Plugins Database As of 12-14-2019

Debian Security Advisory DSA 4562-1 (chromium - security update)

Debian Local Security Checks
Impact by CVSS Score
  • ID: 1.3.6.1.4.1.25623.1.0.704562

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Summary:
The remote host is missing an update for the 'chromium' Linux Distribution Package(s) announced via the DSA-4562-1 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5869 Zhe Jin discovered a use-after-free issue. CVE-2019-5870 Guang Gong discovered a use-after-free issue. CVE-2019-5871 A buffer overflow issue was discovered in the skia library. CVE-2019-5872 Zhe Jin discovered a use-after-free issue. CVE-2019-5874 James Lee discovered an issue with external Uniform Resource Identifiers. CVE-2019-5875 Khalil Zhani discovered a URL spoofing issue. CVE-2019-5876 Man Yue Mo discovered a use-after-free issue. CVE-2019-5877 Guang Gong discovered an out-of-bounds read issue. CVE-2019-5878 Guang Gong discovered an use-after-free issue in the v8 javascript library. CVE-2019-5879 Jinseo Kim discover that extensions could read files on the local system. CVE-2019-5880 Jun Kokatsu discovered a way to bypass the SameSite cookie feature. CVE-2019-13659 Lnyas Zhang discovered a URL spoofing issue. CVE-2019-13660 Wenxu Wu discovered a user interface error in full screen mode. CVE-2019-13661 Wenxu Wu discovered a user interface spoofing issue in full screen mode. CVE-2019-13662 David Erceg discovered a way to bypass the Content Security Policy. CVE-2019-13663 Lnyas Zhang discovered a way to spoof Internationalized Domain Names. CVE-2019-13664 Thomas Shadwell discovered a way to bypass the SameSite cookie feature. CVE-2019-13665 Jun Kokatsu discovered a way to bypass the multiple file download protection feature. CVE-2019-13666 Tom Van Goethem discovered an information leak. CVE-2019-13667 Khalil Zhani discovered a URL spoofing issue. CVE-2019-13668 David Erceg discovered an information leak. CVE-2019-13669 Khalil Zhani discovered an authentication spoofing issue. CVE-2019-13670 Guang Gong discovered a memory corruption issue in the v8 javascript library. CVE-2019-13671 xisigr discovered a user interface error. CVE-2019-13673 David Erceg discovered an information leak. CVE-2019-13674 Khalil Zhani discovered a way to spoof Internationalized Domain Names. CVE-2019-13675 Jun Kokatsu discovered a way to disable extensions. CVE-2019-13676 Wenxu Wu discovered an error in a certificate warning. CVE-2019-13677 Jun Kokatsu discovered an error in the chrome web store. CVE-2019-13678 Ronni Skansing discovered a spoofing issue in the download dialog window. CVE-2019-13679 Conrad Irwin discovered that user activation was not required for printing. CVE-2019-13680 Thijs Alkamade discovered an IP address spoofing issue. CVE-2019-13681 David Erceg discovered a way to bypass download restrictions. CVE-2019-13682 Jun Kokatsu discovered a way to bypass the site iso ... Description truncated. Please see the references for more information.

Affected Versions:
'chromium' Linux Distribution Package(s) on Debian Linux.

Recommendations:
For the oldstable distribution (stretch), support for chromium has been discontinued. Please upgrade to the stable release (buster) to continue receiving chromium updates or switch to firefox, which continues to be supported in the oldstable release. For the stable distribution (buster), these problems have been fixed in version 78.0.3904.97-1~deb10u1. We recommend that you upgrade your chromium Linux Distribution Packages.

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

Search
Severity
Medium
CVSS Score
5.0
Published
2019-11-12 03:00:49
Modified
2019-11-12 03:00:49
CVE
CVE-2019-13659
CVE-2019-13660
CVE-2019-13661
CVE-2019-13662
CVE-2019-13663
CVE-2019-13664
CVE-2019-13665
CVE-2019-13666
CVE-2019-13667
CVE-2019-13668
CVE-2019-13669
CVE-2019-13670
CVE-2019-13671
CVE-2019-13673
CVE-2019-13674
CVE-2019-13675
CVE-2019-13676
CVE-2019-13677
CVE-2019-13678
CVE-2019-13679
CVE-2019-13680
CVE-2019-13681
CVE-2019-13682
CVE-2019-13683
CVE-2019-13685
CVE-2019-13686
CVE-2019-13687
CVE-2019-13688
CVE-2019-13691
CVE-2019-13692
CVE-2019-13693
CVE-2019-13694
CVE-2019-13695
CVE-2019-13696
CVE-2019-13697
CVE-2019-13699
CVE-2019-13700
CVE-2019-13701
CVE-2019-13702
CVE-2019-13703
CVE-2019-13704
CVE-2019-13705
CVE-2019-13706
CVE-2019-13707
CVE-2019-13708
CVE-2019-13709
CVE-2019-13710
CVE-2019-13711
CVE-2019-13713
CVE-2019-13714
CVE-2019-13715
CVE-2019-13716
CVE-2019-13717
CVE-2019-13718
CVE-2019-13719
CVE-2019-13720
CVE-2019-13721
CVE-2019-5869
CVE-2019-5870
CVE-2019-5871
CVE-2019-5872
CVE-2019-5874
CVE-2019-5875
CVE-2019-5876
CVE-2019-5877
CVE-2019-5878
CVE-2019-5879
CVE-2019-5880

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.