Executive Summary
Summary | |
---|---|
Title | chromium security update |
Informations | |||
---|---|---|---|
Name | DSA-4500 | First vendor Publication | 2019-08-12 |
Vendor | Debian | Last vendor Modification | 2019-08-12 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5805 A use-after-free issue was discovered in the pdfium library. CVE-2019-5806 Wen Xu discovered an integer overflow issue in the Angle library. CVE-2019-5807 TimGMichaud discovered a memory corruption issue in the v8 javascript library. CVE-2019-5808 cloudfuzzer discovered a use-after-free issue in Blink/Webkit. CVE-2019-5809 Mark Brand discovered a use-after-free issue in Blink/Webkit. CVE-2019-5810 Mark Amery discovered an information disclosure issue. CVE-2019-5811 Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing feature. CVE-2019-5813 Aleksandar Nikolic discovered an out-of-bounds read issue in the v8 javascript library. CVE-2019-5814 @AaylaSecura1138 discovered a way to bypass the Cross-Origin Resource Sharing feature. CVE-2019-5815 Nicolas Grégoire discovered a buffer overflow issue in Blink/Webkit. CVE-2019-5818 Adrian Tolbaru discovered an uninitialized value issue. CVE-2019-5819 Svyat Mitin discovered an error in the developer tools. CVE-2019-5820 pdknsk discovered an integer overflow issue in the pdfium library. CVE-2019-5821 pdknsk discovered another integer overflow issue in the pdfium library. CVE-2019-5822 Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing feature. CVE-2019-5823 David Erceg discovered a navigation error. CVE-2019-5824 leecraso and Guang Gong discovered an error in the media player. CVE-2019-5825 Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered an out-of-bounds write issue in the v8 javascript library. CVE-2019-5826 Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered a use-after-free issue. CVE-2019-5827 mlfbrown discovered an out-of-bounds read issue in the sqlite library. CVE-2019-5828 leecraso and Guang Gong discovered a use-after-free issue. CVE-2019-5829 Lucas Pinheiro discovered a use-after-free issue. CVE-2019-5830 Andrew Krashichkov discovered a credential error in the Cross-Origin Resource Sharing feature. CVE-2019-5831 yngwei discovered a map error in the v8 javascript library. CVE-2019-5832 Sergey Shekyan discovered an error in the Cross-Origin Resource Sharing feature. CVE-2019-5833 Khalil Zhani discovered a user interface error. CVE-2019-5834 Khalil Zhani discovered a URL spoofing issue. CVE-2019-5836 Omair discovered a buffer overflow issue in the Angle library. CVE-2019-5837 Adam Iawniuk discovered an information disclosure issue. CVE-2019-5838 David Erceg discovered an error in extension permissions. CVE-2019-5839 Masato Kinugawa discovered implementation errors in Blink/Webkit. CVE-2019-5840 Eliya Stein and Jerome Dangu discovered a way to bypass the popup blocker. CVE-2019-5842 BUGFENSE discovered a use-after-free issue in Blink/Webkit. CVE-2019-5847 m3plex discovered an error in the v8 javascript library. CVE-2019-5848 Mark Amery discovered an information disclosure issue. CVE-2019-5849 Zhen Zhou discovered an out-of-bounds read in the Skia library. CVE-2019-5850 Brendon Tiszka discovered a use-after-free issue in the offline page fetcher. CVE-2019-5851 Zhe Jin discovered a use-after-poison issue. CVE-2019-5852 David Erceg discovered an information disclosure issue. CVE-2019-5853 Yngwei and sakura discovered a memory corruption issue. CVE-2019-5854 Zhen Zhou discovered an integer overflow issue in the pdfium library. CVE-2019-5855 Zhen Zhou discovered an integer overflow issue in the pdfium library. CVE-2019-5856 Yongke Wang discovered an error related to file system URL permissions. CVE-2019-5857 cloudfuzzer discovered a way to crash chromium. CVE-2019-5858 evil1m0 discovered an information disclosure issue. CVE-2019-5859 James Lee discovered a way to launch alternative browsers. CVE-2019-5860 A use-after-free issue was discovered in the v8 javascript library. CVE-2019-5861 Robin Linus discovered an error determining click location. CVE-2019-5862 Jun Kokatsu discovered an error in the AppCache implementation. CVE-2019-5864 Devin Grindle discovered an error in the Cross-Origin Resourse Sharing feature for extensions. CVE-2019-5865 Ivan Fratric discovered a way to bypass the site isolation feature. CVE-2019-5867 Lucas Pinheiro discovered an out-of-bounds read issue in the v8 javascript library. CVE-2019-5868 banananapenguin discovered a use-after-free issue in the v8 javascript library. For the stable distribution (buster), these problems have been fixed in version 76.0.3809.100-1~deb10u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium |
Original Source
Url : http://www.debian.org/security/2019/dsa-4500 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
38 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
17 % | CWE-416 | Use After Free |
17 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
7 % | CWE-20 | Improper Input Validation |
3 % | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') (CWE/SANS Top 25) |
3 % | CWE-362 | Race Condition |
3 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
3 % | CWE-346 | Origin Validation Error |
3 % | CWE-312 | Cleartext Storage of Sensitive Information |
3 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Alert History
Date | Informations |
---|---|
2019-08-13 09:18:26 |
|