    component of the chromium browser before 77.0.3865.120.
    
    - CVE-2019-13694 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in the WebRTC component
    of the chromium browser before 77.0.3865.120.
    
    - CVE-2019-13695 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in the audio component of
    the chromium browser before 77.0.3865.120.
    
    - CVE-2019-13696 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in the V8 component of
    the chromium browser before 77.0.3865.120.
    
    - CVE-2019-13697 (information disclosure)
    
    A cross-origin size leak vulnerability has been found in the chromium
    browser before 77.0.3865.120.
    
    Impact
    ======
    
    A remote attacker can access sensitive information or execute arbitrary
    code on the affected host.
    
    References
    ==========
    
    https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html
    https://crbug.com/1005753
    https://crbug.com/1005251
    https://crbug.com/1004730
    https://crbug.com/1000635
    https://crbug.com/990849
    https://security.archlinux.org/CVE-2019-13693
    https://security.archlinux.org/CVE-2019-13694
    https://security.archlinux.org/CVE-2019-13695
    https://security.archlinux.org/CVE-2019-13696
    https://security.archlinux.org/CVE-2019-13697
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"38","type":"x","order":"1","pct":52.05,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.7,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.25,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.