{"id":"openSUSE-SU-2019:1666-1","summary":"Security update for chromium","details":"This update for chromium fixes the following issues:\n\nChromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287):\n\n* CVE-2019-5842: Use-after-free in Blink.\n\n\nAlso updated to 75.0.3770.80 boo#1137332:\n\n* CVE-2019-5828: Use after free in ServiceWorker\n* CVE-2019-5829: Use after free in Download Manager\n* CVE-2019-5830: Incorrectly credentialed requests in CORS\n* CVE-2019-5831: Incorrect map processing in V8\n* CVE-2019-5832: Incorrect CORS handling in XHR\n* CVE-2019-5833: Inconsistent security UI placemen\n* CVE-2019-5835: Out of bounds read in Swiftshader\n* CVE-2019-5836: Heap buffer overflow in Angle\n* CVE-2019-5837: Cross-origin resources size disclosure in Appcache\n* CVE-2019-5838: Overly permissive tab access in Extensions\n* CVE-2019-5839: Incorrect handling of certain code points in Blink\n* CVE-2019-5840: Popup blocker bypass\n* Various fixes from internal audits, fuzzing and other initiatives\n* CVE-2019-5834: URL spoof in Omnibox on iOS\n\nUpdate to 74.0.3729.169:\n\n* Feature fixes update only\n\nUpdate to 74.0.3729.157:\n\n* Various security fixes from internal audits, fuzzing and other\ninitiatives\n\nIncludes security fixes from 74.0.3729.131 (boo#1134218):\n\n* CVE-2019-5827: Out-of-bounds access in SQLite\n* CVE-2019-5824: Parameter passing error in media player\n\nUpdate to 74.0.3729.108 boo#1133313:\n\n* CVE-2019-5805: Use after free in PDFium\n* CVE-2019-5806: Integer overflow in Angle\n* CVE-2019-5807: Memory corruption in V8\n* CVE-2019-5808: Use after free in Blink\n* CVE-2019-5809: Use after free in Blink\n* CVE-2019-5810: User information disclosure in Autofill\n* CVE-2019-5811: CORS bypass in Blink\n* CVE-2019-5813: Out of bounds read in V8\n* CVE-2019-5814: CORS bypass in Blink\n* CVE-2019-5815: Heap buffer overflow in Blink\n* CVE-2019-5818: Uninitialized value in media reader\n* CVE-2019-5819: Incorrect escaping in developer tools\n* CVE-2019-5820: Integer overflow in PDFium\n* CVE-2019-5821: Integer overflow in PDFium\n* CVE-2019-5822: CORS bypass in download manager\n* CVE-2019-5823: Forced navigation from service worker\n* CVE-2019-5812: URL spoof in Omnibox on iOS\n* CVE-2019-5816: Exploit persistence extension on Android\n* CVE-2019-5817: Heap buffer overflow in Angle on Windows\n\nUpdate to 73.0.3686.103:\n* Various feature fixes\n\nUpdate to 73.0.3683.86:\n\n* Just feature fixes around\n\n- Update conditions to use system harfbuzz on TW+\n- Require java during build\n- Enable using pipewire when available\n- Rebase chromium-vaapi.patch to match up the Fedora one\n\nUpdate to 73.0.3683.75 boo#1129059:\n\n* CVE-2019-5787: Use after free in Canvas.\n* CVE-2019-5788: Use after free in FileAPI.\n* CVE-2019-5789: Use after free in WebMIDI.\n* CVE-2019-5790: Heap buffer overflow in V8.\n* CVE-2019-5791: Type confusion in V8.\n* CVE-2019-5792: Integer overflow in PDFium.\n* CVE-2019-5793: Excessive permissions for private API in Extensions.\n* CVE-2019-5794: Security UI spoofing.\n* CVE-2019-5795: Integer overflow in PDFium.\n* CVE-2019-5796: Race condition in Extensions.\n* CVE-2019-5797: Race condition in DOMStorage.\n* CVE-2019-5798: Out of bounds read in Skia.\n* CVE-2019-5799: CSP bypass with blob URL.\n* CVE-2019-5800: CSP bypass with blob URL.\n* CVE-2019-5801: Incorrect Omnibox display on iOS.\n* CVE-2019-5802: Security UI spoofing.\n* CVE-2019-5803: CSP bypass with Javascript URLs'.\n* CVE-2019-5804: Command line command injection on Windows.\n\n","modified":"2026-02-04T04:07:31.880408Z","published":"2019-06-28T12:43:15Z","related":["CVE-2019-5787","CVE-2019-5788","CVE-2019-5789","CVE-2019-5790","CVE-2019-5791","CVE-2019-5792","CVE-2019-5793","CVE-2019-5794","CVE-2019-5795","CVE-2019-5796","CVE-2019-5797","CVE-2019-5798","CVE-2019-5799","CVE-2019-5800","CVE-2019-5801","CVE-2019-5802","CVE-2019-5803","CVE-2019-5804","CVE-2019-5805","CVE-2019-5806","CVE-2019-5807","CVE-2019-5808","CVE-2019-5809","CVE-2019-5810","CVE-2019-5811","CVE-2019-5812","CVE-2019-5813","CVE-2019-5814","CVE-2019-5815","CVE-2019-5816","CVE-2019-5817","CVE-2019-5818","CVE-2019-5819","CVE-2019-5820","CVE-2019-5821","CVE-2019-5822","CVE-2019-5823","CVE-2019-5824","CVE-2019-5827","CVE-2019-5828","CVE-2019-5829","CVE-2019-5830","CVE-2019-5831","CVE-2019-5832","CVE-2019-5833","CVE-2019-5834","CVE-2019-5835","CVE-2019-5836","CVE-2019-5837","CVE-2019-5838","CVE-2019-5839","CVE-2019-5840","CVE-2019-5842"],"upstream":["CVE-2019-5787","CVE-2019-5788","CVE-2019-5789","CVE-2019-5790","CVE-2019-5791","CVE-2019-5792","CVE-2019-5793","CVE-2019-5794","CVE-2019-5795","CVE-2019-5796","CVE-2019-5797","CVE-2019-5798","CVE-2019-5799","CVE-2019-5800","CVE-2019-5801","CVE-2019-5802","CVE-2019-5803","CVE-2019-5804","CVE-2019-5805","CVE-2019-5806","CVE-2019-5807","CVE-2019-5808","CVE-2019-5809","CVE-2019-5810","CVE-2019-5811","CVE-2019-5812","CVE-2019-5813","CVE-2019-5814","CVE-2019-5815","CVE-2019-5816","CVE-2019-5817","CVE-2019-5818","CVE-2019-5819","CVE-2019-5820","CVE-2019-5821","CVE-2019-5822","CVE-2019-5823","CVE-2019-5824","CVE-2019-5827","CVE-2019-5828","CVE-2019-5829","CVE-2019-5830","CVE-2019-5831","CVE-2019-5832","CVE-2019-5833","CVE-2019-5834","CVE-2019-5835","CVE-2019-5836","CVE-2019-5837","CVE-2019-5838","CVE-2019-5839","CVE-2019-5840","CVE-2019-5842"],"references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV"},{"type":"REPORT","url":"https://bugzilla.suse.com/1129059"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133313"},{"type":"REPORT","url":"https://bugzilla.suse.com/1134218"},{"type":"REPORT","url":"https://bugzilla.suse.com/1137332"},{"type":"REPORT","url":"https://bugzilla.suse.com/1138287"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5787"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5788"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5789"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5790"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5791"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5792"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5793"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5794"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5795"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5796"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5797"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5798"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5799"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5800"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5801"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5802"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5803"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5804"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5805"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5806"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5807"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5808"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5809"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5810"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5811"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5812"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5813"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5814"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5815"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5816"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5817"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5818"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5819"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5820"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5821"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5822"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5823"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5824"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5827"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5828"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5829"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5830"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5831"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5832"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5833"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5834"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5835"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5836"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5837"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5838"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5839"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5840"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5842"}],"affected":[{"package":{"name":"chromium","ecosystem":"SUSE:Package Hub 12 SP3","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"75.0.3770.90-bp150.213.3"}]}],"ecosystem_specific":{"binaries":[{"chromedriver":"75.0.3770.90-bp150.213.3","chromium":"75.0.3770.90-bp150.213.3"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1666-1.json"}},{"package":{"name":"chromium","ecosystem":"SUSE:Package Hub 15","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"75.0.3770.90-bp150.213.3"}]}],"ecosystem_specific":{"binaries":[{"chromedriver":"75.0.3770.90-bp150.213.3","chromium":"75.0.3770.90-bp150.213.3"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1666-1.json"}},{"package":{"name":"chromium","ecosystem":"openSUSE:Leap 15.0","purl":"pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"75.0.3770.90-bp150.213.3"}]}],"ecosystem_specific":{"binaries":[{"chromedriver":"75.0.3770.90-bp150.213.3","chromium":"75.0.3770.90-bp150.213.3"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1666-1.json"}},{"package":{"name":"chromium","ecosystem":"openSUSE:Leap 15.1","purl":"pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"75.0.3770.90-bp150.213.3"}]}],"ecosystem_specific":{"binaries":[{"chromedriver":"75.0.3770.90-bp150.213.3","chromium":"75.0.3770.90-bp150.213.3"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1666-1.json"}}],"schema_version":"1.7.3"}