Security update for chromium (important)

2018-04-21T00:08:20
ID OPENSUSE-SU-2018:1042-1
Type suse
Reporter Suse
Modified 2018-04-21T00:08:20

Description

This update for Chromium to version 66.0.3359.117 fixes the following issues:

Security issues fixed (boo#1090000):

  • CVE-2018-6085: Use after free in Disk Cache
  • CVE-2018-6086: Use after free in Disk Cache
  • CVE-2018-6087: Use after free in WebAssembly
  • CVE-2018-6088: Use after free in PDFium
  • CVE-2018-6089: Same origin policy bypass in Service Worker
  • CVE-2018-6090: Heap buffer overflow in Skia
  • CVE-2018-6091: Incorrect handling of plug-ins by Service Worker
  • CVE-2018-6092: Integer overflow in WebAssembly
  • CVE-2018-6093: Same origin bypass in Service Worker
  • CVE-2018-6094: Exploit hardening regression in Oilpan
  • CVE-2018-6095: Lack of meaningful user interaction requirement before file upload
  • CVE-2018-6096: Fullscreen UI spoof
  • CVE-2018-6097: Fullscreen UI spoof
  • CVE-2018-6098: URL spoof in Omnibox
  • CVE-2018-6099: CORS bypass in ServiceWorker
  • CVE-2018-6100: URL spoof in Omnibox
  • CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools
  • CVE-2018-6102: URL spoof in Omnibox
  • CVE-2018-6103: UI spoof in Permissions
  • CVE-2018-6104: URL spoof in Omnibox
  • CVE-2018-6105: URL spoof in Omnibox
  • CVE-2018-6106: Incorrect handling of promises in V8
  • CVE-2018-6107: URL spoof in Omnibox
  • CVE-2018-6108: URL spoof in Omnibox
  • CVE-2018-6109: Incorrect handling of files by FileAPI
  • CVE-2018-6110: Incorrect handling of plaintext files via file://
  • CVE-2018-6111: Heap-use-after-free in DevTools
  • CVE-2018-6112: Incorrect URL handling in DevTools
  • CVE-2018-6113: URL spoof in Navigation
  • CVE-2018-6114: CSP bypass
  • CVE-2018-6115: SmartScreen bypass in downloads
  • CVE-2018-6116: Incorrect low memory handling in WebAssembly
  • CVE-2018-6117: Confusing autofill settings
  • Various fixes from internal audits, fuzzing and other initiatives

This update also supports mitigation against the Spectre vulnerabilities: "Strict site isolation" is disabled for most users and can be turned on via: chrome://flags/#enable-site-per-process This feature is undergoing a small percentage trial. Out out of the trial is possible via: chrome://flags/#site-isolation-trial-opt-out

The following other changes are included:

  • distrust certificates issued by Symantec before 2016-06-01
  • add option to export saved passwords
  • Reduce videos that auto-play with sound
  • boo#1086199: Fix UI freezing when loading/scaling down large images

This update also contains a number of upstream bug fixes and improvements.