[openSUSE-SU-2019:1666-1] Security update for chromium
Severity
Important
Affected Packages
16
CVEs
53
Security update for chromium
This update for chromium fixes the following issues:
Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287):
- CVE-2019-5842: Use-after-free in Blink.
Also updated to 75.0.3770.80 boo#1137332:
- CVE-2019-5828: Use after free in ServiceWorker
- CVE-2019-5829: Use after free in Download Manager
- CVE-2019-5830: Incorrectly credentialed requests in CORS
- CVE-2019-5831: Incorrect map processing in V8
- CVE-2019-5832: Incorrect CORS handling in XHR
- CVE-2019-5833: Inconsistent security UI placemen
- CVE-2019-5835: Out of bounds read in Swiftshader
- CVE-2019-5836: Heap buffer overflow in Angle
- CVE-2019-5837: Cross-origin resources size disclosure in Appcache
- CVE-2019-5838: Overly permissive tab access in Extensions
- CVE-2019-5839: Incorrect handling of certain code points in Blink
- CVE-2019-5840: Popup blocker bypass
- Various fixes from internal audits, fuzzing and other initiatives
- CVE-2019-5834: URL spoof in Omnibox on iOS
Update to 74.0.3729.169:
- Feature fixes update only
Update to 74.0.3729.157:
- Various security fixes from internal audits, fuzzing and other initiatives
Includes security fixes from 74.0.3729.131 (boo#1134218):
- CVE-2019-5827: Out-of-bounds access in SQLite
- CVE-2019-5824: Parameter passing error in media player
Update to 74.0.3729.108 boo#1133313:
- CVE-2019-5805: Use after free in PDFium
- CVE-2019-5806: Integer overflow in Angle
- CVE-2019-5807: Memory corruption in V8
- CVE-2019-5808: Use after free in Blink
- CVE-2019-5809: Use after free in Blink
- CVE-2019-5810: User information disclosure in Autofill
- CVE-2019-5811: CORS bypass in Blink
- CVE-2019-5813: Out of bounds read in V8
- CVE-2019-5814: CORS bypass in Blink
- CVE-2019-5815: Heap buffer overflow in Blink
- CVE-2019-5818: Uninitialized value in media reader
- CVE-2019-5819: Incorrect escaping in developer tools
- CVE-2019-5820: Integer overflow in PDFium
- CVE-2019-5821: Integer overflow in PDFium
- CVE-2019-5822: CORS bypass in download manager
- CVE-2019-5823: Forced navigation from service worker
- CVE-2019-5812: URL spoof in Omnibox on iOS
- CVE-2019-5816: Exploit persistence extension on Android
- CVE-2019-5817: Heap buffer overflow in Angle on Windows
Update to 73.0.3686.103:
* Various feature fixes
Update to 73.0.3683.86:
Just feature fixes around
Update conditions to use system harfbuzz on TW+
Require java during build
Enable using pipewire when available
Rebase chromium-vaapi.patch to match up the Fedora one
Update to 73.0.3683.75 boo#1129059:
- CVE-2019-5787: Use after free in Canvas.
- CVE-2019-5788: Use after free in FileAPI.
- CVE-2019-5789: Use after free in WebMIDI.
- CVE-2019-5790: Heap buffer overflow in V8.
- CVE-2019-5791: Type confusion in V8.
- CVE-2019-5792: Integer overflow in PDFium.
- CVE-2019-5793: Excessive permissions for private API in Extensions.
- CVE-2019-5794: Security UI spoofing.
- CVE-2019-5795: Integer overflow in PDFium.
- CVE-2019-5796: Race condition in Extensions.
- CVE-2019-5797: Race condition in DOMStorage.
- CVE-2019-5798: Out of bounds read in Skia.
- CVE-2019-5799: CSP bypass with blob URL.
- CVE-2019-5800: CSP bypass with blob URL.
- CVE-2019-5801: Incorrect Omnibox display on iOS.
- CVE-2019-5802: Security UI spoofing.
- CVE-2019-5803: CSP bypass with Javascript URLs'.
- CVE-2019-5804: Command line command injection on Windows.
- ID
- openSUSE-SU-2019:1666-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV
- Published
-
2019-06-28T12:43:15
(5 years ago) - Modified
-
2019-06-28T12:43:15
(5 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS2-2019-1229
-
ALPINE:CVE-2019-5798
-
ALSA-2021:4396
-
ASA-201903-8
-
ASA-201904-12
-
ASA-201905-8
-
ASA-201906-11
-
ASA-201906-4
-
DSA-4421-1
-
DSA-4448-1
-
DSA-4451-1
-
DSA-4500-1
-
ELSA-2019-1265
-
ELSA-2019-1267
-
ELSA-2019-1269
-
ELSA-2019-1308
-
ELSA-2019-1309
-
ELSA-2019-1310
-
ELSA-2021-4396
-
FEDORA-2019-02b81266b7
-
FEDORA-2019-05a780936d
-
FEDORA-2019-3377813d18
-
FEDORA-2019-561eae4626
-
FEDORA-2019-8641591b3c
-
FEDORA-2019-8fb8240d14
-
FEDORA-2019-a01751837d
-
FEDORA-2019-a1af621faf
-
FEDORA-2019-b1636e0b70
-
FEDORA-2019-e5ff5d0ffd
-
FREEBSD:D4FC4599-8F75-11E9-8D9F-3065EC8FD3EC
-
GLSA-201903-23
-
GLSA-201908-18
-
GLSA-202003-16
-
MFSA-2019-14
-
MFSA-2019-15
-
openSUSE-SU-2019:1062-1
-
openSUSE-SU-2019:1325-1
-
openSUSE-SU-2019:1436-1
-
openSUSE-SU-2019:1456-1
-
openSUSE-SU-2019:1488-1
-
openSUSE-SU-2019:1534-1
-
openSUSE-SU-2019:1557-1
-
openSUSE-SU-2019:1558-1
-
openSUSE-SU-2019:1664-1
-
RHSA-2019:0708
-
RHSA-2019:1021
-
RHSA-2019:1243
-
RHSA-2019:1265
-
RHSA-2019:1267
-
RHSA-2019:1269
-
RHSA-2019:1308
-
RHSA-2019:1309
-
RHSA-2019:1310
-
RHSA-2019:1477
-
RHSA-2019:1553
-
RHSA-2021:4396
-
RLSA-2021:4396
-
RUBYSEC:NOKOGIRI-2019-5815
-
SSA:2019-141-01
-
SUSE-SU-2019:1458-1
-
USN-3997-1
-
USN-4205-1
-
USN-5575-1
-
USN-5575-2
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-leap-15.1 | opensuse |
 chromium
|
< 75.0.3770.90-bp150.213.3 | opensuse-leap-15.1 | x86_64 | |
| Affected | pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
chromium
|
< 75.0.3770.90-bp150.213.3 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-15&repo=suse-package-hub | opensuse |
chromium
|
< 75.0.3770.90-bp150.213.3 | opensuse-15 | x86_64 | |
| Affected | pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse |
chromium
|
< 75.0.3770.90-bp150.213.3 | opensuse-12 | x86_64 | |
| Affected | pkg:rpm/opensuse/chromium?arch=aarch64&distro=opensuse-leap-15.1 | opensuse |
chromium
|
< 75.0.3770.90-bp150.213.3 | opensuse-leap-15.1 | aarch64 | |
| Affected | pkg:rpm/opensuse/chromium?arch=aarch64&distro=opensuse-leap-15.0 | opensuse |
chromium
|
< 75.0.3770.90-bp150.213.3 | opensuse-leap-15.0 | aarch64 | |
| Affected | pkg:rpm/opensuse/chromium?arch=aarch64&distro=opensuse-15&repo=suse-package-hub | opensuse |
chromium
|
< 75.0.3770.90-bp150.213.3 | opensuse-15 | aarch64 | |
| Affected | pkg:rpm/opensuse/chromium?arch=aarch64&distro=opensuse-12&repo=suse-package-hub | opensuse |
chromium
|
< 75.0.3770.90-bp150.213.3 | opensuse-12 | aarch64 | |
| Affected | pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-leap-15.1 | opensuse |
chromedriver
|
< 75.0.3770.90-bp150.213.3 | opensuse-leap-15.1 | x86_64 | |
| Affected | pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-leap-15.0 | opensuse |
chromedriver
|
< 75.0.3770.90-bp150.213.3 | opensuse-leap-15.0 | x86_64 | |
| Affected | pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-15&repo=suse-package-hub | opensuse |
chromedriver
|
< 75.0.3770.90-bp150.213.3 | opensuse-15 | x86_64 | |
| Affected | pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse |
chromedriver
|
< 75.0.3770.90-bp150.213.3 | opensuse-12 | x86_64 | |
| Affected | pkg:rpm/opensuse/chromedriver?arch=aarch64&distro=opensuse-leap-15.1 | opensuse |
chromedriver
|
< 75.0.3770.90-bp150.213.3 | opensuse-leap-15.1 | aarch64 | |
| Affected | pkg:rpm/opensuse/chromedriver?arch=aarch64&distro=opensuse-leap-15.0 | opensuse |
chromedriver
|
< 75.0.3770.90-bp150.213.3 | opensuse-leap-15.0 | aarch64 | |
| Affected | pkg:rpm/opensuse/chromedriver?arch=aarch64&distro=opensuse-15&repo=suse-package-hub | opensuse |
chromedriver
|
< 75.0.3770.90-bp150.213.3 | opensuse-15 | aarch64 | |
| Affected | pkg:rpm/opensuse/chromedriver?arch=aarch64&distro=opensuse-12&repo=suse-package-hub | opensuse |
chromedriver
|
< 75.0.3770.90-bp150.213.3 | opensuse-12 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |