From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------- Debian Security Advisory DSA-4256-1 [email protected] https://www.debian.org/security/ Michael Gilbert
July 26, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151
CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155
CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159
CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164
CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168
CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172
CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176
CVE-2018-6177 CVE-2018-6178 CVE-2018-6179

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-4117

AhsanEjaz discovered an information leak.

CVE-2018-6044

Rob Wu discovered a way to escalate privileges using extensions.

CVE-2018-6150

Rob Wu discovered an information disclosure issue (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).

CVE-2018-6151

Rob Wu discovered an issue in the developer tools (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).

CVE-2018-6152

Rob Wu discovered an issue in the developer tools (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).

CVE-2018-6153

Zhen Zhou discovered a buffer overflow issue in the skia library.

CVE-2018-6154

Omair discovered a buffer overflow issue in the WebGL implementation.

CVE-2018-6155

Natalie Silvanovich discovered a use-after-free issue in the WebRTC
implementation.

CVE-2018-6156

Natalie Silvanovich discovered a buffer overflow issue in the WebRTC
implementation.

CVE-2018-6157

Natalie Silvanovich discovered a type confusion issue in the WebRTC
implementation.

CVE-2018-6158

Zhe Jin discovered a use-after-free issue.

CVE-2018-6159

Jun Kokatsu discovered a way to bypass the same origin policy.

CVE-2018-6161

Jun Kokatsu discovered a way to bypass the same origin policy.

CVE-2018-6162

Omair discovered a buffer overflow issue in the WebGL implementation.

CVE-2018-6163

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6164

Jun Kokatsu discovered a way to bypass the same origin policy.

CVE-2018-6165

evil1m0 discovered a URL spoofing issue.

CVE-2018-6166

Lynas Zhang discovered a URL spoofing issue.

CVE-2018-6167

Lynas Zhang discovered a URL spoofing issue.

CVE-2018-6168

Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross
Origin Resource Sharing policy.

CVE-2018-6169

Sam P discovered a way to bypass permissions when installing
extensions.

CVE-2018-6170

A type confusion issue was discovered in the pdfium library.

CVE-2018-6171

A use-after-free issue was discovered in the WebBluetooth
implementation.

CVE-2018-6172

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6173

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6174

Mark Brand discovered an integer overflow issue in the swiftshader
library.

CVE-2018-6175

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6176

Jann Horn discovered a way to escalate privileges using extensions.

CVE-2018-6177

Ron Masas discovered an information leak.

CVE-2018-6178

Khalil Zhani discovered a user interface spoofing issue.


[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)