[continued from previous message]

Luan Herrera discovered a way to bypass extension permissions.

CVE-2019-13706

pdknsk discovered an out-of-bounds read issue in the pdfium library.

CVE-2019-13707

Andrea Palazzo discovered an information leak.

CVE-2019-13708

Khalil Zhani discovered an authentication spoofing issue.

CVE-2019-13709

Zhong Zhaochen discovered a way to bypass download restrictions.

CVE-2019-13710

bernardo.mrod discovered a way to bypass download restrictions.

CVE-2019-13711

David Erceg discovered an information leak.

CVE-2019-13713

David Erceg discovered an information leak.

CVE-2019-13714

Jun Kokatsu discovered an issue with Cascading Style Sheets.

CVE-2019-13715

xisigr discovered a URL spoofing issue.

CVE-2019-13716

Barron Hagerman discovered an error in the service worker implementation.

CVE-2019-13717

xisigr discovered a user interface spoofing issue.

CVE-2019-13718

Khalil Zhani discovered a way to spoof Internationalized Domain Names.

CVE-2019-13719

Khalil Zhani discovered a user interface spoofing issue.

CVE-2019-13720

Anton Ivanov and Alexey Kulaev discovered a use-after-free issue.

CVE-2019-13721

banananapenguin discovered a use-after-free issue in the pdfium library.

For the oldstable distribution (stretch), support for chromium has been discontinued. Please upgrade to the stable release (buster) to continue receiving chromium updates or switch to firefox, which continues to be supported in the oldstable release.

For the stable distribution (buster), these problems have been fixed in
version 78.0.3904.97-1~deb10u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at: https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3IYPMACgkQEMKTtsN8 TjarCw//cLfuU3jwfGHyW0ZY/04XHbGZqtiXyzf8+g/TYg4EYB9YDKWjMMOVU7hP U9K99gbo7WGFWDqOx25VpGRNqMUJiNh2Ay9KdbN/55W6vhQhr4Trg4g9FLhbNybq aqP/F2ivY48sE+p6aMCN6sCYB8IY524vKSexnh45eepA5pqrK0vaNX9rWBOe8DRV v65zbfidkCbgl8yOP4SQAixe3NUIHzAEV8+sXnnpLQY3IcSjEPwf0igYeIJyNbF6 UV1TmgTOY0/979Aas/K/03Gu+TCNSAOZdgXohXzdToNsFJkQB3n5qfI0bewZ1Lsg GUAxgo6+72aEzim2XDWz3Vd+y3EuxpPzRRlE+lC+7GcBpjJtEXJEA3U0bJYHxfhH +QbXDa3yfPSds7dSKOMwAPxwB+hwSqkyIlkuhlUnKlEaND+8Ndukd36/6Yk7loqQ yNZOaPJNw5naaLUOrTGqI1BWeH7RZPvtYQdgQmoxSw9AQuhaYNKsfHiurcSnVPPt xu2Kem4kMDraK6xJH5T6tKGGQF7/ih/+vtX6lkh05ZWBXDCeEYLPBVxkbWmb3EZ6 2PdHlmpxTIA8RJ3Nb3jc6eNksW7HpzMuKGcE52my/tEQCgBrUAHqUAtsYJNhbrF2 svfh2Zkhi/fbVhzk62Q1H0SiuvYoB/fa7aEwTulvJkbZB7eIbX8=
=6vq3
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)