Lucene search

K
redhatRedHatRHSA-2018:2282
HistoryJul 30, 2018 - 1:26 p.m.

(RHSA-2018:2282) Important: chromium-browser security update

2018-07-3013:26:38
access.redhat.com
110

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.096 Low

EPSS

Percentile

94.6%

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 68.0.3440.75.

Security Fix(es):

  • chromium-browser: Stack buffer overflow in Skia (CVE-2018-6153)

  • chromium-browser: Heap buffer overflow in WebGL (CVE-2018-6154)

  • chromium-browser: Use after free in WebRTC (CVE-2018-6155)

  • chromium-browser: Heap buffer overflow in WebRTC (CVE-2018-6156)

  • chromium-browser: Type confusion in WebRTC (CVE-2018-6157)

  • chromium-browser: Cross origin information disclosure in Service Workers (CVE-2018-6150)

  • chromium-browser: Bad cast in DevTools (CVE-2018-6151)

  • chromium-browser: Local file write in DevTools (CVE-2018-6152)

  • chromium-browser: Use after free in Blink (CVE-2018-6158)

  • chromium-browser: Same origin policy bypass in ServiceWorker (CVE-2018-6159)

  • chromium-browser: Same origin policy bypass in WebAudio (CVE-2018-6161)

  • chromium-browser: Heap buffer overflow in WebGL (CVE-2018-6162)

  • chromium-browser: URL spoof in Omnibox (CVE-2018-6163)

  • chromium-browser: Same origin policy bypass in ServiceWorker (CVE-2018-6164)

  • chromium-browser: URL spoof in Omnibox (CVE-2018-6165)

  • chromium-browser: URL spoof in Omnibox (CVE-2018-6166)

  • chromium-browser: URL spoof in Omnibox (CVE-2018-6167)

  • chromium-browser: CORS bypass in Blink (CVE-2018-6168)

  • chromium-browser: Permissions bypass in extension installation (CVE-2018-6169)

  • chromium-browser: Type confusion in PDFium (CVE-2018-6170)

  • chromium-browser: Use after free in WebBluetooth (CVE-2018-6171)

  • chromium-browser: URL spoof in Omnibox (CVE-2018-6172)

  • chromium-browser: URL spoof in Omnibox (CVE-2018-6173)

  • chromium-browser: Integer overflow in SwiftShader (CVE-2018-6174)

  • chromium-browser: URL spoof in Omnibox (CVE-2018-6175)

  • chromium-browser: Local user privilege escalation in Extensions (CVE-2018-6176)

  • chromium-browser: Cross origin information leak in Blink (CVE-2018-4117)

  • chromium-browser: Request privilege escalation in Extensions (CVE-2018-6044)

  • chromium-browser: Cross origin information leak in Blink (CVE-2018-6177)

  • chromium-browser: UI spoof in Extensions (CVE-2018-6178)

  • chromium-browser: Local file information leak in Extensions (CVE-2018-6179)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.096 Low

EPSS

Percentile

94.6%

Related for RHSA-2018:2282