-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0133
                   Google Chrome 74.0.3729.131 released
                                1 May 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Access Confidential Data -- Remote with User Interaction
                      Reduced Security         -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-5826 CVE-2019-5825 CVE-2019-5824
Member content until: Friday, May 31 2019

OVERVIEW

        Multiple security vulnerabilities have been addressed in Google Chrome version 74.0.3729.131 [1]


IMPACT

        The vendor has provided the following information:
        
        "This update includes 2 security fixes. security fixes. Below, we highlight  
        fixes that were contributed by external researchers. Please see the Chrome  
        Security Page for more information.
        
        [$500][952406] High CVE to be assigned: Out-of-bounds access in SQLite.  
        Reported by mlfbrown on 2019-04-12
        [$TBD][948564] Medium CVE-2019-5824: Parameter passing error in media player. 
        Reported by leecraso on 2019-04-02
        
        We would also like to thank all security researchers that worked with us  
        during the development cycle to prevent security bugs from ever reaching  
        the stable channel.
        The following bugs were fixed in previous Chrome releases, but were  
        mistakenly omitted from the release notes at the time:
        
        [$25,633.70][941624] Out-of-bounds write and use-after-free. 
        Reported by l.dmxcsnsbh on 2019-03-13:
         [941743] High CVE-2019-5825: Out-of-bounds write in V8
         [941746] High CVE-2019-5826: Use-after-free in IndexedDB" [1]


MITIGATION

        It is recommended that users update to version 74.0.3729.131 as soon as possible.


REFERENCES

        [1] Stable Channel Update for Desktop
            https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXMk6cWaOgq3Tt24GAQhhpxAAuBLv08DcVxfyYCoFDVNFdmD0iggBlDj0
FnucL8dRSWcRR9ZA1My7I5hz9bcqecQnI9QHIKbdNuZfXdr3VZbM1t9zw7+cPIc+
Fxw0a/Tkp32SFBlyjnLFUo0B50/md1DoUo77z6XVx+/XaCQzN8gzDGGYoCBa8kvN
YBgKkQeSvA/hoYsReCgBx2EzwLLBb4tgIJ06d1K6q6Wc25O5lzrCBiowSngZYis6
6swI7uaOpH/xNiB0RKvyV2oTuHQBKT78kFrnQjb79i1pbv4IgY42RM9z5o7CkE9v
EEqmS0X8/qloHbZv8kc6a08V+6nTlWpggIr8Pf+KVyPtB1++oWSDiGThqJbS6U16
XdmdPTArks//5TKJSpULlKXcQqobrvTYiayaRy5M3pQ8IBqt0BkTIpFobX1gC/ly
Kv78JgL/xVA3c7RtG4c2FbnXAa3QSBV75kJ4SSgWC/+ZrJEKCpMfT3w34eKyvTsp
K4NQzflipYqX/te2Ug5hINTNVplzl2QCvV5hP9rAHEGpCsap/dKbieL3+CbiIHQJ
ocAp7Za2t/nhRHP8/5XMD1cKfk6yQ7LRKGJSKG1mArnbDjtlatnDLFma57MCJUDt
aWwKrAjoOzvAH4ZyuIPoaEGtqUqgrey6AcqG301tuaGjDTHtUTIS9ZIUFSy5z57r
CFH2LWfsU8s=
=2nPz
-----END PGP SIGNATURE-----