Debian Security Advisory
DSA-4237-1 chromium-browser -- security update
- Date Reported:
- 30 Jun 2018
- Affected Packages:
- chromium-browser
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-6118, CVE-2018-6120, CVE-2018-6121, CVE-2018-6122, CVE-2018-6123, CVE-2018-6124, CVE-2018-6125, CVE-2018-6126, CVE-2018-6127, CVE-2018-6129, CVE-2018-6130, CVE-2018-6131, CVE-2018-6132, CVE-2018-6133, CVE-2018-6134, CVE-2018-6135, CVE-2018-6136, CVE-2018-6137, CVE-2018-6138, CVE-2018-6139, CVE-2018-6140, CVE-2018-6141, CVE-2018-6142, CVE-2018-6143, CVE-2018-6144, CVE-2018-6145, CVE-2018-6147, CVE-2018-6148, CVE-2018-6149.
- More information:
-
Several vulnerabilities have been discovered in the chromium web browser.
- CVE-2018-6118
Ned Williamson discovered a use-after-free issue.
- CVE-2018-6120
Zhou Aiting discovered a buffer overflow issue in the pdfium library.
- CVE-2018-6121
It was discovered that malicious extensions could escalate privileges.
- CVE-2018-6122
A type confusion issue was discovered in the v8 javascript library.
- CVE-2018-6123
Looben Yang discovered a use-after-free issue.
- CVE-2018-6124
Guang Gong discovered a type confusion issue.
- CVE-2018-6125
Yubico discovered that the WebUSB implementation was too permissive.
- CVE-2018-6126
Ivan Fratric discovered a buffer overflow issue in the skia library.
- CVE-2018-6127
Looben Yang discovered a use-after-free issue.
- CVE-2018-6129
Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.
- CVE-2018-6130
Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.
- CVE-2018-6131
Natalie Silvanovich discovered an error in WebAssembly.
- CVE-2018-6132
Ronald E. Crane discovered an uninitialized memory issue.
- CVE-2018-6133
Khalil Zhani discovered a URL spoofing issue.
- CVE-2018-6134
Jun Kokatsu discovered a way to bypass the Referrer Policy.
- CVE-2018-6135
Jasper Rebane discovered a user interface spoofing issue.
- CVE-2018-6136
Peter Wong discovered an out-of-bounds read issue in the v8 javascript library.
- CVE-2018-6137
Michael Smith discovered an information leak.
- CVE-2018-6138
François Lajeunesse-Robert discovered that the extensions policy was too permissive.
- CVE-2018-6139
Rob Wu discovered a way to bypass restrictions in the debugger extension.
- CVE-2018-6140
Rob Wu discovered a way to bypass restrictions in the debugger extension.
- CVE-2018-6141
Yangkang discovered a buffer overflow issue in the skia library.
- CVE-2018-6142
Choongwoo Han discovered an out-of-bounds read in the v8 javascript library.
- CVE-2018-6143
Guang Gong discovered an out-of-bounds read in the v8 javascript library.
- CVE-2018-6144
pdknsk discovered an out-of-bounds read in the pdfium library.
- CVE-2018-6145
Masato Kinugawa discovered an error in the MathML implementation.
- CVE-2018-6147
Michail Pishchagin discovered an error in password entry fields.
- CVE-2018-6148
Michał Bentkowski discovered that the Content Security Policy header was handled incorrectly.
- CVE-2018-6149
Yu Zhou and Jundong Xie discovered an out-of-bounds write issue in the v8 javascript library.
For the stable distribution (stretch), these problems have been fixed in version 67.0.3396.87-1~deb9u1.
We recommend that you upgrade your chromium-browser packages.
For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser
- CVE-2018-6118