Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4256-1] chromium-browser security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4256-1] chromium-browser security update


Chronologisch Thread 
  • From: Michael Gilbert <mgilbert AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4256-1] chromium-browser security update
  • Date: Fri, 27 Jul 2018 01:15:51 -0400
  • Authentication-results: mail.intern.piratenpartei.de (MFA); dkim=pass (2048-bit key) header.d=gmail.com
  • List-archive: https://lists.debian.org/msgid-search/CANTw=MPJai2Nhr2ZgLa-eEec60qty01Ct1fsSf2_vjKGqDmH4A AT mail.gmail.com
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <michael.s.gilbert AT gmail.com>
  • Priority: urgent
  • Resent-date: Fri, 27 Jul 2018 05:16:32 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <ZwI33BOrffM.A.Y4.wqqWbB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4256-1 security AT debian.org
https://www.debian.org/security/ Michael Gilbert
July 26, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151
CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155
CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159
CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164
CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168
CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172
CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176
CVE-2018-6177 CVE-2018-6178 CVE-2018-6179

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-4117

AhsanEjaz discovered an information leak.

CVE-2018-6044

Rob Wu discovered a way to escalate privileges using extensions.

CVE-2018-6150

Rob Wu discovered an information disclosure issue (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).

CVE-2018-6151

Rob Wu discovered an issue in the developer tools (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).

CVE-2018-6152

Rob Wu discovered an issue in the developer tools (this problem was
fixed in a previous release but was mistakenly omitted from upstream's
announcement at the time).

CVE-2018-6153

Zhen Zhou discovered a buffer overflow issue in the skia library.

CVE-2018-6154

Omair discovered a buffer overflow issue in the WebGL implementation.

CVE-2018-6155

Natalie Silvanovich discovered a use-after-free issue in the WebRTC
implementation.

CVE-2018-6156

Natalie Silvanovich discovered a buffer overflow issue in the WebRTC
implementation.

CVE-2018-6157

Natalie Silvanovich discovered a type confusion issue in the WebRTC
implementation.

CVE-2018-6158

Zhe Jin discovered a use-after-free issue.

CVE-2018-6159

Jun Kokatsu discovered a way to bypass the same origin policy.

CVE-2018-6161

Jun Kokatsu discovered a way to bypass the same origin policy.

CVE-2018-6162

Omair discovered a buffer overflow issue in the WebGL implementation.

CVE-2018-6163

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6164

Jun Kokatsu discovered a way to bypass the same origin policy.

CVE-2018-6165

evil1m0 discovered a URL spoofing issue.

CVE-2018-6166

Lynas Zhang discovered a URL spoofing issue.

CVE-2018-6167

Lynas Zhang discovered a URL spoofing issue.

CVE-2018-6168

Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross
Origin Resource Sharing policy.

CVE-2018-6169

Sam P discovered a way to bypass permissions when installing
extensions.

CVE-2018-6170

A type confusion issue was discovered in the pdfium library.

CVE-2018-6171

A use-after-free issue was discovered in the WebBluetooth
implementation.

CVE-2018-6172

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6173

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6174

Mark Brand discovered an integer overflow issue in the swiftshader
library.

CVE-2018-6175

Khalil Zhani discovered a URL spoofing issue.

CVE-2018-6176

Jann Horn discovered a way to escalate privileges using extensions.

CVE-2018-6177

Ron Masas discovered an information leak.

CVE-2018-6178

Khalil Zhani discovered a user interface spoofing issue.

CVE-2018-6179

It was discovered that information about files local to the system
could be leaked to extensions.

This version also fixes a regression introduced in the previous security
update that could prevent decoding of particular audio/video codecs.

For the stable distribution (stretch), these problems have been fixed in
version 68.0.3440.75-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAltaqvAACgkQuNayzQLW
9HN1Tx//TF/lR0JT7+g9ZV4C8b9QUjd8RziW1x3Dr1c6FdO01qRzRTmuolgGkd16
irPIel0bnvM7Q707UaX3YlfP9teWThneAXl69wPxg4l/cD6KQy6TYyxY3VzvUiYO
7q1cEixQDqnB2w7sdT2vpg0xc9a8NR5Bgraf+GPUm72R7HHlRHL9G0hVYozjERz/
s09oGrou9neITKMEu7KBPONpWXR8UTJuaCDRW39TeafRVJHDhXUg4wZQihStBMN3
vSNOIhS4TbpFCZqpJRijGh2W2wIz72zq9Fk+FgwDF9cm2Z6aeh/HwGUNFo9IGfc1
e6FnCDTVp3SxJmYdKZSmnqM87+uKBx135G7Y3nVFXZbsUlGuifa4YGNQkkSgr0Be
K2B2dkPDwrFJpJuO2E43q66su2/bAoD/pUC/51Rb+WQBMBfmjZ3vQN9cUybH6Ove
VLRRkv9ADFpHgZ2JcRdKcVFMQRoBZ9gPr7oWeC/f4CjYSJl0ZCrq+0zCO0LUl0/H
QE2Wf0kDDJggsftQfwLwi2LokXNB7VtO3y57RsGB5Mrx/vfy8lB/7p5WAW9c0OJq
C/XUmowWn7PP0s5RyWU0m0w5ioIgDVy+OH5pNsO68L1RZUwaFwRvmaiEbipBr00a
CO7XCQkokcaHm4iXx2aPIwj9ndbtYOu7ve/6BxZhbCgzeVlJiUCcLARHNpagyBOv
WQ43ymkLPYc/RurSQbrn/JVEoCXRpOvTUrPPt7S2shBJfsU9kN5k34s8oN7ytFll
cU6DwGY7n4EDd3sbB3oRwSdu8WGEKK6hDqTo9dPEy8x6owiyUqLFs1+aBjUeoQxQ
80PM0g2Qqdqk/aYgJU243UH3Wx63cCubowDkRnXxGlIxbTl1Wfi5GlmXIrKXQBl9
os4xcpEXTYkghQHzAwi6++cbVLTS4/MNV2S9SfriTEr39jPt0hscFhldg9cnJcGC
nHBt6QDrr/GzObSxhxOl82viimrmt6N8AZpfu6xGtf+XIwk/Kz8wI15MJN5TOnR7
l+2U0I3vzW4BBTR9qfFpaXr4WCelsVstJMmdMspTQLeea83rCdX2IzH7mIgg3pRl
6tWqesRJGUa/JgsTMMz26o9GM+hlpSsm1qsFuGLI3pOC+nBZYaFlQAORx+kgOdvf
hnXPVcYLQBNkFForr92CikMziCYlxPUiUSNDRNRAJ7ksDxsknkuaLx1tV/WY6tvv
ELlY4nH9DD7fqhtecCCvsor9A3F+pswb661m0uYyTlmOx4b2SJizybgud+SZ09O1
v5XJQX795NDf0Mvsn0hM/judmojCRfw8M6tkhUfIP6YIlKYJ7TWhRBBNudyMSbjZ
3/DBJTGBplvJm/5iIODSqHWu1ZQS7A==
=tUJt
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 4256-1] chromium-browser security update, Michael Gilbert, 27.07.2018

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang