Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0133 Google Chrome 74.0.3729.131 released 1 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-5826 CVE-2019-5825 CVE-2019-5824 Member content until: Friday, May 31 2019 OVERVIEW Multiple security vulnerabilities have been addressed in Google Chrome version 74.0.3729.131 [1] IMPACT The vendor has provided the following information: "This update includes 2 security fixes. security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$500][952406] High CVE to be assigned: Out-of-bounds access in SQLite. Reported by mlfbrown on 2019-04-12 [$TBD][948564] Medium CVE-2019-5824: Parameter passing error in media player. Reported by leecraso on 2019-04-02 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. The following bugs were fixed in previous Chrome releases, but were mistakenly omitted from the release notes at the time: [$25,633.70][941624] Out-of-bounds write and use-after-free. Reported by l.dmxcsnsbh on 2019-03-13: [941743] High CVE-2019-5825: Out-of-bounds write in V8 [941746] High CVE-2019-5826: Use-after-free in IndexedDB" [1] MITIGATION It is recommended that users update to version 74.0.3729.131 as soon as possible. REFERENCES [1] Stable Channel Update for Desktop https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXMk6cWaOgq3Tt24GAQhhpxAAuBLv08DcVxfyYCoFDVNFdmD0iggBlDj0 FnucL8dRSWcRR9ZA1My7I5hz9bcqecQnI9QHIKbdNuZfXdr3VZbM1t9zw7+cPIc+ Fxw0a/Tkp32SFBlyjnLFUo0B50/md1DoUo77z6XVx+/XaCQzN8gzDGGYoCBa8kvN YBgKkQeSvA/hoYsReCgBx2EzwLLBb4tgIJ06d1K6q6Wc25O5lzrCBiowSngZYis6 6swI7uaOpH/xNiB0RKvyV2oTuHQBKT78kFrnQjb79i1pbv4IgY42RM9z5o7CkE9v EEqmS0X8/qloHbZv8kc6a08V+6nTlWpggIr8Pf+KVyPtB1++oWSDiGThqJbS6U16 XdmdPTArks//5TKJSpULlKXcQqobrvTYiayaRy5M3pQ8IBqt0BkTIpFobX1gC/ly Kv78JgL/xVA3c7RtG4c2FbnXAa3QSBV75kJ4SSgWC/+ZrJEKCpMfT3w34eKyvTsp K4NQzflipYqX/te2Ug5hINTNVplzl2QCvV5hP9rAHEGpCsap/dKbieL3+CbiIHQJ ocAp7Za2t/nhRHP8/5XMD1cKfk6yQ7LRKGJSKG1mArnbDjtlatnDLFma57MCJUDt aWwKrAjoOzvAH4ZyuIPoaEGtqUqgrey6AcqG301tuaGjDTHtUTIS9ZIUFSy5z57r CFH2LWfsU8s= =2nPz -----END PGP SIGNATURE-----