openSUSE Security Update : chromium (openSUSE-2019-343)

high Nessus Plugin ID 122888



The remote openSUSE host is missing a security update.


This update for chromium to version 73.0.3683.75 fixes the following issues :

Security issues fixed (bsc#1129059) :

- CVE-2019-5787: Fixed a use after free in Canvas.

- CVE-2019-5788: Fixed a use after free in FileAPI.

- CVE-2019-5789: Fixed a use after free in WebMIDI.

- CVE-2019-5790: Fixed a heap buffer overflow in V8.

- CVE-2019-5791: Fixed a type confusion in V8.

- CVE-2019-5792: Fixed an integer overflow in PDFium.

- CVE-2019-5793: Fixed excessive permissions for private API in Extensions.

- CVE-2019-5794: Fixed security UI spoofing.

- CVE-2019-5795: Fixed an integer overflow in PDFium.

- CVE-2019-5796: Fixed a race condition in Extensions.

- CVE-2019-5797: Fixed a race condition in DOMStorage.

- CVE-2019-5798: Fixed an out of bounds read in Skia.

- CVE-2019-5799: Fixed a CSP bypass with blob URL.

- CVE-2019-5800: Fixed a CSP bypass with blob URL.

- CVE-2019-5801: Fixed an incorrect Omnibox display on iOS.

- CVE-2019-5802: Fixed security UI spoofing.

- CVE-2019-5803: Fixed a CSP bypass with JavaScript URLs'.

- CVE-2019-5804: Fixed a command line injection on Windows.

Release notes: r-desktop_12.html


Update the affected chromium packages.

See Also

Plugin Details

Severity: High

ID: 122888

File Name: openSUSE-2019-343.nasl

Version: 1.6

Type: local

Agent: unix

Published: 3/18/2019

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C


Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/17/2019

Vulnerability Publication Date: 5/23/2019

Reference Information

CVE: CVE-2019-5787, CVE-2019-5788, CVE-2019-5789, CVE-2019-5790, CVE-2019-5791, CVE-2019-5792, CVE-2019-5793, CVE-2019-5794, CVE-2019-5795, CVE-2019-5796, CVE-2019-5797, CVE-2019-5798, CVE-2019-5799, CVE-2019-5800, CVE-2019-5801, CVE-2019-5802, CVE-2019-5803, CVE-2019-5804