[SECURITY] [DSA 4256-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4256-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
July 26, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151
CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155
CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159
CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164
CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168
CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172
CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176
CVE-2018-6177 CVE-2018-6178 CVE-2018-6179
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2018-4117
AhsanEjaz discovered an information leak.
CVE-2018-6044
Rob Wu discovered a way to escalate privileges using extensions.
CVE-2018-6150
Rob Wu discovered an information disclosure issue (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).
CVE-2018-6151
Rob Wu discovered an issue in the developer tools (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).
CVE-2018-6152
Rob Wu discovered an issue in the developer tools (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).
CVE-2018-6153
Zhen Zhou discovered a buffer overflow issue in the skia library.
CVE-2018-6154
Omair discovered a buffer overflow issue in the WebGL implementation.
CVE-2018-6155
Natalie Silvanovich discovered a use-after-free issue in the WebRTC
implementation.
CVE-2018-6156
Natalie Silvanovich discovered a buffer overflow issue in the WebRTC
implementation.
CVE-2018-6157
Natalie Silvanovich discovered a type confusion issue in the WebRTC
implementation.
CVE-2018-6158
Zhe Jin discovered a use-after-free issue.
CVE-2018-6159
Jun Kokatsu discovered a way to bypass the same origin policy.
CVE-2018-6161
Jun Kokatsu discovered a way to bypass the same origin policy.
CVE-2018-6162
Omair discovered a buffer overflow issue in the WebGL implementation.
CVE-2018-6163
Khalil Zhani discovered a URL spoofing issue.
CVE-2018-6164
Jun Kokatsu discovered a way to bypass the same origin policy.
CVE-2018-6165
evil1m0 discovered a URL spoofing issue.
CVE-2018-6166
Lynas Zhang discovered a URL spoofing issue.
CVE-2018-6167
Lynas Zhang discovered a URL spoofing issue.
CVE-2018-6168
Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross
Origin Resource Sharing policy.
CVE-2018-6169
Sam P discovered a way to bypass permissions when installing
extensions.
CVE-2018-6170
A type confusion issue was discovered in the pdfium library.
CVE-2018-6171
A use-after-free issue was discovered in the WebBluetooth
implementation.
CVE-2018-6172
Khalil Zhani discovered a URL spoofing issue.
CVE-2018-6173
Khalil Zhani discovered a URL spoofing issue.
CVE-2018-6174
Mark Brand discovered an integer overflow issue in the swiftshader
library.
CVE-2018-6175
Khalil Zhani discovered a URL spoofing issue.
CVE-2018-6176
Jann Horn discovered a way to escalate privileges using extensions.
CVE-2018-6177
Ron Masas discovered an information leak.
CVE-2018-6178
Khalil Zhani discovered a user interface spoofing issue.
CVE-2018-6179
It was discovered that information about files local to the system
could be leaked to extensions.
This version also fixes a regression introduced in the previous security
update that could prevent decoding of particular audio/video codecs.
For the stable distribution (stretch), these problems have been fixed in
version 68.0.3440.75-1~deb9u1.
We recommend that you upgrade your chromium-browser packages.
For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAltaqvAACgkQuNayzQLW
9HN1Tx//TF/lR0JT7+g9ZV4C8b9QUjd8RziW1x3Dr1c6FdO01qRzRTmuolgGkd16
irPIel0bnvM7Q707UaX3YlfP9teWThneAXl69wPxg4l/cD6KQy6TYyxY3VzvUiYO
7q1cEixQDqnB2w7sdT2vpg0xc9a8NR5Bgraf+GPUm72R7HHlRHL9G0hVYozjERz/
s09oGrou9neITKMEu7KBPONpWXR8UTJuaCDRW39TeafRVJHDhXUg4wZQihStBMN3
vSNOIhS4TbpFCZqpJRijGh2W2wIz72zq9Fk+FgwDF9cm2Z6aeh/HwGUNFo9IGfc1
e6FnCDTVp3SxJmYdKZSmnqM87+uKBx135G7Y3nVFXZbsUlGuifa4YGNQkkSgr0Be
K2B2dkPDwrFJpJuO2E43q66su2/bAoD/pUC/51Rb+WQBMBfmjZ3vQN9cUybH6Ove
VLRRkv9ADFpHgZ2JcRdKcVFMQRoBZ9gPr7oWeC/f4CjYSJl0ZCrq+0zCO0LUl0/H
QE2Wf0kDDJggsftQfwLwi2LokXNB7VtO3y57RsGB5Mrx/vfy8lB/7p5WAW9c0OJq
C/XUmowWn7PP0s5RyWU0m0w5ioIgDVy+OH5pNsO68L1RZUwaFwRvmaiEbipBr00a
CO7XCQkokcaHm4iXx2aPIwj9ndbtYOu7ve/6BxZhbCgzeVlJiUCcLARHNpagyBOv
WQ43ymkLPYc/RurSQbrn/JVEoCXRpOvTUrPPt7S2shBJfsU9kN5k34s8oN7ytFll
cU6DwGY7n4EDd3sbB3oRwSdu8WGEKK6hDqTo9dPEy8x6owiyUqLFs1+aBjUeoQxQ
80PM0g2Qqdqk/aYgJU243UH3Wx63cCubowDkRnXxGlIxbTl1Wfi5GlmXIrKXQBl9
os4xcpEXTYkghQHzAwi6++cbVLTS4/MNV2S9SfriTEr39jPt0hscFhldg9cnJcGC
nHBt6QDrr/GzObSxhxOl82viimrmt6N8AZpfu6xGtf+XIwk/Kz8wI15MJN5TOnR7
l+2U0I3vzW4BBTR9qfFpaXr4WCelsVstJMmdMspTQLeea83rCdX2IzH7mIgg3pRl
6tWqesRJGUa/JgsTMMz26o9GM+hlpSsm1qsFuGLI3pOC+nBZYaFlQAORx+kgOdvf
hnXPVcYLQBNkFForr92CikMziCYlxPUiUSNDRNRAJ7ksDxsknkuaLx1tV/WY6tvv
ELlY4nH9DD7fqhtecCCvsor9A3F+pswb661m0uYyTlmOx4b2SJizybgud+SZ09O1
v5XJQX795NDf0Mvsn0hM/judmojCRfw8M6tkhUfIP6YIlKYJ7TWhRBBNudyMSbjZ
3/DBJTGBplvJm/5iIODSqHWu1ZQS7A==
=tUJt
-----END PGP SIGNATURE-----
Reply to: