OPENSUSE-SU-2019:1666-1
Vulnerability Summary
Timeline
Description
Security update for chromium This update for chromium fixes the following issues: Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287): * CVE-2019-5842: Use-after-free in Blink. Also updated to 75.0.3770.80 boo#1137332: * CVE-2019-5828: Use after free in ServiceWorker * CVE-2019-5829: Use after free in Download Manager * CVE-2019-5830: Incorrectly credentialed requests in CORS * CVE-2019-5831: Incorrect map processing in V8 * CVE-2019-5832: Incorrect CORS handling in XHR * CVE-2019-5833: Inconsistent security UI placemen * CVE-2019-5835: Out of bounds read in Swiftshader * CVE-2019-5836: Heap buffer overflow in Angle * CVE-2019-5837: Cross-origin resources size disclosure in Appcache * CVE-2019-5838: Overly permissive tab access in Extensions * CVE-2019-5839: Incorrect handling of certain code points in Blink * CVE-2019-5840: Popup blocker bypass * Various fixes from internal audits, fuzzing and other initiatives * CVE-2019-5834: URL spoof in Omnibox on iOS Update to 74.0.3729.169: * Feature fixes update only Update to 74.0.3729.157: * Various security fixes from internal audits, fuzzing and other initiatives Includes security fixes from 74.0.3729.131 (boo#1134218): * CVE-2019-5827: Out-of-bounds access in SQLite * CVE-2019-5824: Parameter passing error in media player Update to 74.0.3729.108 boo#1133313: * CVE-2019-5805: Use after free in PDFium * CVE-2019-5806: Integer overflow in Angle * CVE-2019-5807: Memory corruption in V8 * CVE-2019-5808: Use after free in Blink * CVE-2019-5809: Use after free in Blink * CVE-2019-5810: User information disclosure in Autofill * CVE-2019-5811: CORS bypass in Blink * CVE-2019-5813: Out of bounds read in V8 * CVE-2019-5814: CORS bypass in Blink * CVE-2019-5815: Heap buffer overflow in Blink * CVE-2019-5818: Uninitialized value in media reader * CVE-2019-5819: Incorrect escaping in developer tools * CVE-2019-5820: Integer overflow in PDFium * CVE-2019-5821: Integer overflow in PDFium * CVE-2019-5822: CORS bypass in download manager * CVE-2019-5823: Forced navigation from service worker * CVE-2019-5812: URL spoof in Omnibox on iOS * CVE-2019-5816: Exploit persistence extension on Android * CVE-2019-5817: Heap buffer overflow in Angle on Windows Update to 73.0.3686.103: * Various feature fixes Update to 73.0.3683.86: * Just feature fixes around - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available - Rebase chromium-vaapi.patch to match up the Fedora one Update to 73.0.3683.75 boo#1129059: * CVE-2019-5787: Use after free in Canvas. * CVE-2019-5788: Use after free in FileAPI. * CVE-2019-5789: Use after free in WebMIDI. * CVE-2019-5790: Heap buffer overflow in V8. * CVE-2019-5791: Type confusion in V8. * CVE-2019-5792: Integer overflow in PDFium. * CVE-2019-5793: Excessive permissions for private API in Extensions. * CVE-2019-5794: Security UI spoofing. * CVE-2019-5795: Integer overflow in PDFium. * CVE-2019-5796: Race condition in Extensions. * CVE-2019-5797: Race condition in DOMStorage. * CVE-2019-5798: Out of bounds read in Skia. * CVE-2019-5799: CSP bypass with blob URL. * CVE-2019-5800: CSP bypass with blob URL. * CVE-2019-5801: Incorrect Omnibox display on iOS. * CVE-2019-5802: Security UI spoofing. * CVE-2019-5803: CSP bypass with Javascript URLs'. * CVE-2019-5804: Command line command injection on Windows.
Affected Systems
- opensuse•chromium&distro=openSUSE Leap 15.0
< 75.0.3770.90-bp150.213.3
- opensuse•chromium&distro=openSUSE Leap 15.1
< 75.0.3770.90-bp150.213.3
- suse•chromium&distro=SUSE Package Hub 12 SP3
< 75.0.3770.90-bp150.213.3
- suse•chromium&distro=SUSE Package Hub 15
< 75.0.3770.90-bp150.213.3
References (59)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV
- https://bugzilla.suse.com/1129059
- https://bugzilla.suse.com/1133313
- https://bugzilla.suse.com/1134218
- https://bugzilla.suse.com/1137332
- https://bugzilla.suse.com/1138287
- https://www.suse.com/security/cve/CVE-2019-5787
- https://www.suse.com/security/cve/CVE-2019-5788
- https://www.suse.com/security/cve/CVE-2019-5789
- https://www.suse.com/security/cve/CVE-2019-5790
- https://www.suse.com/security/cve/CVE-2019-5791
- https://www.suse.com/security/cve/CVE-2019-5792
- https://www.suse.com/security/cve/CVE-2019-5793
- https://www.suse.com/security/cve/CVE-2019-5794
- https://www.suse.com/security/cve/CVE-2019-5795
- https://www.suse.com/security/cve/CVE-2019-5796
- https://www.suse.com/security/cve/CVE-2019-5797
- https://www.suse.com/security/cve/CVE-2019-5798
- https://www.suse.com/security/cve/CVE-2019-5799
- https://www.suse.com/security/cve/CVE-2019-5800
- https://www.suse.com/security/cve/CVE-2019-5801
- https://www.suse.com/security/cve/CVE-2019-5802
- https://www.suse.com/security/cve/CVE-2019-5803
- https://www.suse.com/security/cve/CVE-2019-5804
- https://www.suse.com/security/cve/CVE-2019-5805
- https://www.suse.com/security/cve/CVE-2019-5806
- https://www.suse.com/security/cve/CVE-2019-5807
- https://www.suse.com/security/cve/CVE-2019-5808
- https://www.suse.com/security/cve/CVE-2019-5809
- https://www.suse.com/security/cve/CVE-2019-5810
- https://www.suse.com/security/cve/CVE-2019-5811
- https://www.suse.com/security/cve/CVE-2019-5812
- https://www.suse.com/security/cve/CVE-2019-5813
- https://www.suse.com/security/cve/CVE-2019-5814
- https://www.suse.com/security/cve/CVE-2019-5815
- https://www.suse.com/security/cve/CVE-2019-5816
- https://www.suse.com/security/cve/CVE-2019-5817
- https://www.suse.com/security/cve/CVE-2019-5818
- https://www.suse.com/security/cve/CVE-2019-5819
- https://www.suse.com/security/cve/CVE-2019-5820
- https://www.suse.com/security/cve/CVE-2019-5821
- https://www.suse.com/security/cve/CVE-2019-5822
- https://www.suse.com/security/cve/CVE-2019-5823
- https://www.suse.com/security/cve/CVE-2019-5824
- https://www.suse.com/security/cve/CVE-2019-5827
- https://www.suse.com/security/cve/CVE-2019-5828
- https://www.suse.com/security/cve/CVE-2019-5829
- https://www.suse.com/security/cve/CVE-2019-5830
- https://www.suse.com/security/cve/CVE-2019-5831
- https://www.suse.com/security/cve/CVE-2019-5832
- https://www.suse.com/security/cve/CVE-2019-5833
- https://www.suse.com/security/cve/CVE-2019-5834
- https://www.suse.com/security/cve/CVE-2019-5835
- https://www.suse.com/security/cve/CVE-2019-5836
- https://www.suse.com/security/cve/CVE-2019-5837
- https://www.suse.com/security/cve/CVE-2019-5838
- https://www.suse.com/security/cve/CVE-2019-5839
- https://www.suse.com/security/cve/CVE-2019-5840
- https://www.suse.com/security/cve/CVE-2019-5842