Please also feel free to using our GPG key (found on our About page) or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.
After many months in development, LinuxSecurity is pleased to announce the public beta of our new site with more of the stuff we love best - the latest news, advisories, feature articles, interviews, and other content relevant to the Linux user.
While we work out any last-minute issues during this beta period, we would really appreciate your input. We need your help to identify any bugs or features we may have missed. See something you really like or don't like? Please share your thoughts!
The package chromium before version 78.0.3904.87-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201911-1
=========================================
Severity: Critical
Date : 2019-11-01
CVE-ID : CVE-2019-13720 CVE-2019-13721
Package : chromium
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-1058
Summary
=======
The package chromium before version 78.0.3904.87-1 is vulnerable to
arbitrary code execution.
Resolution
==========
Upgrade to 78.0.3904.87-1.
# pacman -Syu "chromium>=78.0.3904.87-1"
The problems have been fixed upstream in version 78.0.3904.87.
Workaround
==========
None.
Description
===========
- CVE-2019-13720 (arbitrary code execution)
A use-after-free vulnerability has been found in the audio component of
the chromium browser before 78.0.3904.87. Google is aware of reports
that an exploit for this vulnerability exists in the wild.
- CVE-2019-13721 (arbitrary code execution)
A use-after-free vulnerability has been found in the PDFium component
of the chromium browser before 78.0.3904.87.
Impact
======
A remote attacker can execute arbitrary code on the affected host.
References
==========
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
https://crbug.com/1019226
https://crbug.com/1013868
https://security.archlinux.org/CVE-2019-13720
https://security.archlinux.org/CVE-2019-13721
[{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
bottom200
Copyright 2019 Guardian Digital, Inc. All rights reserved.
You are not authorised to post comments.