Debian Security Advisory DSA-4421-1 chromium security update
Package : chromium
CVE ID : CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790
CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794
CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798
CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2019-5787
Zhe Jin discovered a use-after-free issue.
CVE-2019-5788
Mark Brand discovered a use-after-free issue in the in the FileAPI
implementation.
CVE-2019-5789
Mark Brand discovered a use-after-free issue in the in the WebMIDI
implementation.
CVE-2019-5790
Dimitri Fourny discovered a buffer overflow issue in the v8 javascript
library.
CVE-2019-5791
Choongwoo Han discovered a type confusion issue in the v8 javascript
library.
CVE-2019-5792
pdknsk discovered an integer overflow issue in the pdfium library.
CVE-2019-5793
Jun Kokatsu discovered a permissions issue in the Extensions
implementation.
CVE-2019-5794
Juno Im of Theori discovered a user interface spoofing issue.
CVE-2019-5795
pdknsk discovered an integer overflow issue in the pdfium library.
CVE-2019-5796
Mark Brand discovered a race condition in the Extensions implementation.
CVE-2019-5797
Mark Brand discovered a race condition in the DOMStorage implementation.
CVE-2019-5798
Tran Tien Hung disoceved an out-of-bounds read issue in the skia library.
CVE-2019-5799
sohalt discovered a way to bypass the Content Security Policy.
CVE-2019-5800
Jun Kokatsu discovered a way to bypass the Content Security Policy.
CVE-2019-5802
Ronni Skansing discovered a user interface spoofing issue.
CVE-2019-5803
Andrew Comminos discovered a way to bypass the Content Security Policy.
These problems have been fixed in version 73.0.3683.75-1~deb9u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium