1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4182-1] chromium-browser security update (2/2)

    From Michael Gilbert@1:229/2 to All on Sat Apr 28 07:40:01 2018
    [continued from previous message]

    A use-after-free issue was discovered in the pdfium library.

    CVE-2018-6089

    Rob Wu discovered a way to bypass the Same Origin Policy.

    CVE-2018-6090

    ZhanJia Song discovered a heap overflow issue in the skia library.

    CVE-2018-6091

    Jun Kokatsu discovered that plugins could be handled incorrectly.

    CVE-2018-6092

    Natalie Silvanovich discovered an integer overflow issue in the
    WebAssembly implementation.

    CVE-2018-6093

    Jun Kokatsu discovered a way to bypass the Same Origin Policy.

    CVE-2018-6094

    Chris Rohlf discovered a regression in garbage collection hardening.

    CVE-2018-6095

    Abdulrahman Alqabandi discovered files could be uploaded without user
    interaction.

    CVE-2018-6096

    WenXu Wu discovered a user interface spoofing issue.

    CVE-2018-6097

    xisigr discovered a user interface spoofing issue.

    CVE-2018-6098

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6099

    Jun Kokatsu discovered a way to bypass the Cross Origin Resource
    Sharing mechanism.

    CVE-2018-6100

    Lnyas Zhang dsicovered a URL spoofing issue.

    CVE-2018-6101

    Rob Wu discovered an issue in the developer tools remote debugging
    protocol.

    CVE-2018-6102

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6103

    Khalil Zhani discovered a user interface spoofing issue.

    CVE-2018-6104

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6105

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6106

    lokihardt discovered that v8 promises could be handled incorrectly.

    CVE-2018-6107

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6108

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6109

    Dominik Weber discovered a way to misuse the FileAPI feature.

    CVE-2018-6110

    Wenxiang Qian discovered that local plain text files could be handled
    incorrectly.

    CVE-2018-6111

    Khalil Zhani discovered a use-after-free issue in the developer tools.

    CVE-2018-6112

    Khalil Zhani discovered incorrect handling of URLs in the developer
    tools.

    CVE-2018-6113

    Khalil Zhani discovered a URL spoofing issue.

    CVE-2018-6114

    Lnyas Zhang discovered a way to bypass the Content Security Policy.

    CVE-2018-6116

    Chengdu Security Response Center discovered an error when memory
    is low.

    CVE-2018-6117

    Spencer Dailey discovered an error in form autofill settings.

    For the oldstable distribution (jessie), security support for chromium
    has been discontinued.

    For the stable distribution (stretch), these problems have been fixed in version 66.0.3359.117-1~deb9u1.

    We recommend that you upgrade your chromium-browser packages.

    For the detailed security status of chromium-browser please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlrkBlYACgkQuNayzQLW 9HMXYx/8CHLYBB1tvN0imvuVmR1WgrE60DVhg5Vt1EkoAj6DgwiPw1fJ0xvcATyS 5Q82MBCF2vAV5GLDS/STL5VupUCDm+4BjNpy/kkx2dodMwdNpnLw4URYY/Q8wOT3 A9iR8CMvDkuhPk2B/A64nvO4dKJzEy6gunjqiKxXvV3+sI9ZptJ0fRPglXbphn8O 6he5/P9tUksxFaw54AAanj8xB2xAu4+MuIDFw094LaulmvYgF45GJJHAjB7HW/Ls ASK+0/Pt0BcDfjNmztsaXT8q2ky8CaLBAc+zXIQSv0dhgt8ykLrqfmSdoFjYUjgo ObvPyq9ifckh6zNihJF0THXQWwff9Ovdc+g/eq2Po2S2v4yfJ+V0HJ42s8pDzE+o Fyl8/O/XaBFnZ07MP5Zzw1K7umheMIHFy3VCF2KmKfKkrNqB/esUAfsOM/zBO4Sw gf56hfpy1hVEGqxEdjBFCoXcLvzzg2Y3hL4Aa2PNabnCmOfZnwy7VS8QYYDSrZsX qyUvm2TzzAy/teNyq5wfuaecD5aayj7+ogEYUeNQEF5Xz7MtBL1kdn+pTN/cPQYG SmVn5q4wcNtTR0p+MVeEMhT/IfC/wBVtrJqiuxm5+Hn7sGDw0BXUthW++Sj1SIMi R2wkET4Zu4snD1kJ1hovU3t4gY/af3cerFLPvm8FYUqVAlNSrlbVU40j9V5PoebE m6uKSO3YdcXf6Q2hizGv3QeZ7HY69F1CVwL7IGhCoT5qIAI0/pT8LJmKnMVvFgsU CuJn8zO2jFc+UU30TVJCRv35+JzLJjZ+YgF0yAoO3vC9hiruvWleuRKvfQyKZtGD yn5LFgUUX4MpjDPbRd2LsNR4L2wmzvB+EkOefG7TtB59WWbER5zYiFdMBT3V5Mzb o51Mzn4PqKAPZsVWsP/1BwvuhsgbqJaHZ5c9OH2nXsNIuutwc+L+O0vIa9xMwfA9 un7tbnKH1isc5/XvF6zoRmPMHxZjQ6D4QNo96MGO6oJ9HrmBnYGMOkZow9RUp6RI 7jQNBIKKMjjFDQO14jpcuw+Dm/f7a8Bk7Z/7dNshLLQAOwniqLupYn0avoyc8NE9 5KVsQFBrDU8QGfWSRYrEqZf9tQTiaug5stE8k9UcM3SHJ/SPIgrzLi0u5uQDmeSW mDtqL3xieTgwSzoP13mDfR/4IXKjaMiiS4qx+KO4l1YiogD7iAEoMQfql15yIQph /WJWGW5Z2dWXrFZ6MIz7e+a6BxRT6VUlUFF0ZJdD6tP/t94BoU9mmijpVkgi7Ejd rxyIMewZkz1Mw8a7Y3mm5KcvgwH/dUCPuU93i2pr6kHxbokEzWcwf4GU4AFtDCZv c57EPN8dE/WfxeZXpbhPKoP8P11vAQ==
    =kD3V
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)