New subject: [Bug 1129059] VUL-0: chromium: 73.0.3683.75 update

13 Mar 2019

      http://bugzilla.suse.com/show_bug.cgi?id=1129059

            Bug ID: 1129059
           Summary: VUL-0: chromium: 73.0.3683.75 update
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: Leap 15.0
          Hardware: Other
                OS: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Security
          Assignee: security-team@suse.de
          Reporter: tchvatal@suse.com
        QA Contact: qa-bugs@suse.de
          Found By: ---
           Blocker: ---

https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desk...

[$TBD][913964] High CVE-2019-5787: Use after free in Canvas. Reported by Zhe
Jin（金哲），Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360
Technology Co. Ltd on 2018-12-11
[$N/A][925864] High CVE-2019-5788: Use after free in FileAPI. Reported by Mark
Brand of Google Project Zero on 2019-01-28
[$N/A][921581] High CVE-2019-5789: Use after free in WebMIDI. Reported by Mark
Brand of Google Project Zero on 2019-01-14
[$7500][914736] High CVE-2019-5790: Heap buffer overflow in V8. Reported by
Dimitri Fourny (Blue Frost Security) on 2018-12-13
[$1000][926651] High CVE-2019-5791: Type confusion in V8. Reported by Choongwoo
Han of Naver Corporation on 2019-01-30
[$500][914983] High CVE-2019-5792: Integer overflow in PDFium. Reported by
pdknsk on 2018-12-13
[$TBD][937487] Medium CVE-2019-5793: Excessive permissions for private API in
Extensions. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research
on 2019-03-01
[$TBD][935175] Medium CVE-2019-5794: Security UI spoofing. Reported by Juno Im
of Theori on 2019-02-24
[$N/A][919643] Medium CVE-2019-5795: Integer overflow in PDFium. Reported by
pdknsk on 2019-01-07
[$N/A][918861] Medium CVE-2019-5796: Race condition in Extensions. Reported by
Mark Brand of Google Project Zero on 2019-01-03
[$N/A][916523] Medium CVE-2019-5797: Race condition in DOMStorage. Reported by
Mark Brand of Google Project Zero on 2018-12-19
[$N/A][883596] Medium CVE-2019-5798: Out of bounds read in Skia. Reported by
Tran Tien Hung (@hungtt28) of Viettel Cyber Security on 2018-09-13
[$1000][905301] Medium CVE-2019-5799: CSP bypass with blob URL. Reported by
sohalt on 2018-11-14
[$1000][894228] Medium CVE-2019-5800: CSP bypass with blob URL. Reported by Jun
Kokatsu (@shhnjk) on 2018-10-10
[$500][921390] Medium CVE-2019-5801: Incorrect Omnibox display on iOS. Reported
by Khalil Zhani on 2019-01-13
[$500][632514] Medium CVE-2019-5802: Security UI spoofing. Reported by Ronni
Skansing on 2016-07-28
[$1000][909865] Low CVE-2019-5803: CSP bypass with Javascript URLs'. Reported
by Andrew Comminos of Facebook on 2018-11-28
[$500][933004] Low CVE-2019-5804: Command line command injection on Windows.
Reported by Joshua Graham of TSS on 2019-02-17

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1129059] New: VUL-0: chromium: 73.0.3683.75 update

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

tags

participants (1)