Clement Lecigne发现了Chromium文件读取器中的UAF漏洞,恶意文件可能导致远程代码执行。此更新修复了该问题及之前更新引入的回归,解决了浏览器在远程调试模式下启动时频繁崩溃的问题。
Package : chromium
CVE ID : CVE-2019-5786
Clement Lecigne在chromium的文件读取器实现中发现了一个use-after-free(释放后重用 即UAF)漏洞。可以利用这个漏洞编写恶意文件,导致远程任意代码执行。
此更新还修复了前一个更新中引入的回归。在远程调试模式下启动时,浏览器会经常崩溃。
这个问题在版本72.0.3626.122-1~deb9u1中得到了解决。
有关chromium的详细安全状态,请参考它的安全跟踪页面:https://secur-tracker.debian.org/tracker/chromium
--------------------
Package : chromium
CVE ID : CVE-2019-5786
Clement Lecigne discovered a use-after-free issue in chromium's file reader implementation. A maliciously crafted file could be used to remotely execute arbitrary code because of this problem.
This update also fixes a regression introduced in a previous update.The browser would always crash when launched in remote debugging mode.
This problem has been fixed in version 72.0.3626.122-1~deb9u1.
For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
