Описание
Security update for chromium
This update for chromium fixes the following issues:
Security update to version 74.0.3729.108 (boo#1133313).
Security issues fixed:
- CVE-2019-5805: Use after free in PDFium
- CVE-2019-5806: Integer overflow in Angle
- CVE-2019-5807: Memory corruption in V8
- CVE-2019-5808: Use after free in Blink
- CVE-2019-5809: Use after free in Blink
- CVE-2019-5810: User information disclosure in Autofill
- CVE-2019-5811: CORS bypass in Blink
- CVE-2019-5813: Out of bounds read in V8
- CVE-2019-5814: CORS bypass in Blink
- CVE-2019-5815: Heap buffer overflow in Blink
- CVE-2019-5818: Uninitialized value in media reader
- CVE-2019-5819: Incorrect escaping in developer tools
- CVE-2019-5820: Integer overflow in PDFium
- CVE-2019-5821: Integer overflow in PDFium
- CVE-2019-5822: CORS bypass in download manager
- CVE-2019-5823: Forced navigation from service worker
Bug fixes:
- Update to 73.0.3686.103:
- Various feature fixes
- Update to 73.0.3683.86:
- Various feature fixes
- Update conditions to use system harfbuzz on TW+
- Require java during build
- Enable using pipewire when available
- Rebase chromium-vaapi.patch to match up the Fedora one
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2019:1324-1
- SUSE Security Ratings
Описание
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Затронутые продукты
Ссылки
- CVE-2019-5805
- SUSE Bug 1133313
Описание
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5806
- SUSE Bug 1133313
Описание
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5807
- SUSE Bug 1133313
Описание
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5808
- SUSE Bug 1133313
Описание
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5809
- SUSE Bug 1133313
Описание
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5810
- SUSE Bug 1133313
Описание
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5811
- SUSE Bug 1133313
Описание
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5813
- SUSE Bug 1133313
Описание
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5814
- SUSE Bug 1133313
Описание
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
Затронутые продукты
Ссылки
- CVE-2019-5815
- SUSE Bug 1133313
Описание
Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.
Затронутые продукты
Ссылки
- CVE-2019-5818
- SUSE Bug 1133313
Описание
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.
Затронутые продукты
Ссылки
- CVE-2019-5819
- SUSE Bug 1133313
Описание
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Затронутые продукты
Ссылки
- CVE-2019-5820
- SUSE Bug 1133313
Описание
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Затронутые продукты
Ссылки
- CVE-2019-5821
- SUSE Bug 1133313
Описание
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5822
- SUSE Bug 1133313
Описание
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5823
- SUSE Bug 1133313