Debian Security Advisory
DSA-4289-1 chromium-browser -- security update
- Date Reported:
- 07 Sep 2018
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-16065, CVE-2018-16066, CVE-2018-16067, CVE-2018-1606.
- More information:
Several vulnerabilities have been discovered in the chromium web browser.
cloudfuzzer discovered an out-of-bounds read issue in blink/webkit.
Zhe Jin discovered an out-of-bounds read issue in the WebAudio implementation.
Mark Brand discovered an out-of-bounds write issue in the Mojo message passing library.
Mark Brand discovered an out-of-bounds read issue in the swiftshader library.
Ivan Fratric discovered an integer overflow issue in the skia library.
Natalie Silvanovich discovered a use-after-free issue in the WebRTC implementation.
Jun Kokatsu discovered an error in the Site Isolation feature when restoring browser tabs.
Jun Kokatsu discovered an error in the Site Isolation feature when using a Blob URL.
Pepe Vila discovered an error that could allow remote sites to access local files.
Aseksandar Nikolic discovered an out-of-bounds read issue in the pdfium library.
Manuel Caballero discovered a way to bypass the Content Security Policy.
Cailan Sacks discovered that the Autofill feature could leak saved credit card information.
Markus Vervier and Michele Orrù discovered a URL spoofing issue.
Khalil Zhani discovered a URL spoofing issue.
Jann Horn discovered that local files could be accessed in the developer tools.
Omair discovered a buffer overflow issue in the swiftshader library.
Natalie Silvanovich discovered an out-of-bounds read issue in the WebRTC implementation.
Jun Kokatsu discovered a way to bypass a user confirmation dialog.
Roman Kuksin discovered a use-after-free issue.
For the stable distribution (stretch), these problems have been fixed in version 69.0.3497.81-1~deb9u1.
We recommend that you upgrade your chromium-browser packages.
For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser