CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
92.6%
Severity: Critical
Date : 2019-04-24
CVE-ID : CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808
CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813
CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819
CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-952
The package chromium before version 74.0.3729.108-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, information disclosure and insufficient validation.
Upgrade to 74.0.3729.108-1.
The problems have been fixed upstream in version 74.0.3729.108.
None.
A use-after-free vulnerability has been found in the PDFium component
of the chromium browser before 74.0.3729.108.
An integer overflow vulnerability has been found in the Andle component
of the chromium browser before 74.0.3729.108.
A memory corruption vulnerability has been found in the V8 component of
the chromium browser before 74.0.3729.108.
A use-after-free vulnerability has been found in the Blink component of
the chromium browser before 74.0.3729.108.
A use-after-free vulnerability has been found in the Blink component of
the chromium browser before 74.0.3729.108.
A user information disclosure vulnerability has been found in the
Autofill component of the chromium browser before 74.0.3729.108.
A CORS bypass vulnerability has been found in the Blink component of
the chromium browser before 74.0.3729.108.
An out-of-bounds read vulnerability has been found in the V8 component
of the chromium browser before 74.0.3729.108.
A CORS bypass vulnerability has been found in the Blink component of
the chromium browser before 74.0.3729.108.
A heap-based buffer overflow vulnerability has been found in the Blink
component of the chromium browser before 74.0.3729.108.
An uninitialized value vulnerability has been found in the media reader
component of the chromium browser before 74.0.3729.108.
An incorrect escaping vulnerability has been found in the developer
tools component of the chromium browser before 74.0.3729.108.
An integer overflow vulnerability has been found in the PDFium
component of the chromium browser before 74.0.3729.108.
An integer overflow vulnerability has been found in the PDFium
component of the chromium browser before 74.0.3729.108.
A CORS bypass vulnerability has been found in the download manager
component of the chromium browser before 74.0.3729.108.
A forced navigation from service worker vulnerability has been found in
the chromium browser before 74.0.3729.108.
A remote attacker can access sensitive information, bypass security
measures and execute arbitrary code on the affected host.
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
https://crbug.com/913320
https://crbug.com/943087
https://crbug.com/945644
https://crbug.com/947029
https://crbug.com/941008
https://crbug.com/916838
https://crbug.com/771815
https://crbug.com/942699
https://crbug.com/930057
https://crbug.com/930663
https://crbug.com/929962
https://crbug.com/919356
https://crbug.com/919635
https://crbug.com/919640
https://crbug.com/926105
https://security.archlinux.org/CVE-2019-5805
https://security.archlinux.org/CVE-2019-5806
https://security.archlinux.org/CVE-2019-5807
https://security.archlinux.org/CVE-2019-5808
https://security.archlinux.org/CVE-2019-5809
https://security.archlinux.org/CVE-2019-5810
https://security.archlinux.org/CVE-2019-5811
https://security.archlinux.org/CVE-2019-5813
https://security.archlinux.org/CVE-2019-5814
https://security.archlinux.org/CVE-2019-5815
https://security.archlinux.org/CVE-2019-5818
https://security.archlinux.org/CVE-2019-5819
https://security.archlinux.org/CVE-2019-5820
https://security.archlinux.org/CVE-2019-5821
https://security.archlinux.org/CVE-2019-5822
https://security.archlinux.org/CVE-2019-5823
chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
crbug.com/771815
crbug.com/913320
crbug.com/916838
crbug.com/919356
crbug.com/919635
crbug.com/919640
crbug.com/926105
crbug.com/929962
crbug.com/930057
crbug.com/930663
crbug.com/941008
crbug.com/942699
crbug.com/943087
crbug.com/945644
crbug.com/947029
security.archlinux.org/AVG-952
security.archlinux.org/CVE-2019-5805
security.archlinux.org/CVE-2019-5806
security.archlinux.org/CVE-2019-5807
security.archlinux.org/CVE-2019-5808
security.archlinux.org/CVE-2019-5809
security.archlinux.org/CVE-2019-5810
security.archlinux.org/CVE-2019-5811
security.archlinux.org/CVE-2019-5813
security.archlinux.org/CVE-2019-5814
security.archlinux.org/CVE-2019-5815
security.archlinux.org/CVE-2019-5818
security.archlinux.org/CVE-2019-5819
security.archlinux.org/CVE-2019-5820
security.archlinux.org/CVE-2019-5821
security.archlinux.org/CVE-2019-5822
security.archlinux.org/CVE-2019-5823
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
92.6%