8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.068 Low
EPSS
Percentile
93.8%
Severity: Critical
Date : 2018-12-08
CVE-ID : CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336
CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340
CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344
CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348
CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352
CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356
CVE-2018-18357 CVE-2018-18358 CVE-2018-18359
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-824
The package chromium before version 71.0.3578.80-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, information disclosure and insufficient validation.
Upgrade to 71.0.3578.80-1.
The problems have been fixed upstream in version 71.0.3578.80.
None.
An out of bounds write has been found in the V8 component of chromium
before 71.0.3578.80.
A use-after-free has been found in the PDFium component of chromium
before 71.0.3578.80.
A heap-based buffer overflow has been found in the Skia component of
chromium before 71.0.3578.80.
A use-after-free has been found in the PDFium component of chromium
before 71.0.3578.80.
A use-after-free has been found in the Blink component of chromium
before 71.0.3578.80.
A heap-based buffer overflow has been found in the Canva component of
chromium before 71.0.3578.80.
A use-after-free has been found in the WebAudio component of chromium
before 71.0.3578.80.
A use-after-free has been found in the MediaRecorder component of
chromium before 71.0.3578.80.
A heap-based buffer overflow has been found in the Blink component of
chromium before 71.0.3578.80.
An out of bounds write has been found in the V8 component of chromium
before 71.0.3578.80.
A use-after-free has been found in the Skia component of chromium
before 71.0.3578.80.
An inappropriate implementation issue has been found in the Extensions
component of chromium before 71.0.3578.80.
An inappropriate implementation issue has been found in the Site
Isolation component of chromium before 71.0.3578.80.
An incorrect security UI issue has been found in the Blink component of
chromium before 71.0.3578.80.
An inappropriate implementation issue has been found in the Navigation
component of chromium before 71.0.3578.80.
An inappropriate implementation issue has been found in the Omnibox
component of chromium before 71.0.3578.80.
An insufficient policy enforcement issue has been found in the Blink
component of chromium before 71.0.3578.80.
An insufficient policy enforcement issue has been found in the Blink
component of chromium before 71.0.3578.80.
An insufficient policy enforcement issue has been found in the
Navigation component of chromium before 71.0.3578.80.
An inappropriate implementation issue has been found in the Media
component of chromium before 71.0.3578.80.
An inappropriate implementation issue has been found in the Network
Authentication component of chromium before 71.0.3578.80.
An insufficient data validation issue has been found in the Shell
Integration component of chromium before 71.0.3578.80.
An insufficient policy enforcement issue has been found in the URL
Formatter component of chromium before 71.0.3578.80.
A use-after-free has been found in the Skia component of chromium
before 71.0.3578.80.
An insufficient policy enforcement issue has been found in the URL
Formatter component of chromium before 71.0.3578.80.
An insufficient policy enforcement issue has been found in the Proxy
component of chromium before 71.0.3578.80.
An out-of-bounds read has been found in the V8 component of chromium
before 71.0.3578.80.
A remote attacker can access sensitive information, bypass security
restrictions and execute arbitrary code on the affected host.
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
https://bugs.chromium.org/p/chromium/issues/detail?id=905940
https://bugs.chromium.org/p/chromium/issues/detail?id=901654
https://bugs.chromium.org/p/chromium/issues/detail?id=895362
https://bugs.chromium.org/p/chromium/issues/detail?id=898531
https://bugs.chromium.org/p/chromium/issues/detail?id=886753
https://bugs.chromium.org/p/chromium/issues/detail?id=890576
https://bugs.chromium.org/p/chromium/issues/detail?id=891187
https://bugs.chromium.org/p/chromium/issues/detail?id=896736
https://bugs.chromium.org/p/chromium/issues/detail?id=901030
https://bugs.chromium.org/p/chromium/issues/detail?id=906313
https://bugs.chromium.org/p/chromium/issues/detail?id=882423
https://bugs.chromium.org/p/chromium/issues/detail?id=866426
https://bugs.chromium.org/p/chromium/issues/detail?id=886976
https://bugs.chromium.org/p/chromium/issues/detail?id=606104
https://bugs.chromium.org/p/chromium/issues/detail?id=850824
https://bugs.chromium.org/p/chromium/issues/detail?id=881659
https://bugs.chromium.org/p/chromium/issues/detail?id=894399
https://bugs.chromium.org/p/chromium/issues/detail?id=799747
https://bugs.chromium.org/p/chromium/issues/detail?id=833847
https://bugs.chromium.org/p/chromium/issues/detail?id=849942
https://bugs.chromium.org/p/chromium/issues/detail?id=884179
https://bugs.chromium.org/p/chromium/issues/detail?id=889459
https://bugs.chromium.org/p/chromium/issues/detail?id=896717
https://bugs.chromium.org/p/chromium/issues/detail?id=883666
https://bugs.chromium.org/p/chromium/issues/detail?id=895207
https://bugs.chromium.org/p/chromium/issues/detail?id=899126
https://bugs.chromium.org/p/chromium/issues/detail?id=907714
https://security.archlinux.org/CVE-2018-17480
https://security.archlinux.org/CVE-2018-17481
https://security.archlinux.org/CVE-2018-18335
https://security.archlinux.org/CVE-2018-18336
https://security.archlinux.org/CVE-2018-18337
https://security.archlinux.org/CVE-2018-18338
https://security.archlinux.org/CVE-2018-18339
https://security.archlinux.org/CVE-2018-18340
https://security.archlinux.org/CVE-2018-18341
https://security.archlinux.org/CVE-2018-18342
https://security.archlinux.org/CVE-2018-18343
https://security.archlinux.org/CVE-2018-18344
https://security.archlinux.org/CVE-2018-18345
https://security.archlinux.org/CVE-2018-18346
https://security.archlinux.org/CVE-2018-18347
https://security.archlinux.org/CVE-2018-18348
https://security.archlinux.org/CVE-2018-18349
https://security.archlinux.org/CVE-2018-18350
https://security.archlinux.org/CVE-2018-18351
https://security.archlinux.org/CVE-2018-18352
https://security.archlinux.org/CVE-2018-18353
https://security.archlinux.org/CVE-2018-18354
https://security.archlinux.org/CVE-2018-18355
https://security.archlinux.org/CVE-2018-18356
https://security.archlinux.org/CVE-2018-18357
https://security.archlinux.org/CVE-2018-18358
https://security.archlinux.org/CVE-2018-18359
bugs.chromium.org/p/chromium/issues/detail?id=606104
bugs.chromium.org/p/chromium/issues/detail?id=799747
bugs.chromium.org/p/chromium/issues/detail?id=833847
bugs.chromium.org/p/chromium/issues/detail?id=849942
bugs.chromium.org/p/chromium/issues/detail?id=850824
bugs.chromium.org/p/chromium/issues/detail?id=866426
bugs.chromium.org/p/chromium/issues/detail?id=881659
bugs.chromium.org/p/chromium/issues/detail?id=882423
bugs.chromium.org/p/chromium/issues/detail?id=883666
bugs.chromium.org/p/chromium/issues/detail?id=884179
bugs.chromium.org/p/chromium/issues/detail?id=886753
bugs.chromium.org/p/chromium/issues/detail?id=886976
bugs.chromium.org/p/chromium/issues/detail?id=889459
bugs.chromium.org/p/chromium/issues/detail?id=890576
bugs.chromium.org/p/chromium/issues/detail?id=891187
bugs.chromium.org/p/chromium/issues/detail?id=894399
bugs.chromium.org/p/chromium/issues/detail?id=895207
bugs.chromium.org/p/chromium/issues/detail?id=895362
bugs.chromium.org/p/chromium/issues/detail?id=896717
bugs.chromium.org/p/chromium/issues/detail?id=896736
bugs.chromium.org/p/chromium/issues/detail?id=898531
bugs.chromium.org/p/chromium/issues/detail?id=899126
bugs.chromium.org/p/chromium/issues/detail?id=901030
bugs.chromium.org/p/chromium/issues/detail?id=901654
bugs.chromium.org/p/chromium/issues/detail?id=905940
bugs.chromium.org/p/chromium/issues/detail?id=906313
bugs.chromium.org/p/chromium/issues/detail?id=907714
chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
security.archlinux.org/AVG-824
security.archlinux.org/CVE-2018-17480
security.archlinux.org/CVE-2018-17481
security.archlinux.org/CVE-2018-18335
security.archlinux.org/CVE-2018-18336
security.archlinux.org/CVE-2018-18337
security.archlinux.org/CVE-2018-18338
security.archlinux.org/CVE-2018-18339
security.archlinux.org/CVE-2018-18340
security.archlinux.org/CVE-2018-18341
security.archlinux.org/CVE-2018-18342
security.archlinux.org/CVE-2018-18343
security.archlinux.org/CVE-2018-18344
security.archlinux.org/CVE-2018-18345
security.archlinux.org/CVE-2018-18346
security.archlinux.org/CVE-2018-18347
security.archlinux.org/CVE-2018-18348
security.archlinux.org/CVE-2018-18349
security.archlinux.org/CVE-2018-18350
security.archlinux.org/CVE-2018-18351
security.archlinux.org/CVE-2018-18352
security.archlinux.org/CVE-2018-18353
security.archlinux.org/CVE-2018-18354
security.archlinux.org/CVE-2018-18355
security.archlinux.org/CVE-2018-18356
security.archlinux.org/CVE-2018-18357
security.archlinux.org/CVE-2018-18358
security.archlinux.org/CVE-2018-18359
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.068 Low
EPSS
Percentile
93.8%