Vulnerabilities > CVE-2019-5835 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
google
opensuse
fedoraproject
CWE-125
nessus

Summary

Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Vulnerable Configurations

Part Description Count
Application
Google
4545
OS
Opensuse
4
OS
Fedoraproject
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1558.NASL
    descriptionThis update for chromium to version 75.0.3770.80 fixes the following issues: Security issues fixed : - CVE-2019-5828: Fixed a Use after free in ServiceWorker - CVE-2019-5829: Fixed Use after free in Download Manager - CVE-2019-5830: Fixed an incorrectly credentialed requests in CORS - CVE-2019-5831: Fixed an incorrect map processing in V8 - CVE-2019-5832: Fixed an incorrect CORS handling in XHR - CVE-2019-5833: Fixed an inconsistent security UI placemen - CVE-2019-5835: Fixed an out of bounds read in Swiftshader - CVE-2019-5836: Fixed a heap buffer overflow in Angle - CVE-2019-5837: Fixed a cross-origin resources size disclosure in Appcache - CVE-2019-5838: Fixed an overly permissive tab access in Extensions - CVE-2019-5839: Fixed an incorrect handling of certain code points in Blink - CVE-2019-5840: Fixed a popup blocker bypass
    last seen2020-05-31
    modified2019-06-17
    plugin id125942
    published2019-06-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125942
    titleopenSUSE Security Update : chromium (openSUSE-2019-1558)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201908-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201908-18 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id127967
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127967
    titleGLSA-201908-18 : Chromium, Google Chrome: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-A1AF621FAF.NASL
    descriptionFix itinerant crashes. ---- Update to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi support disabled, just too broken. :( Fixes CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-07-25
    plugin id126995
    published2019-07-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126995
    titleFedora 29 : chromium (2019-a1af621faf)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1477.NASL
    descriptionAn update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 75.0.3770.80. Security Fix(es) : * chromium-browser: Use after free in ServiceWorker (CVE-2019-5828) * chromium-browser: Use after free in Download Manager (CVE-2019-5829) * chromium-browser: Incorrectly credentialed requests in CORS (CVE-2019-5830) * chromium-browser: Incorrect map processing in V8 (CVE-2019-5831) * chromium-browser: Incorrect CORS handling in XHR (CVE-2019-5832) * chromium-browser: Inconsistent security UI placement (CVE-2019-5833) * chromium-browser: Out of bounds read in Swiftshader (CVE-2019-5835) * chromium-browser: Heap buffer overflow in Angle (CVE-2019-5836) * chromium-browser: Cross-origin resources size disclosure in Appcache (CVE-2019-5837) * chromium-browser: Overly permissive tab access in Extensions (CVE-2019-5838) * chromium-browser: Incorrect handling of certain code points in Blink (CVE-2019-5839) * chromium-browser: Popup blocker bypass (CVE-2019-5840) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-31
    modified2019-06-17
    plugin id125940
    published2019-06-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125940
    titleRHEL 6 : chromium-browser (RHSA-2019:1477)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1559.NASL
    descriptionThis update for chromium to version 75.0.3770.80 fixes the following issues: Security issues fixed : - CVE-2019-5828: Fixed a Use after free in ServiceWorker - CVE-2019-5829: Fixed Use after free in Download Manager - CVE-2019-5830: Fixed an incorrectly credentialed requests in CORS - CVE-2019-5831: Fixed an incorrect map processing in V8 - CVE-2019-5832: Fixed an incorrect CORS handling in XHR - CVE-2019-5833: Fixed an inconsistent security UI placemen - CVE-2019-5835: Fixed an out of bounds read in Swiftshader - CVE-2019-5836: Fixed a heap buffer overflow in Angle - CVE-2019-5837: Fixed a cross-origin resources size disclosure in Appcache - CVE-2019-5838: Fixed an overly permissive tab access in Extensions - CVE-2019-5839: Fixed an incorrect handling of certain code points in Blink - CVE-2019-5840: Fixed a popup blocker bypass
    last seen2020-06-01
    modified2020-06-02
    plugin id125943
    published2019-06-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125943
    titleopenSUSE Security Update : chromium (openSUSE-2019-1559)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1557.NASL
    descriptionThis update for chromium to version 75.0.3770.80 fixes the following issues : Security issues fixed : 	 - CVE-2019-5828: Fixed a Use after free in ServiceWorker - CVE-2019-5829: Fixed Use after free in Download Manager - CVE-2019-5830: Fixed an incorrectly credentialed requests in CORS - CVE-2019-5831: Fixed an incorrect map processing in V8 - CVE-2019-5832: Fixed an incorrect CORS handling in XHR - CVE-2019-5833: Fixed an inconsistent security UI placemen - CVE-2019-5835: Fixed an out of bounds read in Swiftshader - CVE-2019-5836: Fixed a heap buffer overflow in Angle - CVE-2019-5837: Fixed a cross-origin resources size disclosure in Appcache - CVE-2019-5838: Fixed an overly permissive tab access in Extensions - CVE-2019-5839: Fixed an incorrect handling of certain code points in Blink - CVE-2019-5840: Fixed a popup blocker bypass - CVE-2019-5834: Fixed a URL spoof in Omnibox on iOS
    last seen2020-05-31
    modified2019-06-17
    plugin id125941
    published2019-06-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125941
    titleopenSUSE Security Update : chromium (openSUSE-2019-1557)
  • NASL familyWindows
    NASL idGOOGLE_CHROME_75_0_3770_80.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 75.0.3770.80. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_06_stable-channel-update- for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id125729
    published2019-06-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125729
    titleGoogle Chrome < 75.0.3770.80 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1666.NASL
    descriptionThis update for chromium fixes the following issues : Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287) : - CVE-2019-5842: Use-after-free in Blink. Also updated to 75.0.3770.80 boo#1137332 : - CVE-2019-5828: Use after free in ServiceWorker - CVE-2019-5829: Use after free in Download Manager - CVE-2019-5830: Incorrectly credentialed requests in CORS - CVE-2019-5831: Incorrect map processing in V8 - CVE-2019-5832: Incorrect CORS handling in XHR - CVE-2019-5833: Inconsistent security UI placemen - CVE-2019-5835: Out of bounds read in Swiftshader - CVE-2019-5836: Heap buffer overflow in Angle - CVE-2019-5837: Cross-origin resources size disclosure in Appcache - CVE-2019-5838: Overly permissive tab access in Extensions - CVE-2019-5839: Incorrect handling of certain code points in Blink - CVE-2019-5840: Popup blocker bypass - Various fixes from internal audits, fuzzing and other initiatives - CVE-2019-5834: URL spoof in Omnibox on iOS Update to 74.0.3729.169 : - Feature fixes update only Update to 74.0.3729.157 : - Various security fixes from internal audits, fuzzing and other initiatives Includes security fixes from 74.0.3729.131 (boo#1134218) : - CVE-2019-5827: Out-of-bounds access in SQLite - CVE-2019-5824: Parameter passing error in media player Update to 74.0.3729.108 boo#1133313 : - CVE-2019-5805: Use after free in PDFium - CVE-2019-5806: Integer overflow in Angle - CVE-2019-5807: Memory corruption in V8 - CVE-2019-5808: Use after free in Blink - CVE-2019-5809: Use after free in Blink - CVE-2019-5810: User information disclosure in Autofill - CVE-2019-5811: CORS bypass in Blink - CVE-2019-5813: Out of bounds read in V8 - CVE-2019-5814: CORS bypass in Blink - CVE-2019-5815: Heap buffer overflow in Blink - CVE-2019-5818: Uninitialized value in media reader - CVE-2019-5819: Incorrect escaping in developer tools - CVE-2019-5820: Integer overflow in PDFium - CVE-2019-5821: Integer overflow in PDFium - CVE-2019-5822: CORS bypass in download manager - CVE-2019-5823: Forced navigation from service worker - CVE-2019-5812: URL spoof in Omnibox on iOS - CVE-2019-5816: Exploit persistence extension on Android - CVE-2019-5817: Heap buffer overflow in Angle on Windows Update to 73.0.3686.103 : - Various feature fixes Update to 73.0.3683.86 : - Just feature fixes around - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available - Rebase chromium-vaapi.patch to match up the Fedora one Update to 73.0.3683.75 boo#1129059 : - CVE-2019-5787: Use after free in Canvas. - CVE-2019-5788: Use after free in FileAPI. - CVE-2019-5789: Use after free in WebMIDI. - CVE-2019-5790: Heap buffer overflow in V8. - CVE-2019-5791: Type confusion in V8. - CVE-2019-5792: Integer overflow in PDFium. - CVE-2019-5793: Excessive permissions for private API in Extensions. - CVE-2019-5794: Security UI spoofing. - CVE-2019-5795: Integer overflow in PDFium. - CVE-2019-5796: Race condition in Extensions. - CVE-2019-5797: Race condition in DOMStorage. - CVE-2019-5798: Out of bounds read in Skia. - CVE-2019-5799: CSP bypass with blob URL. - CVE-2019-5800: CSP bypass with blob URL. - CVE-2019-5801: Incorrect Omnibox display on iOS. - CVE-2019-5802: Security UI spoofing. - CVE-2019-5803: CSP bypass with JavaScript URLs
    last seen2020-05-31
    modified2019-07-01
    plugin id126368
    published2019-07-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126368
    titleopenSUSE Security Update : chromium (openSUSE-2019-1666)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_75_0_3770_80.NASL
    descriptionThe version of Google Chrome installed on the remote macOS host is prior to 75.0.3770.80. It is, therefore, affected by multiple vulnerabilities as referenced in the 2019_06_stable-channel-update- for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id125728
    published2019-06-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125728
    titleGoogle Chrome < 75.0.3770.80 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-8FB8240D14.NASL
    descriptionUpdate to Chromium 75.0.3770.100. The usual pile of bugs and CVE fixes. vaapi support disabled, just too broken. :( Fixes CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2019-07-01
    plugin id126359
    published2019-07-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126359
    titleFedora 30 : chromium (2019-8fb8240d14)

Redhat

rpms
  • chromium-browser-0:75.0.3770.80-1.el6_10
  • chromium-browser-debuginfo-0:75.0.3770.80-1.el6_10