Lucene search

K
debianDebianDEBIAN:DSA-4256-1:0B30A
HistoryJul 27, 2018 - 5:15 a.m.

[SECURITY] [DSA 4256-1] chromium-browser security update

2018-07-2705:15:51
lists.debian.org
27

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.7%


Debian Security Advisory DSA-4256-1 [email protected]
https://www.debian.org/security/ Michael Gilbert
July 26, 2018 https://www.debian.org/security/faq


Package : chromium-browser
CVE ID : CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151
CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155
CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159
CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164
CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168
CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172
CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176
CVE-2018-6177 CVE-2018-6178 CVE-2018-6179

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-4117

AhsanEjaz discovered an information leak.

CVE-2018-6044

Rob Wu discovered a way to escalate privileges using extensions.

CVE-2018-6150

Rob Wu discovered an information disclosure issue (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).

CVE-2018-6151

Rob Wu discovered an issue in the developer tools (this problem  was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).

CVE-2018-6152

Rob Wu discovered an issue in the developer tools (this problem  was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).

CVE-2018-6153

Zhen Zhou discovered a buffer overflow issue in the skia library.

CVE-2018-6154

Omair discovered a buffer overflow issue in the WebGL implementation.

CVE-2018-6155

Natalie Silvanovich discovered a use-after-free issue in the WebRTC
implementation.

CVE-2018-6156

Natalie Silvanovich discovered a buffer overflow issue in the WebRTC
implementation.

CVE-2018-6157

Natalie Silvanovich discovered a type confusion issue in the WebRTC
implementation.

CVE-2018-6158

Zhe Jin discovered a use-after-free issue.

CVE-2018-6159

Jun Kokatsu discovered a way to bypass the same origin policy.

CVE-2018-6161

Jun Kokatsu discovered a way to bypass the same origin policy.

CVE-2018-6162

Omair discovered a buffer overflow issue in the WebGL implementation.

CVE-2018-6163

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6164

Jun Kokatsu discovered a way to bypass the same origin policy.

CVE-2018-6165

evil1m0 discovered a URL spoofing issue.

CVE-2018-6166

Lynas Zhang discovered a URL spoofing issue.

CVE-2018-6167

Lynas Zhang discovered a URL spoofing issue.

CVE-2018-6168

Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross
Origin Resource Sharing policy.

CVE-2018-6169

Sam P discovered a way to bypass permissions when installing
extensions.

CVE-2018-6170

A type confusion issue was discovered in the pdfium library.

CVE-2018-6171

A use-after-free issue was discovered in the WebBluetooth
implementation.

CVE-2018-6172

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6173

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6174

Mark Brand discovered an integer overflow issue in the swiftshader
library.

CVE-2018-6175

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6176

Jann Horn discovered a way to escalate privileges using extensions.

CVE-2018-6177

Ron Masas discovered an information leak.

CVE-2018-6178

Khalil Zhani discovered a user interface spoofing issue.

CVE-2018-6179

It was discovered that information about files local to the system
could be leaked to extensions.

This version also fixes a regression introduced in the previous security
update that could prevent decoding of particular audio/video codecs.

For the stable distribution (stretch), these problems have been fixed in
version 68.0.3440.75-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.7%

Related for DEBIAN:DSA-4256-1:0B30A