Debian Security Advisory
DSA-4395-1 chromium -- security update
- Date Reported:
- 18 Feb 2019
- Affected Packages:
- chromium
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-17481, CVE-2019-5754, CVE-2019-5755, CVE-2019-5756, CVE-2019-5757, CVE-2019-5758, CVE-2019-5759, CVE-2019-5760, CVE-2019-5762, CVE-2019-5763, CVE-2019-5764, CVE-2019-5765, CVE-2019-5766, CVE-2019-5767, CVE-2019-5768, CVE-2019-5769, CVE-2019-5770, CVE-2019-5772, CVE-2019-5773, CVE-2019-5774, CVE-2019-5775, CVE-2019-5776, CVE-2019-5777, CVE-2019-5778, CVE-2019-5779, CVE-2019-5780, CVE-2019-5781, CVE-2019-5782, CVE-2019-5783, CVE-2019-5784.
- More information:
-
Several vulnerabilities have been discovered in the chromium web browser.
- CVE-2018-17481
A use-after-free issue was discovered in the pdfium library.
- CVE-2019-5754
Klzgrad discovered an error in the QUIC networking implementation.
- CVE-2019-5755
Jay Bosamiya discovered an implementation error in the v8 javascript library.
- CVE-2019-5756
A use-after-free issue was discovered in the pdfium library.
- CVE-2019-5757
Alexandru Pitis discovered a type confusion error in the SVG image format implementation.
- CVE-2019-5758
Zhe Jin discovered a use-after-free issue in blink/webkit.
- CVE-2019-5759
Almog Benin discovered a use-after-free issue when handling HTML pages containing select elements.
- CVE-2019-5760
Zhe Jin discovered a use-after-free issue in the WebRTC implementation.
- CVE-2019-5762
A use-after-free issue was discovered in the pdfium library.
- CVE-2019-5763
Guang Gon discovered an input validation error in the v8 javascript library.
- CVE-2019-5764
Eyal Itkin discovered a use-after-free issue in the WebRTC implementation.
- CVE-2019-5765
Sergey Toshin discovered a policy enforcement error.
- CVE-2019-5766
David Erceg discovered a policy enforcement error.
- CVE-2019-5767
Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao reported an error in the WebAPKs user interface.
- CVE-2019-5768
Rob Wu discovered a policy enforcement error in the developer tools.
- CVE-2019-5769
Guy Eshel discovered an input validation error in blink/webkit.
- CVE-2019-5770
hemidallt discovered a buffer overflow issue in the WebGL implementation.
- CVE-2019-5772
Zhen Zhou discovered a use-after-free issue in the pdfium library.
- CVE-2019-5773
Yongke Wong discovered an input validation error in the IndexDB implementation.
- CVE-2019-5774
Junghwan Kang and Juno Im discovered an input validation error in the SafeBrowsing implementation.
- CVE-2019-5775
evil1m0 discovered a policy enforcement error.
- CVE-2019-5776
Lnyas Zhang discovered a policy enforcement error.
- CVE-2019-5777
Khalil Zhani discovered a policy enforcement error.
- CVE-2019-5778
David Erceg discovered a policy enforcement error in the Extensions implementation.
- CVE-2019-5779
David Erceg discovered a policy enforcement error in the ServiceWorker implementation.
- CVE-2019-5780
Andreas Hegenberg discovered a policy enforcement error.
- CVE-2019-5781
evil1m0 discovered a policy enforcement error.
- CVE-2019-5782
Qixun Zhao discovered an implementation error in the v8 javascript library.
- CVE-2019-5783
Shintaro Kobori discovered an input validation error in the developer tools.
- CVE-2019-5784
Lucas Pinheiro discovered an implementation error in the v8 javascript library.
For the stable distribution (stretch), these problems have been fixed in version 72.0.3626.96-1~deb9u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium
- CVE-2018-17481