[SECURITY] [DSA 4237-1] chromium-browser security update

---

Debian Security Advisory DSA-4237-1 [email protected]
https://www.debian.org/security/ Michael Gilbert
June 30, 2018 https://www.debian.org/security/faq

---

Package : chromium-browser
CVE ID : CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122
CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126
CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131
CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135
CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 CVE-2018-6139
CVE-2018-6140 CVE-2018-6141 CVE-2018-6142 CVE-2018-6143
CVE-2018-6144 CVE-2018-6145 CVE-2018-6147 CVE-2018-6148
CVE-2018-6149

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-6118

Ned Williamson discovered a use-after-free issue.

CVE-2018-6120

Zhou Aiting discovered a buffer overflow issue in the pdfium library.

CVE-2018-6121

It was discovered that malicious extensions could escalate privileges.

CVE-2018-6122

A type confusion issue was discovered in the v8 javascript library.

CVE-2018-6123

Looben Yang discovered a use-after-free issue.

CVE-2018-6124

Guang Gong discovered a type confusion issue.

CVE-2018-6125

Yubico discovered that the WebUSB implementation was too permissive.

CVE-2018-6126

Ivan Fratric discovered a buffer overflow issue in the skia library.

CVE-2018-6127

Looben Yang discovered a use-after-free issue.

CVE-2018-6129

Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.

CVE-2018-6130

Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.

CVE-2018-6131

Natalie Silvanovich discovered an error in WebAssembly.

CVE-2018-6132

Ronald E. Crane discovered an uninitialized memory issue.

CVE-2018-6133

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6134

Jun Kokatsu discovered a way to bypass the Referrer Policy.

CVE-2018-6135

Jasper Rebane discovered a user interface spoofing issue.

CVE-2018-6136

Peter Wong discovered an out-of-bounds read issue in the v8 javascript
library.

CVE-2018-6137

Michael Smith discovered an information leak.

CVE-2018-6138

François Lajeunesse-Robert discovered that the extensions policy was
too permissive.

CVE-2018-6139

Rob Wu discovered a way to bypass restrictions in the debugger extension.

CVE-2018-6140

Rob Wu discovered a way to bypass restrictions in the debugger extension.

CVE-2018-6141

Yangkang discovered a buffer overflow issue in the skia library.

CVE-2018-6142

Choongwoo Han discovered an out-of-bounds read in the v8 javascript
library.

CVE-2018-6143

Guang Gong discovered an out-of-bounds read in the v8 javascript library.

CVE-2018-6144

pdknsk discovered an out-of-bounds read in the pdfium library.

CVE-2018-6145

Masato Kinugawa discovered an error in the MathML implementation.

CVE-2018-6147

Michail Pishchagin discovered an error in password entry fields.

CVE-2018-6148

Michał Bentkowski discovered that the Content Security Policy header
was handled incorrectly.

CVE-2018-6149

Yu Zhou and Jundong Xie discovered an out-of-bounds write issue in the
v8 javascript library.

For the stable distribution (stretch), these problems have been fixed in
version 67.0.3396.87-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]