[3.10] chromium: Multiple vulnerabilities (CVE-2019-5824, CVE-2019-5825, CVE…CVE-2019-5838, CVE-2019-5839, CVE-2019-5840) (#10596) · Issues · alpine / aports

[3.10] chromium: Multiple vulnerabilities (CVE-2019-5824, CVE-2019-5825, CVE…CVE-2019-5838, CVE-2019-5839, CVE-2019-5840)

CVE-2019-5825: Out-of-bounds write in V8
CVE-2019-5826: Use-after-free in IndexedDB
CVE-2019-5827: Out-of-bounds access in SQLite
CVE-2019-5824: Parameter passing error in media player

Fixed In Version:

chromium 74.0.3729.131

Reference:

https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop\_30.html

CVE-2019-5828: Use after free in ServiceWorker.
CVE-2019-5829: Use after free in Download Manager.
CVE-2019-5830: Incorrectly credentialed requests in CORS.
CVE-2019-5831: Incorrect map processing in V8.
CVE-2019-5832: Incorrect CORS handling in XHR.
CVE-2019-5833: Inconsistent security UI placement.
CVE-2019-5835: Out of bounds read in Swiftshader.
CVE-2019-5836: Heap buffer overflow in Angle.
CVE-2019-5837: Cross-origin resources size disclosure in Appcache .
CVE-2019-5838: Overly permissive tab access in Extensions.
CVE-2019-5839: Incorrect handling of certain code points in Blink.
CVE-2019-5840: Popup blocker bypass.

Fixed In Version:

Chromium 75.0.3770.80

Reference:

https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html

(from redmine: issue id 10596, created on 2019-06-21)

Relations:
- parent #10594

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information