openSUSE Security Update : chromium (openSUSE-2019-1666)

high Nessus Plugin ID 126368

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for chromium fixes the following issues :

Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287) :

- CVE-2019-5842: Use-after-free in Blink.

Also updated to 75.0.3770.80 boo#1137332 :

- CVE-2019-5828: Use after free in ServiceWorker

- CVE-2019-5829: Use after free in Download Manager

- CVE-2019-5830: Incorrectly credentialed requests in CORS

- CVE-2019-5831: Incorrect map processing in V8

- CVE-2019-5832: Incorrect CORS handling in XHR

- CVE-2019-5833: Inconsistent security UI placemen

- CVE-2019-5835: Out of bounds read in Swiftshader

- CVE-2019-5836: Heap buffer overflow in Angle

- CVE-2019-5837: Cross-origin resources size disclosure in Appcache

- CVE-2019-5838: Overly permissive tab access in Extensions

- CVE-2019-5839: Incorrect handling of certain code points in Blink

- CVE-2019-5840: Popup blocker bypass

- Various fixes from internal audits, fuzzing and other initiatives

- CVE-2019-5834: URL spoof in Omnibox on iOS

Update to 74.0.3729.169 :

- Feature fixes update only

Update to 74.0.3729.157 :

- Various security fixes from internal audits, fuzzing and other initiatives

Includes security fixes from 74.0.3729.131 (boo#1134218) :

- CVE-2019-5827: Out-of-bounds access in SQLite

- CVE-2019-5824: Parameter passing error in media player

Update to 74.0.3729.108 boo#1133313 :

- CVE-2019-5805: Use after free in PDFium

- CVE-2019-5806: Integer overflow in Angle

- CVE-2019-5807: Memory corruption in V8

- CVE-2019-5808: Use after free in Blink

- CVE-2019-5809: Use after free in Blink

- CVE-2019-5810: User information disclosure in Autofill

- CVE-2019-5811: CORS bypass in Blink

- CVE-2019-5813: Out of bounds read in V8

- CVE-2019-5814: CORS bypass in Blink

- CVE-2019-5815: Heap buffer overflow in Blink

- CVE-2019-5818: Uninitialized value in media reader

- CVE-2019-5819: Incorrect escaping in developer tools

- CVE-2019-5820: Integer overflow in PDFium

- CVE-2019-5821: Integer overflow in PDFium

- CVE-2019-5822: CORS bypass in download manager

- CVE-2019-5823: Forced navigation from service worker

- CVE-2019-5812: URL spoof in Omnibox on iOS

- CVE-2019-5816: Exploit persistence extension on Android

- CVE-2019-5817: Heap buffer overflow in Angle on Windows

Update to 73.0.3686.103 :

- Various feature fixes

Update to 73.0.3683.86 :

- Just feature fixes around

- Update conditions to use system harfbuzz on TW+

- Require java during build

- Enable using pipewire when available

- Rebase chromium-vaapi.patch to match up the Fedora one

Update to 73.0.3683.75 boo#1129059 :

- CVE-2019-5787: Use after free in Canvas.

- CVE-2019-5788: Use after free in FileAPI.

- CVE-2019-5789: Use after free in WebMIDI.

- CVE-2019-5790: Heap buffer overflow in V8.

- CVE-2019-5791: Type confusion in V8.

- CVE-2019-5792: Integer overflow in PDFium.

- CVE-2019-5793: Excessive permissions for private API in Extensions.

- CVE-2019-5794: Security UI spoofing.

- CVE-2019-5795: Integer overflow in PDFium.

- CVE-2019-5796: Race condition in Extensions.

- CVE-2019-5797: Race condition in DOMStorage.

- CVE-2019-5798: Out of bounds read in Skia.

- CVE-2019-5799: CSP bypass with blob URL.

- CVE-2019-5800: CSP bypass with blob URL.

- CVE-2019-5801: Incorrect Omnibox display on iOS.

- CVE-2019-5802: Security UI spoofing.

- CVE-2019-5803: CSP bypass with JavaScript URLs'.

- CVE-2019-5804: Command line command injection on Windows.

Solution

Update the affected chromium packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1129059

https://bugzilla.opensuse.org/show_bug.cgi?id=1133313

https://bugzilla.opensuse.org/show_bug.cgi?id=1134218

https://bugzilla.opensuse.org/show_bug.cgi?id=1137332

https://bugzilla.opensuse.org/show_bug.cgi?id=1138287

Plugin Details

Severity: High

ID: 126368

File Name: openSUSE-2019-1666.nasl

Version: 1.5

Type: local

Agent: unix

Published: 7/1/2019

Updated: 9/23/2020

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, cpe:/o:novell:opensuse:15.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/28/2019

Vulnerability Publication Date: 5/23/2019

Reference Information

CVE: CVE-2019-5787, CVE-2019-5788, CVE-2019-5789, CVE-2019-5790, CVE-2019-5791, CVE-2019-5792, CVE-2019-5793, CVE-2019-5794, CVE-2019-5795, CVE-2019-5796, CVE-2019-5797, CVE-2019-5798, CVE-2019-5799, CVE-2019-5800, CVE-2019-5801, CVE-2019-5802, CVE-2019-5803, CVE-2019-5804, CVE-2019-5805, CVE-2019-5806, CVE-2019-5807, CVE-2019-5808, CVE-2019-5809, CVE-2019-5810, CVE-2019-5811, CVE-2019-5812, CVE-2019-5813, CVE-2019-5814, CVE-2019-5815, CVE-2019-5816, CVE-2019-5817, CVE-2019-5818, CVE-2019-5819, CVE-2019-5820, CVE-2019-5821, CVE-2019-5822, CVE-2019-5823, CVE-2019-5824, CVE-2019-5827, CVE-2019-5828, CVE-2019-5829, CVE-2019-5830, CVE-2019-5831, CVE-2019-5832, CVE-2019-5833, CVE-2019-5834, CVE-2019-5835, CVE-2019-5836, CVE-2019-5837, CVE-2019-5838, CVE-2019-5839, CVE-2019-5840, CVE-2019-5842