Описание
Security update for chromium
This update for chromium to version 75.0.3770.80 fixes the following issues:
Security issues fixed:
- CVE-2019-5828: Fixed a Use after free in ServiceWorker
- CVE-2019-5829: Fixed Use after free in Download Manager
- CVE-2019-5830: Fixed an incorrectly credentialed requests in CORS
- CVE-2019-5831: Fixed an incorrect map processing in V8
- CVE-2019-5832: Fixed an incorrect CORS handling in XHR
- CVE-2019-5833: Fixed an inconsistent security UI placemen
- CVE-2019-5835: Fixed an out of bounds read in Swiftshader
- CVE-2019-5836: Fixed a heap buffer overflow in Angle
- CVE-2019-5837: Fixed a cross-origin resources size disclosure in Appcache
- CVE-2019-5838: Fixed an overly permissive tab access in Extensions
- CVE-2019-5839: Fixed an incorrect handling of certain code points in Blink
- CVE-2019-5840: Fixed a popup blocker bypass
Список пакетов
openSUSE Leap 15.0
Ссылки
- E-Mail link for openSUSE-SU-2019:1558-1
- SUSE Security Ratings
- SUSE Bug 1137332
- SUSE CVE CVE-2019-5828 page
- SUSE CVE CVE-2019-5829 page
- SUSE CVE CVE-2019-5830 page
- SUSE CVE CVE-2019-5831 page
- SUSE CVE CVE-2019-5832 page
- SUSE CVE CVE-2019-5833 page
- SUSE CVE CVE-2019-5834 page
- SUSE CVE CVE-2019-5835 page
- SUSE CVE CVE-2019-5836 page
- SUSE CVE CVE-2019-5837 page
- SUSE CVE CVE-2019-5838 page
- SUSE CVE CVE-2019-5839 page
- SUSE CVE CVE-2019-5840 page
Описание
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5828
- SUSE Bug 1137332
Описание
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5829
- SUSE Bug 1137332
Описание
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5830
- SUSE Bug 1137332
Описание
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5831
- SUSE Bug 1137332
Описание
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5832
- SUSE Bug 1137332
Описание
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5833
- SUSE Bug 1137332
Описание
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5834
- SUSE Bug 1137332
Описание
Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5835
- SUSE Bug 1137332
Описание
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5836
- SUSE Bug 1137332
Описание
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5837
- SUSE Bug 1137332
Описание
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2019-5838
- SUSE Bug 1137332
Описание
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.
Затронутые продукты
Ссылки
- CVE-2019-5839
- SUSE Bug 1137332
Описание
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2019-5840
- SUSE Bug 1137332