openSUSE-SU-2019:1666

https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html

https://crbug.com/950328

FEDORA-2019-a1af621faf

FEDORA-2019-e5ff5d0ffd

FEDORA-2019-8fb8240d14

20190813 [SECURITY] [DSA 4500-1] chromium security update

GLSA-201908-18

DSA-4500

https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791

A bugfix and security update of QtWebEngine to 5.12.5, the latest release from the 5.12 LTS branch.

Security fixes from Chromium up to version 76.0.3809.87, including :

  - CVE-2019-5829

  - CVE-2019-5831

  - CVE-2019-5832

  - CVE-2019-5837

  - CVE-2019-5839

  - CVE-2019-5842

  - CVE-2019-5851

  - CVE-2019-5852

  - CVE-2019-5854

  - CVE-2019-5855

  - CVE-2019-5856

  - CVE-2019-5857

  - CVE-2019-5860

  - CVE-2019-5861

  - CVE-2019-5862

  - CVE-2019-5865

  - Critical security issue 977057

  - Security bug 934161

  - Security bug 939644

  - Security bug 948172

  - Security bug 948228

  - Security bug 948944

  - Security bug 950005

  - Security bug 952849

  - Security bug 956625

  - Security bug 958457

  - Security bug 958689

  - Security bug 959193

  - Security bug 959518

  - Security bug 958717

  - Security bug 960785

  - Security bug 961674

  - Security bug 961597

  - Security bug 962083

  - Security bug 964002

  - Security bug 973893

  - Security bug 974627

  - Security bug 976050

  - Security bug 981602

  - Security bug 983850

  - Security bug 983938

General bug fixes :

  - [QTBUG-62106] Fixed possible crash after rapid tapping.

  - [QTBUG-75884] Fixed crash on setHttpUserAgent.

  - [QTBUG-76249] Fixed user-agent on some new windows.

  - [QTBUG-76268] Fixed tab key send on minimize.

  - [QTBUG-76347] Fixed duplicate events being send from     tablets.

  - [QTBUG-76828] Clear shared context on exit.

  - [QTBUG-76958] Fixed possible crash when loading in     background.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201908-18 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the referenced CVE identifiers and Google Chrome       Releases for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

Several vulnerabilities have been discovered in the chromium web browser.

  - CVE-2019-5805     A use-after-free issue was discovered in the pdfium     library.

  - CVE-2019-5806     Wen Xu discovered an integer overflow issue in the Angle     library.

  - CVE-2019-5807     TimGMichaud discovered a memory corruption issue in the     v8 JavaScript library.

  - CVE-2019-5808     cloudfuzzer discovered a use-after-free issue in     Blink/Webkit.

  - CVE-2019-5809     Mark Brand discovered a use-after-free issue in     Blink/Webkit.

  - CVE-2019-5810     Mark Amery discovered an information disclosure issue.

  - CVE-2019-5811     Jun Kokatsu discovered a way to bypass the Cross-Origin     Resource Sharing feature.

  - CVE-2019-5813     Aleksandar Nikolic discovered an out-of-bounds read     issue in the v8 JavaScript library.

  - CVE-2019-5814     @AaylaSecura1138 discovered a way to bypass the     Cross-Origin Resource Sharing feature.

  - CVE-2019-5815     Nicolas Gregoire discovered a buffer overflow issue in     Blink/Webkit.

  - CVE-2019-5818     Adrian Tolbaru discovered an uninitialized value issue.

  - CVE-2019-5819     Svyat Mitin discovered an error in the developer tools.

  - CVE-2019-5820     pdknsk discovered an integer overflow issue in the     pdfium library.

  - CVE-2019-5821     pdknsk discovered another integer overflow issue in the     pdfium library.

  - CVE-2019-5822     Jun Kokatsu discovered a way to bypass the Cross-Origin     Resource Sharing feature.

  - CVE-2019-5823     David Erceg discovered a navigation error.

  - CVE-2019-5824     leecraso and Guang Gong discovered an error in the media     player.

  - CVE-2019-5825     Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu     discovered an out-of-bounds write issue in the v8     JavaScript library.

  - CVE-2019-5826     Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu     discovered a use-after-free issue.

  - CVE-2019-5827     mlfbrown discovered an out-of-bounds read issue in the     sqlite library.

  - CVE-2019-5828     leecraso and Guang Gong discovered a use-after-free     issue.

  - CVE-2019-5829     Lucas Pinheiro discovered a use-after-free issue.

  - CVE-2019-5830     Andrew Krashichkov discovered a credential error in the     Cross-Origin Resource Sharing feature.

  - CVE-2019-5831     yngwei discovered a map error in the v8 JavaScript     library.

  - CVE-2019-5832     Sergey Shekyan discovered an error in the Cross-Origin     Resource Sharing feature.

  - CVE-2019-5833     Khalil Zhani discovered a user interface error.

  - CVE-2019-5834     Khalil Zhani discovered a URL spoofing issue.

  - CVE-2019-5836     Omair discovered a buffer overflow issue in the Angle     library.

  - CVE-2019-5837     Adam Iawniuk discovered an information disclosure issue.

  - CVE-2019-5838     David Erceg discovered an error in extension     permissions.

  - CVE-2019-5839     Masato Kinugawa discovered implementation errors in     Blink/Webkit.

  - CVE-2019-5840     Eliya Stein and Jerome Dangu discovered a way to bypass     the popup blocker.

  - CVE-2019-5842     BUGFENSE discovered a use-after-free issue in     Blink/Webkit.

  - CVE-2019-5847     m3plex discovered an error in the v8 JavaScript library.

  - CVE-2019-5848     Mark Amery discovered an information disclosure issue.

  - CVE-2019-5849     Zhen Zhou discovered an out-of-bounds read in the Skia     library.

  - CVE-2019-5850     Brendon Tiszka discovered a use-after-free issue in the     offline page fetcher.

  - CVE-2019-5851     Zhe Jin discovered a use-after-poison issue.

  - CVE-2019-5852     David Erceg discovered an information disclosure issue.

  - CVE-2019-5853     Yngwei and sakura discovered a memory corruption issue.

  - CVE-2019-5854     Zhen Zhou discovered an integer overflow issue in the     pdfium library.

  - CVE-2019-5855     Zhen Zhou discovered an integer overflow issue in the     pdfium library.

  - CVE-2019-5856     Yongke Wang discovered an error related to filesystem:
    URI permissions.

  - CVE-2019-5857     cloudfuzzer discovered a way to crash chromium.

  - CVE-2019-5858     evil1m0 discovered an information disclosure issue.

  - CVE-2019-5859     James Lee discovered a way to launch alternative     browsers.

  - CVE-2019-5860     A use-after-free issue was discovered in the v8     JavaScript library.

  - CVE-2019-5861     Robin Linus discovered an error determining click     location.

  - CVE-2019-5862     Jun Kokatsu discovered an error in the AppCache     implementation.

  - CVE-2019-5864     Devin Grindle discovered an error in the Cross-Origin     Resourse Sharing feature for extensions.

  - CVE-2019-5865     Ivan Fratric discovered a way to bypass the site     isolation feature.

  - CVE-2019-5867     Lucas Pinheiro discovered an out-of-bounds read issue in     the v8 JavaScript library.

  - CVE-2019-5868     banananapenguin discovered a use-after-free issue in the     v8 JavaScript library.

Fix itinerant crashes.

----

Update to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi support disabled, just too broken. :(

Fixes CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for chromium fixes the following issues :

Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287) :

  - CVE-2019-5842: Use-after-free in Blink.

Also updated to 75.0.3770.80 boo#1137332 :

  - CVE-2019-5828: Use after free in ServiceWorker

  - CVE-2019-5829: Use after free in Download Manager

  - CVE-2019-5830: Incorrectly credentialed requests in CORS

  - CVE-2019-5831: Incorrect map processing in V8

  - CVE-2019-5832: Incorrect CORS handling in XHR

  - CVE-2019-5833: Inconsistent security UI placemen

  - CVE-2019-5835: Out of bounds read in Swiftshader

  - CVE-2019-5836: Heap buffer overflow in Angle

  - CVE-2019-5837: Cross-origin resources size disclosure in     Appcache

  - CVE-2019-5838: Overly permissive tab access in     Extensions

  - CVE-2019-5839: Incorrect handling of certain code points     in Blink

  - CVE-2019-5840: Popup blocker bypass

  - Various fixes from internal audits, fuzzing and other     initiatives

  - CVE-2019-5834: URL spoof in Omnibox on iOS

Update to 74.0.3729.169 :

  - Feature fixes update only

Update to 74.0.3729.157 :

  - Various security fixes from internal audits, fuzzing and     other initiatives

Includes security fixes from 74.0.3729.131 (boo#1134218) :

  - CVE-2019-5827: Out-of-bounds access in SQLite

  - CVE-2019-5824: Parameter passing error in media player

Update to 74.0.3729.108 boo#1133313 :

  - CVE-2019-5805: Use after free in PDFium

  - CVE-2019-5806: Integer overflow in Angle

  - CVE-2019-5807: Memory corruption in V8

  - CVE-2019-5808: Use after free in Blink

  - CVE-2019-5809: Use after free in Blink

  - CVE-2019-5810: User information disclosure in Autofill

  - CVE-2019-5811: CORS bypass in Blink

  - CVE-2019-5813: Out of bounds read in V8

  - CVE-2019-5814: CORS bypass in Blink

  - CVE-2019-5815: Heap buffer overflow in Blink

  - CVE-2019-5818: Uninitialized value in media reader

  - CVE-2019-5819: Incorrect escaping in developer tools

  - CVE-2019-5820: Integer overflow in PDFium

  - CVE-2019-5821: Integer overflow in PDFium

  - CVE-2019-5822: CORS bypass in download manager

  - CVE-2019-5823: Forced navigation from service worker

  - CVE-2019-5812: URL spoof in Omnibox on iOS

  - CVE-2019-5816: Exploit persistence extension on Android

  - CVE-2019-5817: Heap buffer overflow in Angle on Windows

Update to 73.0.3686.103 :

  - Various feature fixes

Update to 73.0.3683.86 :

  - Just feature fixes around

  - Update conditions to use system harfbuzz on TW+

  - Require java during build

  - Enable using pipewire when available

  - Rebase chromium-vaapi.patch to match up the Fedora one

Update to 73.0.3683.75 boo#1129059 :

  - CVE-2019-5787: Use after free in Canvas.

  - CVE-2019-5788: Use after free in FileAPI.

  - CVE-2019-5789: Use after free in WebMIDI.

  - CVE-2019-5790: Heap buffer overflow in V8.

  - CVE-2019-5791: Type confusion in V8.

  - CVE-2019-5792: Integer overflow in PDFium.

  - CVE-2019-5793: Excessive permissions for private API in     Extensions.

  - CVE-2019-5794: Security UI spoofing.

  - CVE-2019-5795: Integer overflow in PDFium.

  - CVE-2019-5796: Race condition in Extensions.

  - CVE-2019-5797: Race condition in DOMStorage.

  - CVE-2019-5798: Out of bounds read in Skia.

  - CVE-2019-5799: CSP bypass with blob URL.

  - CVE-2019-5800: CSP bypass with blob URL.

  - CVE-2019-5801: Incorrect Omnibox display on iOS.

  - CVE-2019-5802: Security UI spoofing.

  - CVE-2019-5803: CSP bypass with JavaScript URLs'.

  - CVE-2019-5804: Command line command injection on     Windows.

Update to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi support disabled, just too broken. :(

Fixes CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for chromium to version 75.0.3770.80 fixes the following issues: Security issues fixed :

  - CVE-2019-5828: Fixed a Use after free in ServiceWorker

  - CVE-2019-5829: Fixed Use after free in Download Manager

  - CVE-2019-5830: Fixed an incorrectly credentialed     requests in CORS

  - CVE-2019-5831: Fixed an incorrect map processing in V8

  - CVE-2019-5832: Fixed an incorrect CORS handling in XHR

  - CVE-2019-5833: Fixed an inconsistent security UI     placemen

  - CVE-2019-5835: Fixed an out of bounds read in     Swiftshader

  - CVE-2019-5836: Fixed a heap buffer overflow in Angle

  - CVE-2019-5837: Fixed a cross-origin resources size     disclosure in Appcache

  - CVE-2019-5838: Fixed an overly permissive tab access in     Extensions

  - CVE-2019-5839: Fixed an incorrect handling of certain     code points in Blink

  - CVE-2019-5840: Fixed a popup blocker bypass

This update for chromium to version 75.0.3770.80 fixes the following issues :

Security issues fixed :

&#9; - CVE-2019-5828: Fixed a Use after free in ServiceWorker

  - CVE-2019-5829: Fixed Use after free in Download Manager

  - CVE-2019-5830: Fixed an incorrectly credentialed     requests in CORS

  - CVE-2019-5831: Fixed an incorrect map processing in V8

  - CVE-2019-5832: Fixed an incorrect CORS handling in XHR

  - CVE-2019-5833: Fixed an inconsistent security UI     placemen

  - CVE-2019-5835: Fixed an out of bounds read in     Swiftshader

  - CVE-2019-5836: Fixed a heap buffer overflow in Angle

  - CVE-2019-5837: Fixed a cross-origin resources size     disclosure in Appcache

  - CVE-2019-5838: Fixed an overly permissive tab access in     Extensions

  - CVE-2019-5839: Fixed an incorrect handling of certain     code points in Blink

  - CVE-2019-5840: Fixed a popup blocker bypass

  - CVE-2019-5834: Fixed a URL spoof in Omnibox on iOS

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 75.0.3770.80.

Security Fix(es) :

* chromium-browser: Use after free in ServiceWorker (CVE-2019-5828)

* chromium-browser: Use after free in Download Manager (CVE-2019-5829)

* chromium-browser: Incorrectly credentialed requests in CORS (CVE-2019-5830)

* chromium-browser: Incorrect map processing in V8 (CVE-2019-5831)

* chromium-browser: Incorrect CORS handling in XHR (CVE-2019-5832)

* chromium-browser: Inconsistent security UI placement (CVE-2019-5833)

* chromium-browser: Out of bounds read in Swiftshader (CVE-2019-5835)

* chromium-browser: Heap buffer overflow in Angle (CVE-2019-5836)

* chromium-browser: Cross-origin resources size disclosure in Appcache (CVE-2019-5837)

* chromium-browser: Overly permissive tab access in Extensions (CVE-2019-5838)

* chromium-browser: Incorrect handling of certain code points in Blink (CVE-2019-5839)

* chromium-browser: Popup blocker bypass (CVE-2019-5840)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The version of Google Chrome installed on the remote Windows host is prior to 75.0.3770.80. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_06_stable-channel-update- for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 75.0.3770.80. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_06_stable-channel-update- for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
129857	Fedora 29 : qt5-qtwebengine (2019-e5ff5d0ffd)	Nessus	Fedora Local Security Checks	medium
127967	GLSA-201908-18 : Chromium, Google Chrome: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
127868	Debian DSA-4500-1 : chromium - security update	Nessus	Debian Local Security Checks	medium
126995	Fedora 29 : chromium (2019-a1af621faf)	Nessus	Fedora Local Security Checks	medium
126368	openSUSE Security Update : chromium (openSUSE-2019-1666)	Nessus	SuSE Local Security Checks	high
126359	Fedora 30 : chromium (2019-8fb8240d14)	Nessus	Fedora Local Security Checks	medium
125943	openSUSE Security Update : chromium (openSUSE-2019-1559)	Nessus	SuSE Local Security Checks	medium
125942	openSUSE Security Update : chromium (openSUSE-2019-1558)	Nessus	SuSE Local Security Checks	medium
125941	openSUSE Security Update : chromium (openSUSE-2019-1557)	Nessus	SuSE Local Security Checks	medium
125940	RHEL 6 : chromium-browser (RHSA-2019:1477)	Nessus	Red Hat Local Security Checks	medium
125729	Google Chrome < 75.0.3770.80 Multiple Vulnerabilities	Nessus	Windows	medium
125728	Google Chrome < 75.0.3770.80 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium

CVE-2019-5831

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins