Debian DSA-4500-1 : chromium - security update

high Nessus Plugin ID 127868

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the chromium web browser.

- CVE-2019-5805 A use-after-free issue was discovered in the pdfium library.

- CVE-2019-5806 Wen Xu discovered an integer overflow issue in the Angle library.

- CVE-2019-5807 TimGMichaud discovered a memory corruption issue in the v8 JavaScript library.

- CVE-2019-5808 cloudfuzzer discovered a use-after-free issue in Blink/Webkit.

- CVE-2019-5809 Mark Brand discovered a use-after-free issue in Blink/Webkit.

- CVE-2019-5810 Mark Amery discovered an information disclosure issue.

- CVE-2019-5811 Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing feature.

- CVE-2019-5813 Aleksandar Nikolic discovered an out-of-bounds read issue in the v8 JavaScript library.

- CVE-2019-5814 @AaylaSecura1138 discovered a way to bypass the Cross-Origin Resource Sharing feature.

- CVE-2019-5815 Nicolas Gregoire discovered a buffer overflow issue in Blink/Webkit.

- CVE-2019-5818 Adrian Tolbaru discovered an uninitialized value issue.

- CVE-2019-5819 Svyat Mitin discovered an error in the developer tools.

- CVE-2019-5820 pdknsk discovered an integer overflow issue in the pdfium library.

- CVE-2019-5821 pdknsk discovered another integer overflow issue in the pdfium library.

- CVE-2019-5822 Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing feature.

- CVE-2019-5823 David Erceg discovered a navigation error.

- CVE-2019-5824 leecraso and Guang Gong discovered an error in the media player.

- CVE-2019-5825 Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered an out-of-bounds write issue in the v8 JavaScript library.

- CVE-2019-5826 Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered a use-after-free issue.

- CVE-2019-5827 mlfbrown discovered an out-of-bounds read issue in the sqlite library.

- CVE-2019-5828 leecraso and Guang Gong discovered a use-after-free issue.

- CVE-2019-5829 Lucas Pinheiro discovered a use-after-free issue.

- CVE-2019-5830 Andrew Krashichkov discovered a credential error in the Cross-Origin Resource Sharing feature.

- CVE-2019-5831 yngwei discovered a map error in the v8 JavaScript library.

- CVE-2019-5832 Sergey Shekyan discovered an error in the Cross-Origin Resource Sharing feature.

- CVE-2019-5833 Khalil Zhani discovered a user interface error.

- CVE-2019-5834 Khalil Zhani discovered a URL spoofing issue.

- CVE-2019-5836 Omair discovered a buffer overflow issue in the Angle library.

- CVE-2019-5837 Adam Iawniuk discovered an information disclosure issue.

- CVE-2019-5838 David Erceg discovered an error in extension permissions.

- CVE-2019-5839 Masato Kinugawa discovered implementation errors in Blink/Webkit.

- CVE-2019-5840 Eliya Stein and Jerome Dangu discovered a way to bypass the popup blocker.

- CVE-2019-5842 BUGFENSE discovered a use-after-free issue in Blink/Webkit.

- CVE-2019-5847 m3plex discovered an error in the v8 JavaScript library.

- CVE-2019-5848 Mark Amery discovered an information disclosure issue.

- CVE-2019-5849 Zhen Zhou discovered an out-of-bounds read in the Skia library.

- CVE-2019-5850 Brendon Tiszka discovered a use-after-free issue in the offline page fetcher.

- CVE-2019-5851 Zhe Jin discovered a use-after-poison issue.

- CVE-2019-5852 David Erceg discovered an information disclosure issue.

- CVE-2019-5853 Yngwei and sakura discovered a memory corruption issue.

- CVE-2019-5854 Zhen Zhou discovered an integer overflow issue in the pdfium library.

- CVE-2019-5855 Zhen Zhou discovered an integer overflow issue in the pdfium library.

- CVE-2019-5856 Yongke Wang discovered an error related to filesystem:
URI permissions.

- CVE-2019-5857 cloudfuzzer discovered a way to crash chromium.

- CVE-2019-5858 evil1m0 discovered an information disclosure issue.

- CVE-2019-5859 James Lee discovered a way to launch alternative browsers.

- CVE-2019-5860 A use-after-free issue was discovered in the v8 JavaScript library.

- CVE-2019-5861 Robin Linus discovered an error determining click location.

- CVE-2019-5862 Jun Kokatsu discovered an error in the AppCache implementation.

- CVE-2019-5864 Devin Grindle discovered an error in the Cross-Origin Resourse Sharing feature for extensions.

- CVE-2019-5865 Ivan Fratric discovered a way to bypass the site isolation feature.

- CVE-2019-5867 Lucas Pinheiro discovered an out-of-bounds read issue in the v8 JavaScript library.

- CVE-2019-5868 banananapenguin discovered a use-after-free issue in the v8 JavaScript library.

Solution

Upgrade the chromium packages.

For the stable distribution (buster), these problems have been fixed in version 76.0.3809.100-1~deb10u1.

See Also

https://security-tracker.debian.org/tracker/CVE-2019-5805

https://security-tracker.debian.org/tracker/CVE-2019-5806

https://security-tracker.debian.org/tracker/CVE-2019-5807

https://security-tracker.debian.org/tracker/CVE-2019-5808

https://security-tracker.debian.org/tracker/CVE-2019-5809

https://security-tracker.debian.org/tracker/CVE-2019-5810

https://security-tracker.debian.org/tracker/CVE-2019-5811

https://security-tracker.debian.org/tracker/CVE-2019-5813

https://security-tracker.debian.org/tracker/CVE-2019-5814

https://security-tracker.debian.org/tracker/CVE-2019-5815

https://security-tracker.debian.org/tracker/CVE-2019-5818

https://security-tracker.debian.org/tracker/CVE-2019-5819

https://security-tracker.debian.org/tracker/CVE-2019-5820

https://security-tracker.debian.org/tracker/CVE-2019-5821

https://security-tracker.debian.org/tracker/CVE-2019-5822

https://security-tracker.debian.org/tracker/CVE-2019-5823

https://security-tracker.debian.org/tracker/CVE-2019-5824

https://security-tracker.debian.org/tracker/CVE-2019-5825

https://security-tracker.debian.org/tracker/CVE-2019-5826

https://security-tracker.debian.org/tracker/CVE-2019-5827

https://security-tracker.debian.org/tracker/CVE-2019-5828

https://security-tracker.debian.org/tracker/CVE-2019-5829

https://security-tracker.debian.org/tracker/CVE-2019-5830

https://security-tracker.debian.org/tracker/CVE-2019-5831

https://security-tracker.debian.org/tracker/CVE-2019-5832

https://security-tracker.debian.org/tracker/CVE-2019-5833

https://security-tracker.debian.org/tracker/CVE-2019-5834

https://security-tracker.debian.org/tracker/CVE-2019-5836

https://security-tracker.debian.org/tracker/CVE-2019-5837

https://security-tracker.debian.org/tracker/CVE-2019-5838

https://security-tracker.debian.org/tracker/CVE-2019-5839

https://security-tracker.debian.org/tracker/CVE-2019-5840

https://security-tracker.debian.org/tracker/CVE-2019-5842

https://security-tracker.debian.org/tracker/CVE-2019-5847

https://security-tracker.debian.org/tracker/CVE-2019-5848

https://security-tracker.debian.org/tracker/CVE-2019-5849

https://security-tracker.debian.org/tracker/CVE-2019-5850

https://security-tracker.debian.org/tracker/CVE-2019-5851

https://security-tracker.debian.org/tracker/CVE-2019-5852

https://security-tracker.debian.org/tracker/CVE-2019-5853

https://security-tracker.debian.org/tracker/CVE-2019-5854

https://security-tracker.debian.org/tracker/CVE-2019-5855

https://security-tracker.debian.org/tracker/CVE-2019-5856

https://security-tracker.debian.org/tracker/CVE-2019-5857

https://security-tracker.debian.org/tracker/CVE-2019-5858

https://security-tracker.debian.org/tracker/CVE-2019-5859

https://security-tracker.debian.org/tracker/CVE-2019-5860

https://security-tracker.debian.org/tracker/CVE-2019-5861

https://security-tracker.debian.org/tracker/CVE-2019-5862

https://security-tracker.debian.org/tracker/CVE-2019-5864

https://security-tracker.debian.org/tracker/CVE-2019-5865

https://security-tracker.debian.org/tracker/CVE-2019-5867

https://security-tracker.debian.org/tracker/CVE-2019-5868

https://security-tracker.debian.org/tracker/source-package/chromium

https://packages.debian.org/source/buster/chromium

https://www.debian.org/security/2019/dsa-4500

Plugin Details

Severity: High

ID: 127868

File Name: debian_DSA-4500.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/14/2019

Updated: 3/9/2020

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information

CVSS Score Source: CVE-2019-5859

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:F/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:chromium, cpe:/o:debian:debian_linux:10.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/12/2019

Vulnerability Publication Date: 6/27/2019

Exploitable With

Metasploit (Google Chrome 72 and 73 Array.map exploit)

Reference Information

CVE: CVE-2019-5805, CVE-2019-5806, CVE-2019-5807, CVE-2019-5808, CVE-2019-5809, CVE-2019-5810, CVE-2019-5811, CVE-2019-5813, CVE-2019-5814, CVE-2019-5815, CVE-2019-5818, CVE-2019-5819, CVE-2019-5820, CVE-2019-5821, CVE-2019-5822, CVE-2019-5823, CVE-2019-5824, CVE-2019-5825, CVE-2019-5826, CVE-2019-5827, CVE-2019-5828, CVE-2019-5829, CVE-2019-5830, CVE-2019-5831, CVE-2019-5832, CVE-2019-5833, CVE-2019-5834, CVE-2019-5836, CVE-2019-5837, CVE-2019-5838, CVE-2019-5839, CVE-2019-5840, CVE-2019-5842, CVE-2019-5847, CVE-2019-5848, CVE-2019-5849, CVE-2019-5850, CVE-2019-5851, CVE-2019-5852, CVE-2019-5853, CVE-2019-5854, CVE-2019-5855, CVE-2019-5856, CVE-2019-5857, CVE-2019-5858, CVE-2019-5859, CVE-2019-5860, CVE-2019-5861, CVE-2019-5862, CVE-2019-5864, CVE-2019-5865, CVE-2019-5867, CVE-2019-5868

DSA: 4500