Debian: DSA-4256-1: chromium-browser security update

    Date27 Jul 2018
    CategoryDebian
    1742
    Posted ByAnthony Pell
    Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-4117
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4256-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Michael Gilbert
    July 26, 2018                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : chromium-browser
    CVE ID         : CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151
                     CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155
                     CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159
                     CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164
                     CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168
                     CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172
                     CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176
                     CVE-2018-6177 CVE-2018-6178 CVE-2018-6179
    
    Several vulnerabilities have been discovered in the chromium web browser.
    
    CVE-2018-4117
    
        AhsanEjaz discovered an information leak.
    
    CVE-2018-6044
    
        Rob Wu discovered a way to escalate privileges using extensions.
    
    CVE-2018-6150
    
        Rob Wu discovered an information disclosure issue (this problem was
        fixed in a previous release but was mistakenly omitted from upstream's
        announcement at the time).
    
    CVE-2018-6151
    
        Rob Wu discovered an issue in the developer tools (this problem  was
        fixed in a previous release but was mistakenly omitted from upstream's
        announcement at the time).
    
    CVE-2018-6152
    
        Rob Wu discovered an issue in the developer tools (this problem  was
        fixed in a previous release but was mistakenly omitted from upstream's
        announcement at the time).
    
    CVE-2018-6153
    
        Zhen Zhou discovered a buffer overflow issue in the skia library.
    
    CVE-2018-6154
    
        Omair discovered a buffer overflow issue in the WebGL implementation.
    
    CVE-2018-6155
    
        Natalie Silvanovich discovered a use-after-free issue in the WebRTC
        implementation.
    
    CVE-2018-6156
    
        Natalie Silvanovich discovered a buffer overflow issue in the WebRTC
        implementation.
    
    CVE-2018-6157
    
        Natalie Silvanovich discovered a type confusion issue in the WebRTC
        implementation.
    
    CVE-2018-6158
    
        Zhe Jin discovered a use-after-free issue.
    
    CVE-2018-6159
    
        Jun Kokatsu discovered a way to bypass the same origin policy.
    
    CVE-2018-6161
    
        Jun Kokatsu discovered a way to bypass the same origin policy.
    
    CVE-2018-6162
    
        Omair discovered a buffer overflow issue in the WebGL implementation.
    
    CVE-2018-6163
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6164
    
        Jun Kokatsu discovered a way to bypass the same origin policy.
    
    CVE-2018-6165
    
        evil1m0 discovered a URL spoofing issue.
    
    CVE-2018-6166
    
        Lynas Zhang discovered a URL spoofing issue.
    
    CVE-2018-6167
    
        Lynas Zhang discovered a URL spoofing issue.
    
    CVE-2018-6168
    
        Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross
        Origin Resource Sharing policy.
    
    CVE-2018-6169
    
        Sam P discovered a way to bypass permissions when installing
        extensions.
    
    CVE-2018-6170
    
        A type confusion issue was discovered in the pdfium library.
    
    CVE-2018-6171
    
        A use-after-free issue was discovered in the WebBluetooth
        implementation.
    
    CVE-2018-6172
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6173
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6174
    
        Mark Brand discovered an integer overflow issue in the swiftshader
        library.
    
    CVE-2018-6175
    
        Khalil Zhani discovered a URL spoofing issue.
    
    CVE-2018-6176
    
        Jann Horn discovered a way to escalate privileges using extensions.
    
    CVE-2018-6177
    
        Ron Masas discovered an information leak.
    
    CVE-2018-6178
    
        Khalil Zhani discovered a user interface spoofing issue.
    
    CVE-2018-6179
    
        It was discovered that information about files local to the system
        could be leaked to extensions.
    
    This version also fixes a regression introduced in the previous security
    update that could prevent decoding of particular audio/video codecs.
    
    For the stable distribution (stretch), these problems have been fixed in
    version 68.0.3440.75-1~deb9u1.
    
    We recommend that you upgrade your chromium-browser packages.
    
    For the detailed security status of chromium-browser please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/chromium-browser
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.