openSUSE Security Update : chromium (openSUSE-2019-1062)

high Nessus Plugin ID 123492

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for chromium to version 73.0.3683.75 fixes the following issues :

Security issues fixed (bsc#1129059) :

- CVE-2019-5787: Fixed a use after free in Canvas.

- CVE-2019-5788: Fixed a use after free in FileAPI.

- CVE-2019-5789: Fixed a use after free in WebMIDI.

- CVE-2019-5790: Fixed a heap buffer overflow in V8.

- CVE-2019-5791: Fixed a type confusion in V8.

- CVE-2019-5792: Fixed an integer overflow in PDFium.

- CVE-2019-5793: Fixed excessive permissions for private API in Extensions.

- CVE-2019-5794: Fixed security UI spoofing.

- CVE-2019-5795: Fixed an integer overflow in PDFium.

- CVE-2019-5796: Fixed a race condition in Extensions.

- CVE-2019-5797: Fixed a race condition in DOMStorage.

- CVE-2019-5798: Fixed an out of bounds read in Skia.

- CVE-2019-5799: Fixed a CSP bypass with blob URL.

- CVE-2019-5800: Fixed a CSP bypass with blob URL.

- CVE-2019-5801: Fixed an incorrect Omnibox display on iOS.

- CVE-2019-5802: Fixed security UI spoofing.

- CVE-2019-5803: Fixed a CSP bypass with JavaScript URLs'.

- CVE-2019-5804: Fixed a command line injection on Windows.

Release notes:
https://chromereleases.googleblog.com/2019/03/stable-channel-update-fo r-desktop_12.html

Solution

Update the affected chromium packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1129059

http://www.nessus.org/u?1a2b6e84

Plugin Details

Severity: High

ID: 123492

File Name: openSUSE-2019-1062.nasl

Version: 1.7

Type: local

Agent: unix

Published: 3/29/2019

Updated: 1/19/2021

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, cpe:/o:novell:opensuse:15.0

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/28/2019

Vulnerability Publication Date: 5/23/2019

Reference Information

CVE: CVE-2019-5787, CVE-2019-5788, CVE-2019-5789, CVE-2019-5790, CVE-2019-5791, CVE-2019-5792, CVE-2019-5793, CVE-2019-5794, CVE-2019-5795, CVE-2019-5796, CVE-2019-5797, CVE-2019-5798, CVE-2019-5799, CVE-2019-5800, CVE-2019-5801, CVE-2019-5802, CVE-2019-5803, CVE-2019-5804