Debian DSA-4395-1 : chromium - security update

Medium Nessus Plugin ID 122272

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the chromium web browser.

- CVE-2018-17481 A use-after-free issue was discovered in the pdfium library.

- CVE-2019-5754 Klzgrad discovered an error in the QUIC networking implementation.

- CVE-2019-5755 Jay Bosamiya discovered an implementation error in the v8 JavaScript library.

- CVE-2019-5756 A use-after-free issue was discovered in the pdfium library.

- CVE-2019-5757 Alexandru Pitis discovered a type confusion error in the SVG image format implementation.

- CVE-2019-5758 Zhe Jin discovered a use-after-free issue in blink/webkit.

- CVE-2019-5759 Almog Benin discovered a use-after-free issue when handling HTML pages containing select elements.

- CVE-2019-5760 Zhe Jin discovered a use-after-free issue in the WebRTC implementation.

- CVE-2019-5762 A use-after-free issue was discovered in the pdfium library.

- CVE-2019-5763 Guang Gon discovered an input validation error in the v8 JavaScript library.

- CVE-2019-5764 Eyal Itkin discovered a use-after-free issue in the WebRTC implementation.

- CVE-2019-5765 Sergey Toshin discovered a policy enforcement error.

- CVE-2019-5766 David Erceg discovered a policy enforcement error.

- CVE-2019-5767 Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao reported an error in the WebAPKs user interface.

- CVE-2019-5768 Rob Wu discovered a policy enforcement error in the developer tools.

- CVE-2019-5769 Guy Eshel discovered an input validation error in blink/webkit.

- CVE-2019-5770 hemidallt discovered a buffer overflow issue in the WebGL implementation.

- CVE-2019-5772 Zhen Zhou discovered a use-after-free issue in the pdfium library.

- CVE-2019-5773 Yongke Wong discovered an input validation error in the IndexDB implementation.

- CVE-2019-5774 Junghwan Kang and Juno Im discovered an input validation error in the SafeBrowsing implementation.

- CVE-2019-5775 evil1m0 discovered a policy enforcement error.

- CVE-2019-5776 Lnyas Zhang discovered a policy enforcement error.

- CVE-2019-5777 Khalil Zhani discovered a policy enforcement error.

- CVE-2019-5778 David Erceg discovered a policy enforcement error in the Extensions implementation.

- CVE-2019-5779 David Erceg discovered a policy enforcement error in the ServiceWorker implementation.

- CVE-2019-5780 Andreas Hegenberg discovered a policy enforcement error.

- CVE-2019-5781 evil1m0 discovered a policy enforcement error.

- CVE-2019-5782 Qixun Zhao discovered an implementation error in the v8 JavaScript library.

- CVE-2019-5783 Shintaro Kobori discovered an input validation error in the developer tools.

- CVE-2019-5784 Lucas Pinheiro discovered an implementation error in the v8 JavaScript library.

Solution

Upgrade the chromium packages.

For the stable distribution (stretch), these problems have been fixed in version 72.0.3626.96-1~deb9u1.

See Also

https://security-tracker.debian.org/tracker/CVE-2018-17481

https://security-tracker.debian.org/tracker/CVE-2019-5754

https://security-tracker.debian.org/tracker/CVE-2019-5755

https://security-tracker.debian.org/tracker/CVE-2019-5756

https://security-tracker.debian.org/tracker/CVE-2019-5757

https://security-tracker.debian.org/tracker/CVE-2019-5758

https://security-tracker.debian.org/tracker/CVE-2019-5759

https://security-tracker.debian.org/tracker/CVE-2019-5760

https://security-tracker.debian.org/tracker/CVE-2019-5762

https://security-tracker.debian.org/tracker/CVE-2019-5763

https://security-tracker.debian.org/tracker/CVE-2019-5764

https://security-tracker.debian.org/tracker/CVE-2019-5765

https://security-tracker.debian.org/tracker/CVE-2019-5766

https://security-tracker.debian.org/tracker/CVE-2019-5767

https://security-tracker.debian.org/tracker/CVE-2019-5768

https://security-tracker.debian.org/tracker/CVE-2019-5769

https://security-tracker.debian.org/tracker/CVE-2019-5770

https://security-tracker.debian.org/tracker/CVE-2019-5772

https://security-tracker.debian.org/tracker/CVE-2019-5773

https://security-tracker.debian.org/tracker/CVE-2019-5774

https://security-tracker.debian.org/tracker/CVE-2019-5775

https://security-tracker.debian.org/tracker/CVE-2019-5776

https://security-tracker.debian.org/tracker/CVE-2019-5777

https://security-tracker.debian.org/tracker/CVE-2019-5778

https://security-tracker.debian.org/tracker/CVE-2019-5779

https://security-tracker.debian.org/tracker/CVE-2019-5780

https://security-tracker.debian.org/tracker/CVE-2019-5781

https://security-tracker.debian.org/tracker/CVE-2019-5782

https://security-tracker.debian.org/tracker/CVE-2019-5783

https://security-tracker.debian.org/tracker/CVE-2019-5784

https://security-tracker.debian.org/tracker/source-package/chromium

https://packages.debian.org/source/stretch/chromium

https://www.debian.org/security/2019/dsa-4395

Plugin Details

Severity: Medium

ID: 122272

File Name: debian_DSA-4395.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2019/02/19

Updated: 2019/07/15

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:chromium, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 2019/02/18

Vulnerability Publication Date: 2018/12/11

Reference Information

CVE: CVE-2018-17481, CVE-2019-5754, CVE-2019-5755, CVE-2019-5756, CVE-2019-5757, CVE-2019-5758, CVE-2019-5759, CVE-2019-5760, CVE-2019-5762, CVE-2019-5763, CVE-2019-5764, CVE-2019-5765, CVE-2019-5766, CVE-2019-5767, CVE-2019-5768, CVE-2019-5769, CVE-2019-5770, CVE-2019-5772, CVE-2019-5773, CVE-2019-5774, CVE-2019-5775, CVE-2019-5776, CVE-2019-5777, CVE-2019-5778, CVE-2019-5779, CVE-2019-5780, CVE-2019-5781, CVE-2019-5782, CVE-2019-5783, CVE-2019-5784

DSA: 4395