Debian DSA-4395-1 : chromium - security update

Medium Nessus Plugin ID 122272

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the chromium web browser.

- CVE-2018-17481 A use-after-free issue was discovered in the pdfium library.

- CVE-2019-5754 Klzgrad discovered an error in the QUIC networking implementation.

- CVE-2019-5755 Jay Bosamiya discovered an implementation error in the v8 JavaScript library.

- CVE-2019-5756 A use-after-free issue was discovered in the pdfium library.

- CVE-2019-5757 Alexandru Pitis discovered a type confusion error in the SVG image format implementation.

- CVE-2019-5758 Zhe Jin discovered a use-after-free issue in blink/webkit.

- CVE-2019-5759 Almog Benin discovered a use-after-free issue when handling HTML pages containing select elements.

- CVE-2019-5760 Zhe Jin discovered a use-after-free issue in the WebRTC implementation.

- CVE-2019-5762 A use-after-free issue was discovered in the pdfium library.

- CVE-2019-5763 Guang Gon discovered an input validation error in the v8 JavaScript library.

- CVE-2019-5764 Eyal Itkin discovered a use-after-free issue in the WebRTC implementation.

- CVE-2019-5765 Sergey Toshin discovered a policy enforcement error.

- CVE-2019-5766 David Erceg discovered a policy enforcement error.

- CVE-2019-5767 Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao reported an error in the WebAPKs user interface.

- CVE-2019-5768 Rob Wu discovered a policy enforcement error in the developer tools.

- CVE-2019-5769 Guy Eshel discovered an input validation error in blink/webkit.

- CVE-2019-5770 hemidallt discovered a buffer overflow issue in the WebGL implementation.

- CVE-2019-5772 Zhen Zhou discovered a use-after-free issue in the pdfium library.

- CVE-2019-5773 Yongke Wong discovered an input validation error in the IndexDB implementation.

- CVE-2019-5774 Junghwan Kang and Juno Im discovered an input validation error in the SafeBrowsing implementation.

- CVE-2019-5775 evil1m0 discovered a policy enforcement error.

- CVE-2019-5776 Lnyas Zhang discovered a policy enforcement error.

- CVE-2019-5777 Khalil Zhani discovered a policy enforcement error.

- CVE-2019-5778 David Erceg discovered a policy enforcement error in the Extensions implementation.

- CVE-2019-5779 David Erceg discovered a policy enforcement error in the ServiceWorker implementation.

- CVE-2019-5780 Andreas Hegenberg discovered a policy enforcement error.

- CVE-2019-5781 evil1m0 discovered a policy enforcement error.

- CVE-2019-5782 Qixun Zhao discovered an implementation error in the v8 JavaScript library.

- CVE-2019-5783 Shintaro Kobori discovered an input validation error in the developer tools.

- CVE-2019-5784 Lucas Pinheiro discovered an implementation error in the v8 JavaScript library.

Solution

Upgrade the chromium packages.

For the stable distribution (stretch), these problems have been fixed in version 72.0.3626.96-1~deb9u1.

CVE: CVE-2018-17481, CVE-2019-5754, CVE-2019-5755, CVE-2019-5756, CVE-2019-5757, CVE-2019-5758, CVE-2019-5759, CVE-2019-5760, CVE-2019-5762, CVE-2019-5763, CVE-2019-5764, CVE-2019-5765, CVE-2019-5766, CVE-2019-5767, CVE-2019-5768, CVE-2019-5769, CVE-2019-5770, CVE-2019-5772, CVE-2019-5773, CVE-2019-5774, CVE-2019-5775, CVE-2019-5776, CVE-2019-5777, CVE-2019-5778, CVE-2019-5779, CVE-2019-5780, CVE-2019-5781, CVE-2019-5782, CVE-2019-5783, CVE-2019-5784

DSA: 4395

Debian DSA-4395-1 : chromium - security update

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Reference Information