chromium (73.0.3683.75-1~deb9u1) stretch-security; urgency=medium
* New upstream stable release.
- CVE-2019-5787: Use after free in Canvas. Reported by Zhe Jin
- CVE-2019-5788: Use after free in FileAPI. Reported by Mark Brand
- CVE-2019-5789: Use after free in WebMIDI. Reported by Mark Brand
- CVE-2019-5790: Heap buffer overflow in V8. Reported by Dimitri Fourny
- CVE-2019-5791: Type confusion in V8. Reported by Choongwoo Han
- CVE-2019-5792: Integer overflow in PDFium. Reported by pdknsk
- CVE-2019-5793: Excessive permissions for private API in Extensions.
Reported by Jun Kokatsu
- CVE-2019-5794: Security UI spoofing. Reported by Juno Im of Theori
- CVE-2019-5795: Integer overflow in PDFium. Reported by pdknsk
- CVE-2019-5796: Race condition in Extensions. Reported by Mark Brand
- CVE-2019-5797: Race condition in DOMStorage. Reported by Mark Brand
- CVE-2019-5798: Out of bounds read in Skia. Reported by Tran Tien Hung
- CVE-2019-5799: CSP bypass with blob URL. Reported by sohalt
- CVE-2019-5800: CSP bypass with blob URL. Reported by Jun Kokatsu
- CVE-2019-5802: Security UI spoofing. Reported by Ronni Skansing
- CVE-2019-5803: CSP bypass with Javascript URLs'. Reported by Andrew
Comminos
-- Michael Gilbert <email address hidden> Tue, 26 Mar 2019 23:43:33 +0000
