Linux Security
Linux Security
Linux Security

Debian: DSA-4256-1: chromium-browser security update

Date 27 Jul 2018
2007
Posted By Anthony Pell
Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-4117
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4256-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                          Michael Gilbert
July 26, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151
                 CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155
                 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159
                 CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164
                 CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168
                 CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172
                 CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176
                 CVE-2018-6177 CVE-2018-6178 CVE-2018-6179

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-4117

    AhsanEjaz discovered an information leak.

CVE-2018-6044

    Rob Wu discovered a way to escalate privileges using extensions.

CVE-2018-6150

    Rob Wu discovered an information disclosure issue (this problem was
    fixed in a previous release but was mistakenly omitted from upstream's
    announcement at the time).

CVE-2018-6151

    Rob Wu discovered an issue in the developer tools (this problem  was
    fixed in a previous release but was mistakenly omitted from upstream's
    announcement at the time).

CVE-2018-6152

    Rob Wu discovered an issue in the developer tools (this problem  was
    fixed in a previous release but was mistakenly omitted from upstream's
    announcement at the time).

CVE-2018-6153

    Zhen Zhou discovered a buffer overflow issue in the skia library.

CVE-2018-6154

    Omair discovered a buffer overflow issue in the WebGL implementation.

CVE-2018-6155

    Natalie Silvanovich discovered a use-after-free issue in the WebRTC
    implementation.

CVE-2018-6156

    Natalie Silvanovich discovered a buffer overflow issue in the WebRTC
    implementation.

CVE-2018-6157

    Natalie Silvanovich discovered a type confusion issue in the WebRTC
    implementation.

CVE-2018-6158

    Zhe Jin discovered a use-after-free issue.

CVE-2018-6159

    Jun Kokatsu discovered a way to bypass the same origin policy.

CVE-2018-6161

    Jun Kokatsu discovered a way to bypass the same origin policy.

CVE-2018-6162

    Omair discovered a buffer overflow issue in the WebGL implementation.

CVE-2018-6163

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6164

    Jun Kokatsu discovered a way to bypass the same origin policy.

CVE-2018-6165

    evil1m0 discovered a URL spoofing issue.

CVE-2018-6166

    Lynas Zhang discovered a URL spoofing issue.

CVE-2018-6167

    Lynas Zhang discovered a URL spoofing issue.

CVE-2018-6168

    Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross
    Origin Resource Sharing policy.

CVE-2018-6169

    Sam P discovered a way to bypass permissions when installing
    extensions.

CVE-2018-6170

    A type confusion issue was discovered in the pdfium library.

CVE-2018-6171

    A use-after-free issue was discovered in the WebBluetooth
    implementation.

CVE-2018-6172

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6173

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6174

    Mark Brand discovered an integer overflow issue in the swiftshader
    library.

CVE-2018-6175

    Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6176

    Jann Horn discovered a way to escalate privileges using extensions.

CVE-2018-6177

    Ron Masas discovered an information leak.

CVE-2018-6178

    Khalil Zhani discovered a user interface spoofing issue.

CVE-2018-6179

    It was discovered that information about files local to the system
    could be leaked to extensions.

This version also fixes a regression introduced in the previous security
update that could prevent decoding of particular audio/video codecs.

For the stable distribution (stretch), these problems have been fixed in
version 68.0.3440.75-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.