Hello,
Does anyone know if the chromium package from the PureOS repo is affected by CVE-2019-5786?
Recently, a zero day was reported in Chrome which was patched in version 72.0.3626.121. [1]
I believe this also affected Chromium because someone tracked down the commit [2] which addresses the vulnerability in another forum’s thread. At the moment I can’t find the source that mentioned this is the relevant commit, sorry.
The current version of chromium from the PureOS repo is 72.0.3626.109. When I checked to make sure I was somehow not seeing the latest version via Debian’s package tracker for chromium, the versions matched, but on April 1st, it changed to 73.0.3683.75-1. [3]
At one point the versions available in unstable and stable were fine, but testing still had the affected version.
Several websites were reporting this as a severe security vulnerability and I would just like to know if I am affected and if it’s only a matter of time before an unaffected version will be released soon for PureOS users.
I asked in a #debian-security IRC channel but only got a response with the Debian tracker link.
Thanks
[1] https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
[2] https://github.com/chromium/chromium/commit/ba9748e78ec7e9c0d594e7edf7b2c07ea2a90449
[3] https://tracker.debian.org/pkg/chromium