6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.043 Low
EPSS
Percentile
92.4%
Severity: Critical
Date : 2019-06-07
CVE-ID : CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831
CVE-2019-5832 CVE-2019-5833 CVE-2019-5835 CVE-2019-5836
CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-972
The package chromium before version 75.0.3770.80-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, content spoofing, incorrect calculation and information
disclosure.
Upgrade to 75.0.3770.80-1.
The problems have been fixed upstream in version 75.0.3770.80.
None.
A use-after-free vulnerability has been found in the ServiceWorker
component of the chromium browser before 75.0.3770.80.
A use-after-free vulnerability has been found in the Download Manager
component of the chromium browser before 75.0.3770.80.
An incorrectly credentialed requests vulnerability has been found in
the CORS component of the chromium browser before 75.0.3770.80.
An incorrect map processing vulnerability has been found in the V8
component of the chromium browser before 75.0.3770.80.
An incorrect CORS handling vulnerability has been found in the XHR
component of the chromium browser before 75.0.3770.80.
An inconsistent security UI placement vulnerability has been found in
the chromium browser before 75.0.3770.80.
An out-of-bounds read vulnerability has been found in the Swiftshader
component of the chromium browser before 75.0.3770.80.
A heap-based buffer overflow vulnerability has been found in the Angle
component of the chromium browser before 75.0.3770.80.
A cross-origin resources size disclosure vulnerability has been found
in the Appcache component of the chromium browser before 75.0.3770.80.
An overly permissive tab access vulnerability has been found in the
Extensions component of the chromium browser before 75.0.3770.80.
An incorrect handling of certain code points vulnerability has been
found in the Blink component of the chromium browser before
75.0.3770.80.
A popup blocker bypass vulnerability has been found in the chromium
browser before 75.0.3770.80.
A remote attacker can access sensitive information, bypass security
measures, spoof content and execute arbitrary code on the affected
host.
https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
https://crbug.com/956597
https://crbug.com/958533
https://crbug.com/665766
https://crbug.com/950328
https://crbug.com/959390
https://crbug.com/945067
https://crbug.com/939239
https://crbug.com/947342
https://crbug.com/918293
https://crbug.com/893087
https://crbug.com/925614
https://crbug.com/951782
https://security.archlinux.org/CVE-2019-5828
https://security.archlinux.org/CVE-2019-5829
https://security.archlinux.org/CVE-2019-5830
https://security.archlinux.org/CVE-2019-5831
https://security.archlinux.org/CVE-2019-5832
https://security.archlinux.org/CVE-2019-5833
https://security.archlinux.org/CVE-2019-5835
https://security.archlinux.org/CVE-2019-5836
https://security.archlinux.org/CVE-2019-5837
https://security.archlinux.org/CVE-2019-5838
https://security.archlinux.org/CVE-2019-5839
https://security.archlinux.org/CVE-2019-5840
chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
crbug.com/665766
crbug.com/893087
crbug.com/918293
crbug.com/925614
crbug.com/939239
crbug.com/945067
crbug.com/947342
crbug.com/950328
crbug.com/951782
crbug.com/956597
crbug.com/958533
crbug.com/959390
security.archlinux.org/AVG-972
security.archlinux.org/CVE-2019-5828
security.archlinux.org/CVE-2019-5829
security.archlinux.org/CVE-2019-5830
security.archlinux.org/CVE-2019-5831
security.archlinux.org/CVE-2019-5832
security.archlinux.org/CVE-2019-5833
security.archlinux.org/CVE-2019-5835
security.archlinux.org/CVE-2019-5836
security.archlinux.org/CVE-2019-5837
security.archlinux.org/CVE-2019-5838
security.archlinux.org/CVE-2019-5839
security.archlinux.org/CVE-2019-5840
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.043 Low
EPSS
Percentile
92.4%