[3.10] chromium: Multiple vulnerabilities (CVE-2019-5824, CVE-2019-5825, CVE…CVE-2019-5838, CVE-2019-5839, CVE-2019-5840)
CVE-2019-5825: Out-of-bounds write in V8
CVE-2019-5826: Use-after-free in IndexedDB
CVE-2019-5827: Out-of-bounds access in SQLite
CVE-2019-5824: Parameter passing error in media player
Fixed In Version:
chromium 74.0.3729.131
Reference:
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop\_30.html
CVE-2019-5828: Use after free in ServiceWorker.
CVE-2019-5829: Use after free in Download Manager.
CVE-2019-5830: Incorrectly credentialed requests in CORS.
CVE-2019-5831: Incorrect map processing in V8.
CVE-2019-5832: Incorrect CORS handling in XHR.
CVE-2019-5833: Inconsistent security UI placement.
CVE-2019-5835: Out of bounds read in Swiftshader.
CVE-2019-5836: Heap buffer overflow in Angle.
CVE-2019-5837: Cross-origin resources size disclosure in Appcache .
CVE-2019-5838: Overly permissive tab access in Extensions.
CVE-2019-5839: Incorrect handling of certain code points in Blink.
CVE-2019-5840: Popup blocker bypass.
Fixed In Version:
Chromium 75.0.3770.80
Reference:
https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
(from redmine: issue id 10596, created on 2019-06-21)
- Relations:
- parent #10594