Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 4562-1 (chromium - security update)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'chromium' package(s) announced via the DSA-4562-1 advisory.
Insight
Insight
Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5869 Zhe Jin discovered a use-after-free issue. CVE-2019-5870 Guang Gong discovered a use-after-free issue. CVE-2019-5871 A buffer overflow issue was discovered in the skia library. CVE-2019-5872 Zhe Jin discovered a use-after-free issue. CVE-2019-5874 James Lee discovered an issue with external Uniform Resource Identifiers. CVE-2019-5875 Khalil Zhani discovered a URL spoofing issue. CVE-2019-5876 Man Yue Mo discovered a use-after-free issue. CVE-2019-5877 Guang Gong discovered an out-of-bounds read issue. CVE-2019-5878 Guang Gong discovered an use-after-free issue in the v8 javascript library. CVE-2019-5879 Jinseo Kim discover that extensions could read files on the local system. CVE-2019-5880 Jun Kokatsu discovered a way to bypass the SameSite cookie feature. CVE-2019-13659 Lnyas Zhang discovered a URL spoofing issue. CVE-2019-13660 Wenxu Wu discovered a user interface error in full screen mode. CVE-2019-13661 Wenxu Wu discovered a user interface spoofing issue in full screen mode. CVE-2019-13662 David Erceg discovered a way to bypass the Content Security Policy. CVE-2019-13663 Lnyas Zhang discovered a way to spoof Internationalized Domain Names. CVE-2019-13664 Thomas Shadwell discovered a way to bypass the SameSite cookie feature. CVE-2019-13665 Jun Kokatsu discovered a way to bypass the multiple file download protection feature. CVE-2019-13666 Tom Van Goethem discovered an information leak. CVE-2019-13667 Khalil Zhani discovered a URL spoofing issue. CVE-2019-13668 David Erceg discovered an information leak. CVE-2019-13669 Khalil Zhani discovered an authentication spoofing issue. CVE-2019-13670 Guang Gong discovered a memory corruption issue in the v8 javascript library. CVE-2019-13671 xisigr discovered a user interface error. CVE-2019-13673 David Erceg discovered an information leak. CVE-2019-13674 Khalil Zhani discovered a way to spoof Internationalized Domain Names. CVE-2019-13675 Jun Kokatsu discovered a way to disable extensions. CVE-2019-13676 Wenxu Wu discovered an error in a certificate warning. CVE-2019-13677 Jun Kokatsu discovered an error in the chrome web store. CVE-2019-13678 Ronni Skansing discovered a spoofing issue in the download dialog window. CVE-2019-13679 Conrad Irwin discovered that user activation was not required for printing. CVE-2019-13680 Thijs Alkamade discovered an IP address spoofing issue. CVE-2019-13681 David Erceg discovered a way to bypass download restrictions. CVE-2019-13682 Jun Kokatsu discovered a way to bypass the site iso ... Description truncated. Please see the references for more information.
Affected Software
Affected Software
'chromium' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For the oldstable distribution (stretch), support for chromium has been discontinued. Please upgrade to the stable release (buster) to continue receiving chromium updates or switch to firefox, which continues to be supported in the oldstable release. For the stable distribution (buster), these problems have been fixed in version 78.0.3904.97-1~deb10u1. We recommend that you upgrade your chromium packages.
Common Vulnerabilities and Exposures (CVE)
- CVE-2019-13659
- CVE-2019-13660
- CVE-2019-13661
- CVE-2019-13662
- CVE-2019-13663
- CVE-2019-13664
- CVE-2019-13665
- CVE-2019-13666
- CVE-2019-13667
- CVE-2019-13668
- CVE-2019-13669
- CVE-2019-13670
- CVE-2019-13671
- CVE-2019-13673
- CVE-2019-13674
- CVE-2019-13675
- CVE-2019-13676
- CVE-2019-13677
- CVE-2019-13678
- CVE-2019-13679
- CVE-2019-13680
- CVE-2019-13681
- CVE-2019-13682
- CVE-2019-13683
- CVE-2019-13685
- CVE-2019-13686
- CVE-2019-13687
- CVE-2019-13688
- CVE-2019-13691
- CVE-2019-13692
- CVE-2019-13693
- CVE-2019-13694
- CVE-2019-13695
- CVE-2019-13696
- CVE-2019-13697
- CVE-2019-13699
- CVE-2019-13700
- CVE-2019-13701
- CVE-2019-13702
- CVE-2019-13703
- CVE-2019-13704
- CVE-2019-13705
- CVE-2019-13706
- CVE-2019-13707
- CVE-2019-13708
- CVE-2019-13709
- CVE-2019-13710
- CVE-2019-13711
- CVE-2019-13713
- CVE-2019-13714
- CVE-2019-13715
- CVE-2019-13716
- CVE-2019-13717
- CVE-2019-13718
- CVE-2019-13719
- CVE-2019-13720
- CVE-2019-13721
- CVE-2019-5869
- CVE-2019-5870
- CVE-2019-5871
- CVE-2019-5872
- CVE-2019-5874
- CVE-2019-5875
- CVE-2019-5876
- CVE-2019-5877
- CVE-2019-5878
- CVE-2019-5879
- CVE-2019-5880