Debian Security Advisory
DSA-4575-1 chromium -- security update
- Date Reported:
- 24 Nov 2019
- Affected Packages:
- chromium
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2019-13723, CVE-2019-13724.
- More information:
-
Several vulnerabilities have been discovered in the chromium web browser.
- CVE-2019-13723
Yuxiang Li discovered a use-after-free issue in the bluetooth service.
- CVE-2019-13724
Yuxiang Li discovered an out-of-bounds read issue in the bluetooth service.
For the oldstable distribution (stretch), security support for the chromium package has been discontinued.
For the stable distribution (buster), these problems have been fixed in version 78.0.3904.108-1~deb10u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium
- CVE-2019-13723