Commit 7a643f3f authored by Lev Lamberov's avatar Lev Lamberov

[SECURITY] [DSA 4256-1] chromium-browser security update

parent e9338363
<define-tag pagetitle>DSA-4256-1 chromium-browser</define-tag>
<define-tag report_date>2018-7-26</define-tag>
<define-tag secrefs>CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151 CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164 CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168 CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172 CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176 CVE-2018-6177 CVE-2018-6178 CVE-2018-6179</define-tag>
<define-tag packages>chromium-browser</define-tag>
<define-tag isvulnerable>yes</define-tag>
<define-tag fixed>yes</define-tag>
<define-tag fixed-section>no</define-tag>
#use wml::debian::security
</dl>
<define-tag description>security update</define-tag>
<define-tag moreinfo>
<p>Several vulnerabilities have been discovered in the chromium web browser.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-4117">CVE-2018-4117</a>
<p>AhsanEjaz discovered an information leak.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6044">CVE-2018-6044</a>
<p>Rob Wu discovered a way to escalate privileges using extensions.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6150">CVE-2018-6150</a>
<p>Rob Wu discovered an information disclosure issue (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6151">CVE-2018-6151</a>
<p>Rob Wu discovered an issue in the developer tools (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6152">CVE-2018-6152</a>
<p>Rob Wu discovered an issue in the developer tools (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6153">CVE-2018-6153</a>
<p>Zhen Zhou discovered a buffer overflow issue in the skia library.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6154">CVE-2018-6154</a>
<p>Omair discovered a buffer overflow issue in the WebGL implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6155">CVE-2018-6155</a>
<p>Natalie Silvanovich discovered a use-after-free issue in the WebRTC
implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6156">CVE-2018-6156</a>
<p>Natalie Silvanovich discovered a buffer overflow issue in the WebRTC
implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6157">CVE-2018-6157</a>
<p>Natalie Silvanovich discovered a type confusion issue in the WebRTC
implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6158">CVE-2018-6158</a>
<p>Zhe Jin discovered a use-after-free issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6159">CVE-2018-6159</a>
<p>Jun Kokatsu discovered a way to bypass the same origin policy.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6161">CVE-2018-6161</a>
<p>Jun Kokatsu discovered a way to bypass the same origin policy.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6162">CVE-2018-6162</a>
<p>Omair discovered a buffer overflow issue in the WebGL implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6163">CVE-2018-6163</a>
<p>Khalil Zhani discovered a URL spoofing issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6164">CVE-2018-6164</a>
<p>Jun Kokatsu discovered a way to bypass the same origin policy.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6165">CVE-2018-6165</a>
<p>evil1m0 discovered a URL spoofing issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6166">CVE-2018-6166</a>
<p>Lynas Zhang discovered a URL spoofing issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6167">CVE-2018-6167</a>
<p>Lynas Zhang discovered a URL spoofing issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6168">CVE-2018-6168</a>
<p>Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross
Origin Resource Sharing policy.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6169">CVE-2018-6169</a>
<p>Sam P discovered a way to bypass permissions when installing
extensions.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6170">CVE-2018-6170</a>
<p>A type confusion issue was discovered in the pdfium library.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6171">CVE-2018-6171</a>
<p>A use-after-free issue was discovered in the WebBluetooth
implementation.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6172">CVE-2018-6172</a>
<p>Khalil Zhani discovered a URL spoofing issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6173">CVE-2018-6173</a>
<p>Khalil Zhani discovered a URL spoofing issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6174">CVE-2018-6174</a>
<p>Mark Brand discovered an integer overflow issue in the swiftshader
library.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6175">CVE-2018-6175</a>
<p>Khalil Zhani discovered a URL spoofing issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6176">CVE-2018-6176</a>
<p>Jann Horn discovered a way to escalate privileges using extensions.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6177">CVE-2018-6177</a>
<p>Ron Masas discovered an information leak.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6178">CVE-2018-6178</a>
<p>Khalil Zhani discovered a user interface spoofing issue.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6179">CVE-2018-6179</a>
<p>It was discovered that information about files local to the system
could be leaked to extensions.</p>
<p>This version also fixes a regression introduced in the previous security
update that could prevent decoding of particular audio/video codecs.</p></li>
</ul>
<p>For the stable distribution (stretch), these problems have been fixed in
version 68.0.3440.75-1~deb9u1.</p>
<p>We recommend that you upgrade your chromium-browser packages.</p>
<p>For the detailed security status of chromium-browser please refer to
its security tracker page at:
<a href="https://security-tracker.debian.org/tracker/chromium-browser">\
https://security-tracker.debian.org/tracker/chromium-browser</a></p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2018/dsa-4256.data"
# $Id: $
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment