Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0196 Google Chrome 75.0.3770.142 released 16 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-5847 CVE-2019-5848 Member content until: Thursday, August 15 2019 OVERVIEW Multiple security vulnerabilities have been addressed in Google Chrome version 75.0.3770.142 [1] IMPACT The vendor has provided the following information: "This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$TBD][972921] High CVE-2019-5847: V8 sealed/frozen elements cause crash. Reported by m3plex on 2019-06-11 [$TBD][951487] Medium CVE-2019-5848: Font sizes may expose sensitive information. Reported by Mark Amery on 2019-04-10" [1] MITIGATION It is recommended that users update to version 75.0.3770.142 as soon as possible. [1] REFERENCES [1] Chrome Stable Channel Update for Desktop https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXS1q62aOgq3Tt24GAQgQ+w/7Bek2aZstv4JlwmGma0GwS+caX8nJvcbV FmKjeRtwb8zywhCkIY2uRxiutHaLsac5CTYlpTl1tM1h2e5hclUYPulEYibNpopw wZqXJTZOB4Sb9SoFDKucmxzTSQDBEMgOSeeYtSmXj8D3R1kbSsFKJy65ZpqLNNkp 5RJzfzT/EyrWHXa6YqAjLzS2Zj52QoJFRPxQf3FkLkMNj4I2v930TH976vEz8fQ9 L1OrqBihKv41tm2VcYU3x9CeEJI5+gWWJcsxncLMTBQfzlnurqEdCToxSdca0UyV BDE29UesZ2bvbdu+o+AMSJzdBPV75KjhtQJmENf9YfxU6P3NClGlmW/6xVMvfvQj fhe7VfFBes/mJ57CiKdBsZQH3fgBWaUF5LfAqT3KePfm9NZyK5PKFSLpElWUs0A9 CVuNzGlUICwOuAHK6WRfF64eVSSvtLAoT8CprVsiXdSVzLH7FPVO6Zur0taH5Wl4 hJ/g4dzgorKesqvjKFoX/9/EytUdQSAZEHYBIwhtCkhMlhyOVeKbRrwp4KobowlD cA6x7FF7capYRHlCaj8BZJHj3BZD+CuqTGiWqcoLhmaCbuP/EmsSN/gyBYfn82Cd KVBzyST8BVJSkAy39HKMDy+D7AZBJUj6YVmWYFAXNMm5av08A7LG8uBYEEp/k/hp 9/mtM5ESx/0= =X0Ux -----END PGP SIGNATURE-----