openSUSE-SU-2019:1666

https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html

https://crbug.com/933004

This update for chromium fixes the following issues :

Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287) :

  - CVE-2019-5842: Use-after-free in Blink.

Also updated to 75.0.3770.80 boo#1137332 :

  - CVE-2019-5828: Use after free in ServiceWorker

  - CVE-2019-5829: Use after free in Download Manager

  - CVE-2019-5830: Incorrectly credentialed requests in CORS

  - CVE-2019-5831: Incorrect map processing in V8

  - CVE-2019-5832: Incorrect CORS handling in XHR

  - CVE-2019-5833: Inconsistent security UI placemen

  - CVE-2019-5835: Out of bounds read in Swiftshader

  - CVE-2019-5836: Heap buffer overflow in Angle

  - CVE-2019-5837: Cross-origin resources size disclosure in     Appcache

  - CVE-2019-5838: Overly permissive tab access in     Extensions

  - CVE-2019-5839: Incorrect handling of certain code points     in Blink

  - CVE-2019-5840: Popup blocker bypass

  - Various fixes from internal audits, fuzzing and other     initiatives

  - CVE-2019-5834: URL spoof in Omnibox on iOS

Update to 74.0.3729.169 :

  - Feature fixes update only

Update to 74.0.3729.157 :

  - Various security fixes from internal audits, fuzzing and     other initiatives

Includes security fixes from 74.0.3729.131 (boo#1134218) :

  - CVE-2019-5827: Out-of-bounds access in SQLite

  - CVE-2019-5824: Parameter passing error in media player

Update to 74.0.3729.108 boo#1133313 :

  - CVE-2019-5805: Use after free in PDFium

  - CVE-2019-5806: Integer overflow in Angle

  - CVE-2019-5807: Memory corruption in V8

  - CVE-2019-5808: Use after free in Blink

  - CVE-2019-5809: Use after free in Blink

  - CVE-2019-5810: User information disclosure in Autofill

  - CVE-2019-5811: CORS bypass in Blink

  - CVE-2019-5813: Out of bounds read in V8

  - CVE-2019-5814: CORS bypass in Blink

  - CVE-2019-5815: Heap buffer overflow in Blink

  - CVE-2019-5818: Uninitialized value in media reader

  - CVE-2019-5819: Incorrect escaping in developer tools

  - CVE-2019-5820: Integer overflow in PDFium

  - CVE-2019-5821: Integer overflow in PDFium

  - CVE-2019-5822: CORS bypass in download manager

  - CVE-2019-5823: Forced navigation from service worker

  - CVE-2019-5812: URL spoof in Omnibox on iOS

  - CVE-2019-5816: Exploit persistence extension on Android

  - CVE-2019-5817: Heap buffer overflow in Angle on Windows

Update to 73.0.3686.103 :

  - Various feature fixes

Update to 73.0.3683.86 :

  - Just feature fixes around

  - Update conditions to use system harfbuzz on TW+

  - Require java during build

  - Enable using pipewire when available

  - Rebase chromium-vaapi.patch to match up the Fedora one

Update to 73.0.3683.75 boo#1129059 :

  - CVE-2019-5787: Use after free in Canvas.

  - CVE-2019-5788: Use after free in FileAPI.

  - CVE-2019-5789: Use after free in WebMIDI.

  - CVE-2019-5790: Heap buffer overflow in V8.

  - CVE-2019-5791: Type confusion in V8.

  - CVE-2019-5792: Integer overflow in PDFium.

  - CVE-2019-5793: Excessive permissions for private API in     Extensions.

  - CVE-2019-5794: Security UI spoofing.

  - CVE-2019-5795: Integer overflow in PDFium.

  - CVE-2019-5796: Race condition in Extensions.

  - CVE-2019-5797: Race condition in DOMStorage.

  - CVE-2019-5798: Out of bounds read in Skia.

  - CVE-2019-5799: CSP bypass with blob URL.

  - CVE-2019-5800: CSP bypass with blob URL.

  - CVE-2019-5801: Incorrect Omnibox display on iOS.

  - CVE-2019-5802: Security UI spoofing.

  - CVE-2019-5803: CSP bypass with JavaScript URLs'.

  - CVE-2019-5804: Command line command injection on     Windows.

Update to 73.0.3683.75. Fixes large bucket of CVEs.

CVE-2019-5754 CVE-2019-5782 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5761 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5771 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5784 CVE-2019-5786 CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for chromium to version 73.0.3683.75 fixes the following issues :

Security issues fixed (bsc#1129059) :

  - CVE-2019-5787: Fixed a use after free in Canvas.

  - CVE-2019-5788: Fixed a use after free in FileAPI.

  - CVE-2019-5789: Fixed a use after free in WebMIDI.

  - CVE-2019-5790: Fixed a heap buffer overflow in V8.

  - CVE-2019-5791: Fixed a type confusion in V8.

  - CVE-2019-5792: Fixed an integer overflow in PDFium.

  - CVE-2019-5793: Fixed excessive permissions for private     API in Extensions.

  - CVE-2019-5794: Fixed security UI spoofing.

  - CVE-2019-5795: Fixed an integer overflow in PDFium.

  - CVE-2019-5796: Fixed a race condition in Extensions.

  - CVE-2019-5797: Fixed a race condition in DOMStorage.

  - CVE-2019-5798: Fixed an out of bounds read in Skia.

  - CVE-2019-5799: Fixed a CSP bypass with blob URL.

  - CVE-2019-5800: Fixed a CSP bypass with blob URL.

  - CVE-2019-5801: Fixed an incorrect Omnibox display on     iOS.

  - CVE-2019-5802: Fixed security UI spoofing.

  - CVE-2019-5803: Fixed a CSP bypass with JavaScript URLs'.

  - CVE-2019-5804: Fixed a command line injection on     Windows.

Release notes:
https://chromereleases.googleblog.com/2019/03/stable-channel-update-fo r-desktop_12.html

The remote host is affected by the vulnerability described in GLSA-201903-23 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the referenced CVE identifiers and Google Chrome       Releases for details.
  Impact :

    Please review the referenced CVE identifiers and Google Chrome Releases       for details.
  Workaround :

    There is no known workaround at this time.

The version of Google Chrome installed on the remote host is prior to 73.0.3683.75. It is, therefore, affected by multiple vulnerabilities as noted in Google Chrome stable channel update release notes for 2019/03/12. Please refer to the release notes for additional information. Note that Nessus Network Monitor has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 73.0.3683.75. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_03_stable-channel-update- for-desktop_12 advisory.

  - Use after free in Canvas. (CVE-2019-5787)

  - Use after free in FileAPI. (CVE-2019-5788)

  - Use after free in WebMIDI. (CVE-2019-5789)

  - Heap buffer overflow in V8. (CVE-2019-5790)

  - Type confusion in V8. (CVE-2019-5791)

  - Integer overflow in PDFium. (CVE-2019-5792,     CVE-2019-5795)

  - Excessive permissions for private API in Extensions.
    (CVE-2019-5793)

  - Security UI spoofing. (CVE-2019-5794, CVE-2019-5802)

  - Race condition in Extensions. (CVE-2019-5796)

  - Race condition in DOMStorage. (CVE-2019-5797)

  - Out of bounds read in Skia. (CVE-2019-5798)

  - CSP bypass with blob URL. (CVE-2019-5799, CVE-2019-5800)

  - Incorrect Omnibox display on iOS. (CVE-2019-5801)

  - CSP bypass with Javascript URLs'. (CVE-2019-5803)

  - Command line command injection on Windows.
    (CVE-2019-5804)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 73.0.3683.75. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_03_stable-channel-update- for-desktop_12 advisory.

  - Use after free in Canvas. (CVE-2019-5787)

  - Use after free in FileAPI. (CVE-2019-5788)

  - Use after free in WebMIDI. (CVE-2019-5789)

  - Heap buffer overflow in V8. (CVE-2019-5790)

  - Type confusion in V8. (CVE-2019-5791)

  - Integer overflow in PDFium. (CVE-2019-5792,     CVE-2019-5795)

  - Excessive permissions for private API in Extensions.
    (CVE-2019-5793)

  - Security UI spoofing. (CVE-2019-5794, CVE-2019-5802)

  - Race condition in Extensions. (CVE-2019-5796)

  - Race condition in DOMStorage. (CVE-2019-5797)

  - Out of bounds read in Skia. (CVE-2019-5798)

  - CSP bypass with blob URL. (CVE-2019-5799, CVE-2019-5800)

  - Incorrect Omnibox display on iOS. (CVE-2019-5801)

  - CSP bypass with Javascript URLs'. (CVE-2019-5803)

  - Command line command injection on Windows.
    (CVE-2019-5804)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
126368	openSUSE Security Update : chromium (openSUSE-2019-1666)	Nessus	SuSE Local Security Checks	high
124466	Fedora 30 : chromium (2019-05a780936d)	Nessus	Fedora Local Security Checks	high
123492	openSUSE Security Update : chromium (openSUSE-2019-1062)	Nessus	SuSE Local Security Checks	high
123429	GLSA-201903-23 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
700483	Google Chrome < 73.0.3683.75 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
123100	Fedora 29 : chromium (2019-561eae4626)	Nessus	Fedora Local Security Checks	high
122888	openSUSE Security Update : chromium (openSUSE-2019-343)	Nessus	SuSE Local Security Checks	high
122853	Google Chrome < 73.0.3683.75 Multiple Vulnerabilities	Nessus	Windows	high
122852	Google Chrome < 73.0.3683.75 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high

CVE-2019-5804

LOW

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

critical

high

high

high

high