Linux Security
Linux Security
Linux Security

Debian: DSA-4237-1: chromium-browser security update

Date 30 Jun 2018
6817
Posted By Anthony Pell
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4237-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                          Michael Gilbert
June 30, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122
                 CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126
                 CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131
                 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135
                 CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 CVE-2018-6139
                 CVE-2018-6140 CVE-2018-6141 CVE-2018-6142 CVE-2018-6143
                 CVE-2018-6144 CVE-2018-6145 CVE-2018-6147 CVE-2018-6148
                 CVE-2018-6149

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-6118

    Ned Williamson discovered a use-after-free issue.

CVE-2018-6120

    Zhou Aiting discovered a buffer overflow issue in the pdfium library.

CVE-2018-6121

    It was discovered that malicious extensions could escalate privileges.

CVE-2018-6122

    A type confusion issue was discovered in the v8 javascript library.

CVE-2018-6123

    Looben Yang discovered a use-after-free issue.

CVE-2018-6124

    Guang Gong discovered a type confusion issue.

CVE-2018-6125

    Yubico discovered that the WebUSB implementation was too permissive.

CVE-2018-6126

    Ivan Fratric discovered a buffer overflow issue in the skia library.

CVE-2018-6127

    Looben Yang discovered a use-after-free issue.

CVE-2018-6129

    Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.

CVE-2018-6130

    Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.

CVE-2018-6131

    Natalie Silvanovich discovered an error in WebAssembly.

CVE-2018-6132

    Ronald E. Crane discovered an uninitialized memory issue.

CVE-2018-6133

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6134

    Jun Kokatsu discovered a way to bypass the Referrer Policy.

CVE-2018-6135

    Jasper Rebane discovered a user interface spoofing issue.

CVE-2018-6136

    Peter Wong discovered an out-of-bounds read issue in the v8 javascript
    library.

CVE-2018-6137

    Michael Smith discovered an information leak.

CVE-2018-6138

    François Lajeunesse-Robert discovered that the extensions policy was
    too permissive.

CVE-2018-6139

    Rob Wu discovered a way to bypass restrictions in the debugger extension.

CVE-2018-6140

    Rob Wu discovered a way to bypass restrictions in the debugger extension.

CVE-2018-6141

    Yangkang discovered a buffer overflow issue in the skia library.

CVE-2018-6142

    Choongwoo Han discovered an out-of-bounds read in the v8 javascript
    library.

CVE-2018-6143

    Guang Gong discovered an out-of-bounds read in the v8 javascript library.

CVE-2018-6144

    pdknsk discovered an out-of-bounds read in the pdfium library.

CVE-2018-6145

    Masato Kinugawa discovered an error in the MathML implementation.

CVE-2018-6147

    Michail Pishchagin discovered an error in password entry fields.

CVE-2018-6148

    Micha? Bentkowski discovered that the Content Security Policy header
    was handled incorrectly.

CVE-2018-6149

    Yu Zhou and Jundong Xie discovered an out-of-bounds write issue in the
    v8 javascript library.

For the stable distribution (stretch), these problems have been fixed in
version 67.0.3396.87-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAls4J2QACgkQuNayzQLW
9HP9zR/+OKevx5/QJndGvdxJ/gce4jMx9iqd8nrMEDNeHobwaMS9z44yCjgHo0NY
rOQcgxf3ATASJHfokrpKi6mkRO3bnyytu8VB2ekGdHN3WCab84RXR+9BddNrVQDm
mc1cCH35ZjJiLYz/h9xvowyeJb8hR6GgfL14BZPFcJkyHgyDjKPa4nCZKLCnIJqM
4CWwU0msAkqEMtzF0YgEtk6oaNT5h6GCd/lkFxa0Wkl6KRjTgS56FU84UT64mpQM
rq4Y0xtYlTsrOYXzcn1tnXCXfkBKke6Ck4SPepfSS8RO73+8a/LfHRGQKMOCOh1M
hT0jp/cMIwc78/Zk1+ohXiIre1HWatsS1UbMhNV7rwSl1V4etlC+KKQxEai3R8DN
NY0HikvtIVmpDWnk9wLzzjUKVQPtj/EHNNW1d7miArS1Y9wvLSA5UeuWFDUrU2nD
+zbrrJLz60cWpt4DVswavUhZz+xjxqvaC1SrYTXieOjKan6HV5ULYOnwApQ78NVh
bBbs62mwHavAhWmNUcuykUgr1ZG3aaqXiWE1QBMIEvU52n736qG1OXlOLnBJJjAQ
VMs7DEF9ZASHQkO+CMCA6L2yBVKLvFv+bd46na4LwIo9/eJ3GDUOz6xLkJEgL2Au
a3nELYeh4BjO89Sy7Mb4omwGzkO6HjZxmDVCXINdZSX4yqHe//LKWoeJ5l6om73w
BhnYhvQYYImvwjl9DA5NDllDaCiUbwsdDQFCOzEcs7j9USk/kzCTFgXZwvzAqeNJ
yN/3YlP2s2pcFkoHPG3spwPjKw9dQi1oKGcThF//q1hm6mlyVYP0/8AfRCBaz7Rk
ArdTB7XIULvocaJXCxUczvN9uZ8P7SOBIMJ0kdOgoPDnelaA08s8uBh5cmVYs8RP
dGa/x0IML3JPdfc2PYueLyBK9BlodiGRTkhZkMIi+JN6oAcVjc1V4Ne9FssMJ3/E
a2JYLprgNx99R9tF3y6gBBH0cpgXmOYZimDOgdkelLADkizt6HFWteXc2T4d22J8
x8YMiA+67vWft69jIgJhW+w8W7XsX4M2HBHSLOU4GdxbmFuUPu2kxjlFeXAv1tN1
1OjopqjfhhjwnCXG3D35T0Mm2QxKQbNuBfKlYiHb8eY75qDQTTmb71Sbn2SqhjKn
WwKARv21giNU2iwDcwQ1PexDL+VlLP1epO0zmbQ4PGQm0oXn5wT8Ero0KbAm0RVS
9ZR/AwrUBHKIBPgT4bzL5YriY9fowmnO+F5XDAnhVje0bjSJ7SwwcN3pcxG8UV//
laF8XvfVS8q9w1J6qRVBbNVdN9uxFCTM5YSV63Ku8L3N//YS+MXKwRv4ghsp2XXr
JEeslnBuzL2+T7tRsycS+kFaMbu5dg==
=hCS3
-----END PGP SIGNATURE-----

Advisories

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"47","type":"x","order":"1","pct":79.66,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"7","type":"x","order":"2","pct":11.86,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":8.47,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.