Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title chromium security update
Informations
Name DSA-4500 First vendor Publication 2019-08-12
Vendor Debian Last vendor Modification 2019-08-12
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2019-5805

A use-after-free issue was discovered in the pdfium library.

CVE-2019-5806

Wen Xu discovered an integer overflow issue in the Angle library.

CVE-2019-5807

TimGMichaud discovered a memory corruption issue in the v8 javascript library.

CVE-2019-5808

cloudfuzzer discovered a use-after-free issue in Blink/Webkit.

CVE-2019-5809

Mark Brand discovered a use-after-free issue in Blink/Webkit.

CVE-2019-5810

Mark Amery discovered an information disclosure issue.

CVE-2019-5811

Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing feature.

CVE-2019-5813

Aleksandar Nikolic discovered an out-of-bounds read issue in the v8 javascript library.

CVE-2019-5814

@AaylaSecura1138 discovered a way to bypass the Cross-Origin Resource Sharing feature.

CVE-2019-5815

Nicolas Grégoire discovered a buffer overflow issue in Blink/Webkit.

CVE-2019-5818

Adrian Tolbaru discovered an uninitialized value issue.

CVE-2019-5819

Svyat Mitin discovered an error in the developer tools.

CVE-2019-5820

pdknsk discovered an integer overflow issue in the pdfium library.

CVE-2019-5821

pdknsk discovered another integer overflow issue in the pdfium library.

CVE-2019-5822

Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing feature.

CVE-2019-5823

David Erceg discovered a navigation error.

CVE-2019-5824

leecraso and Guang Gong discovered an error in the media player.

CVE-2019-5825

Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered an out-of-bounds write issue in the v8 javascript library.

CVE-2019-5826

Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered a use-after-free issue.

CVE-2019-5827

mlfbrown discovered an out-of-bounds read issue in the sqlite library.

CVE-2019-5828

leecraso and Guang Gong discovered a use-after-free issue.

CVE-2019-5829

Lucas Pinheiro discovered a use-after-free issue.

CVE-2019-5830

Andrew Krashichkov discovered a credential error in the Cross-Origin Resource Sharing feature.

CVE-2019-5831

yngwei discovered a map error in the v8 javascript library.

CVE-2019-5832

Sergey Shekyan discovered an error in the Cross-Origin Resource Sharing feature.

CVE-2019-5833

Khalil Zhani discovered a user interface error.

CVE-2019-5834

Khalil Zhani discovered a URL spoofing issue.

CVE-2019-5836

Omair discovered a buffer overflow issue in the Angle library.

CVE-2019-5837

Adam Iawniuk discovered an information disclosure issue.

CVE-2019-5838

David Erceg discovered an error in extension permissions.

CVE-2019-5839

Masato Kinugawa discovered implementation errors in Blink/Webkit.

CVE-2019-5840

Eliya Stein and Jerome Dangu discovered a way to bypass the popup blocker.

CVE-2019-5842

BUGFENSE discovered a use-after-free issue in Blink/Webkit.

CVE-2019-5847

m3plex discovered an error in the v8 javascript library.

CVE-2019-5848

Mark Amery discovered an information disclosure issue.

CVE-2019-5849

Zhen Zhou discovered an out-of-bounds read in the Skia library.

CVE-2019-5850

Brendon Tiszka discovered a use-after-free issue in the offline page fetcher.

CVE-2019-5851

Zhe Jin discovered a use-after-poison issue.

CVE-2019-5852

David Erceg discovered an information disclosure issue.

CVE-2019-5853

Yngwei and sakura discovered a memory corruption issue.

CVE-2019-5854

Zhen Zhou discovered an integer overflow issue in the pdfium library.

CVE-2019-5855

Zhen Zhou discovered an integer overflow issue in the pdfium library.

CVE-2019-5856

Yongke Wang discovered an error related to file system URL permissions.

CVE-2019-5857

cloudfuzzer discovered a way to crash chromium.

CVE-2019-5858

evil1m0 discovered an information disclosure issue.

CVE-2019-5859

James Lee discovered a way to launch alternative browsers.

CVE-2019-5860

A use-after-free issue was discovered in the v8 javascript library.

CVE-2019-5861

Robin Linus discovered an error determining click location.

CVE-2019-5862

Jun Kokatsu discovered an error in the AppCache implementation.

CVE-2019-5864

Devin Grindle discovered an error in the Cross-Origin Resourse Sharing feature for extensions.

CVE-2019-5865

Ivan Fratric discovered a way to bypass the site isolation feature.

CVE-2019-5867

Lucas Pinheiro discovered an out-of-bounds read issue in the v8 javascript library.

CVE-2019-5868

banananapenguin discovered a use-after-free issue in the v8 javascript library.

For the stable distribution (buster), these problems have been fixed in version 76.0.3809.100-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium

Original Source

Url : http://www.debian.org/security/2019/dsa-4500

CWE : Common Weakness Enumeration

% Id Name
35 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
16 % CWE-416 Use After Free
16 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)
13 % CWE-20 Improper Input Validation
3 % CWE-601 URL Redirection to Untrusted Site ('Open Redirect') (CWE/SANS Top 25)
3 % CWE-362 Race Condition
3 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
3 % CWE-312 Cleartext Storage of Sensitive Information
3 % CWE-284 Access Control (Authorization) Issues
3 % CWE-19 Data Handling

CPE : Common Platform Enumeration

TypeDescriptionCount
Application