Debian: DSA-4182-1: chromium-browser security update

    Date28 Apr 2018
    CategoryDebian
    3117
    Posted ByAnthony Pell
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-6056
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4182-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    April 28, 2018                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2018-6056 CVE-2018-6057 CVE-2018-6060 CVE-2018-6061
                     CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065
                     CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069
                     CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073
                     CVE-2018-6074 CVE-2018-6075 CVE-2018-6076 CVE-2018-6077
                     CVE-2018-6078 CVE-2018-6079 CVE-2018-6080 CVE-2018-6081
                     CVE-2018-6082 CVE-2018-6083 CVE-2018-6085 CVE-2018-6086
                     CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090
                     CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094
                     CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098
                     CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102
                     CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106
                     CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110
                     CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114
                     CVE-2018-6116 CVE-2018-6117
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2018-6056
    
        lokihardt discovered an error in the v8 javascript library.
    
    CVE-2018-6057
    
        Gal Beniamini discovered errors related to shared memory permissions.
    
    CVE-2018-6060
    
        Omair discovered a use-after-free issue in blink/webkit.
    
    CVE-2018-6061
    
        Guang Gong discovered a race condition in the v8 javascript library.
    
    CVE-2018-6062
    
        A heap overflow issue was discovered in the v8 javascript library.
    
    CVE-2018-6063
    
        Gal Beniamini discovered errors related to shared memory permissions.
    
    CVE-2018-6064
    
        lokihardt discovered a type confusion error in the v8 javascript
        library.
    
    CVE-2018-6065
    
        Mark Brand discovered an integer overflow issue in the v8 javascript
        library.
    
    CVE-2018-6066
    
        Masato Kinugawa discovered a way to bypass the Same Origin Policy.
    
    CVE-2018-6067
    
        Ned Williamson discovered a buffer overflow issue in the skia library.
    
    CVE-2018-6068
    
        Luan Herrera discovered object lifecycle issues.
    
    CVE-2018-6069
    
        Wanglu and Yangkang discovered a stack overflow issue in the skia
        library.
    
    CVE-2018-6070
    
        Rob Wu discovered a way to bypass the Content Security Policy.
    
    CVE-2018-6071
    
        A heap overflow issue was discovered in the skia library.
    
    CVE-2018-6072
    
        Atte Kettunen discovered an integer overflow issue in the pdfium
        library.
    
    CVE-2018-6073
    
        Omair discover a heap overflow issue in the WebGL implementation.
    
    CVE-2018-6074
    
        Abdulrahman Alqabandi discovered a way to cause a downloaded web page
        to not contain a Mark of the Web.
    
    CVE-2018-6075
    
        Inti De Ceukelaire discovered a way to bypass the Same Origin Policy.
    
    CVE-2018-6076
    
        Mateusz Krzeszowiec discovered that URL fragment identifiers could be
        handled incorrectly.
    
    CVE-2018-6077
    
        Khalil Zhani discovered a timing issue.
    
    CVE-2018-6078
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6079
    
        Ivars discovered an information disclosure issue.
    
    CVE-2018-6080
    
        Gal Beniamini discovered an information disclosure issue.
    
    CVE-2018-6081
    
        Rob Wu discovered a cross-site scripting issue.
    
    CVE-2018-6082
    
        WenXu Wu discovered a way to bypass blocked ports.
    
    CVE-2018-6083
    
        Jun Kokatsu discovered that AppManifests could be handled incorrectly.
    
    CVE-2018-6085
    
        Ned Williamson discovered a use-after-free issue.
    
    CVE-2018-6086
    
        Ned Williamson discovered a use-after-free issue.
    
    CVE-2018-6087
    
        A use-after-free issue was discovered in the WebAssembly implementation.
    
    CVE-2018-6088
    
        A use-after-free issue was discovered in the pdfium library.
    
    CVE-2018-6089
    
        Rob Wu discovered a way to bypass the Same Origin Policy.
    
    CVE-2018-6090
    
        ZhanJia Song discovered a heap overflow issue in the skia library.
    
    CVE-2018-6091
    
        Jun Kokatsu discovered that plugins could be handled incorrectly.
    
    CVE-2018-6092
    
        Natalie Silvanovich discovered an integer overflow issue in the
        WebAssembly implementation.
    
    CVE-2018-6093
    
        Jun Kokatsu discovered a way to bypass the Same Origin Policy.
    
    CVE-2018-6094
    
        Chris Rohlf discovered a regression in garbage collection hardening.
    
    CVE-2018-6095
    
        Abdulrahman Alqabandi discovered files could be uploaded without user
        interaction.
    
    CVE-2018-6096
    
        WenXu Wu discovered a user interface spoofing issue.
    
    CVE-2018-6097
    
        xisigr discovered a user interface spoofing issue.
    
    CVE-2018-6098
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6099
    
        Jun Kokatsu discovered a way to bypass the Cross Origin Resource
        Sharing mechanism.
    
    CVE-2018-6100
    
        Lnyas Zhang dsicovered a URL spoofing issue.
    
    CVE-2018-6101
    
        Rob Wu discovered an issue in the developer tools remote debugging
        protocol.
    
    CVE-2018-6102
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6103
    
        Khalil Zhani discovered a user interface spoofing issue.
    
    CVE-2018-6104
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6105
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6106
    
        lokihardt discovered that v8 promises could be handled incorrectly.
    
    CVE-2018-6107
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6108
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6109
    
        Dominik Weber discovered a way to misuse the FileAPI feature.
    
    CVE-2018-6110
    
        Wenxiang Qian discovered that local plain text files could be handled
        incorrectly.
    
    CVE-2018-6111
    
        Khalil Zhani discovered a use-after-free issue in the developer tools.
    
    CVE-2018-6112
    
        Khalil Zhani discovered incorrect handling of URLs in the developer
        tools.
    
    CVE-2018-6113
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6114
    
        Lnyas Zhang discovered a way to bypass the Content Security Policy.
    
    CVE-2018-6116
    
        Chengdu Security Response Center discovered an error when memory
        is low.
    
    CVE-2018-6117
    
        Spencer Dailey discovered an error in form autofill settings.
    
    For the oldstable distribution (jessie), security support for chromium
    has been discontinued.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 66.0.3359.117-1~deb9u1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    For the detailed security status of chromium-browser please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium-browser
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":32,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.