Debian Security Advisory(Debian安全报告) DSA-4404-1 chromium

时间:2023-02-10 12:20:08

Package : chromium

CVE ID : CVE-2019-5786

Clement Lecigne在chromium的文件读取器实现中发现了一个use-after-free(释放后重用 即UAF)漏洞。可以利用这个漏洞编写恶意文件,导致远程任意代码执行。

此更新还修复了前一个更新中引入的回归。在远程调试模式下启动时,浏览器会经常崩溃。

这个问题在版本72.0.3626.122-1~deb9u1中得到了解决。

有关chromium的详细安全状态,请参考它的安全跟踪页面:https://secur-tracker.debian.org/tracker/chromium

--------------------

Package : chromium

CVE ID : CVE-2019-5786

Clement Lecigne discovered a use-after-free issue in chromium's file reader implementation. A maliciously crafted file could be used to remotely execute arbitrary code because of this problem.
This update also fixes a regression introduced in a previous update.The browser would always crash when launched in remote debugging mode.

This problem has been fixed in version 72.0.3626.122-1~deb9u1.

For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium