openSUSE Security Update : chromium (openSUSE-2018-381)

high Nessus Plugin ID 109236

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for Chromium to version 66.0.3359.117 fixes the following issues :

Security issues fixed (boo#1090000) :

- CVE-2018-6085: Use after free in Disk Cache

- CVE-2018-6086: Use after free in Disk Cache

- CVE-2018-6087: Use after free in WebAssembly

- CVE-2018-6088: Use after free in PDFium

- CVE-2018-6089: Same origin policy bypass in Service Worker

- CVE-2018-6090: Heap buffer overflow in Skia

- CVE-2018-6091: Incorrect handling of plug-ins by Service Worker

- CVE-2018-6092: Integer overflow in WebAssembly

- CVE-2018-6093: Same origin bypass in Service Worker

- CVE-2018-6094: Exploit hardening regression in Oilpan

- CVE-2018-6095: Lack of meaningful user interaction requirement before file upload

- CVE-2018-6096: Fullscreen UI spoof

- CVE-2018-6097: Fullscreen UI spoof

- CVE-2018-6098: URL spoof in Omnibox

- CVE-2018-6099: CORS bypass in ServiceWorker

- CVE-2018-6100: URL spoof in Omnibox

- CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools

- CVE-2018-6102: URL spoof in Omnibox

- CVE-2018-6103: UI spoof in Permissions

- CVE-2018-6104: URL spoof in Omnibox

- CVE-2018-6105: URL spoof in Omnibox

- CVE-2018-6106: Incorrect handling of promises in V8

- CVE-2018-6107: URL spoof in Omnibox

- CVE-2018-6108: URL spoof in Omnibox

- CVE-2018-6109: Incorrect handling of files by FileAPI

- CVE-2018-6110: Incorrect handling of plaintext files via file://

- CVE-2018-6111: Heap-use-after-free in DevTools

- CVE-2018-6112: Incorrect URL handling in DevTools

- CVE-2018-6113: URL spoof in Navigation

- CVE-2018-6114: CSP bypass

- CVE-2018-6115: SmartScreen bypass in downloads

- CVE-2018-6116: Incorrect low memory handling in WebAssembly

- CVE-2018-6117: Confusing autofill settings

- Various fixes from internal audits, fuzzing and other initiatives This update also supports mitigation against the Spectre vulnerabilities: 'Strict site isolation' is disabled for most users and can be turned on via:
chrome://flags/#enable-site-per-process This feature is undergoing a small percentage trial. Out out of the trial is possible via:
chrome://flags/#site-isolation-trial-opt-out

The following other changes are included :

- distrust certificates issued by Symantec before 2016-06-01

- add option to export saved passwords

- Reduce videos that auto-play with sound

- boo#1086199: Fix UI freezing when loading/scaling down large images

This update also contains a number of upstream bug fixes and improvements.

Solution

Update the affected chromium packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1086199

https://bugzilla.opensuse.org/show_bug.cgi?id=1090000

Plugin Details

Severity: High

ID: 109236

File Name: openSUSE-2018-381.nasl

Version: 1.7

Type: local

Agent: unix

Published: 4/23/2018

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/20/2018

Reference Information

CVE: CVE-2018-6085, CVE-2018-6086, CVE-2018-6087, CVE-2018-6088, CVE-2018-6089, CVE-2018-6090, CVE-2018-6091, CVE-2018-6092, CVE-2018-6093, CVE-2018-6094, CVE-2018-6095, CVE-2018-6096, CVE-2018-6097, CVE-2018-6098, CVE-2018-6099, CVE-2018-6100, CVE-2018-6101, CVE-2018-6102, CVE-2018-6103, CVE-2018-6104, CVE-2018-6105, CVE-2018-6106, CVE-2018-6107, CVE-2018-6108, CVE-2018-6109, CVE-2018-6110, CVE-2018-6111, CVE-2018-6112, CVE-2018-6113, CVE-2018-6114, CVE-2018-6115, CVE-2018-6116, CVE-2018-6117