Debian DSA-4256-1 : chromium-browser - security update

Medium Nessus Plugin ID 111360

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the chromium web browser.

- CVE-2018-4117 AhsanEjaz discovered an information leak.

- CVE-2018-6044 Rob Wu discovered a way to escalate privileges using extensions.

- CVE-2018-6150 Rob Wu discovered an information disclosure issue (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time).

- CVE-2018-6151 Rob Wu discovered an issue in the developer tools (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time).

- CVE-2018-6152 Rob Wu discovered an issue in the developer tools (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time).

- CVE-2018-6153 Zhen Zhou discovered a buffer overflow issue in the skia library.

- CVE-2018-6154 Omair discovered a buffer overflow issue in the WebGL implementation.

- CVE-2018-6155 Natalie Silvanovich discovered a use-after-free issue in the WebRTC implementation.

- CVE-2018-6156 Natalie Silvanovich discovered a buffer overflow issue in the WebRTC implementation.

- CVE-2018-6157 Natalie Silvanovich discovered a type confusion issue in the WebRTC implementation.

- CVE-2018-6158 Zhe Jin discovered a use-after-free issue.

- CVE-2018-6159 Jun Kokatsu discovered a way to bypass the same origin policy.

- CVE-2018-6161 Jun Kokatsu discovered a way to bypass the same origin policy.

- CVE-2018-6162 Omair discovered a buffer overflow issue in the WebGL implementation.

- CVE-2018-6163 Khalil Zhani discovered a URL spoofing issue.

- CVE-2018-6164 Jun Kokatsu discovered a way to bypass the same origin policy.

- CVE-2018-6165 evil1m0 discovered a URL spoofing issue.

- CVE-2018-6166 Lynas Zhang discovered a URL spoofing issue.

- CVE-2018-6167 Lynas Zhang discovered a URL spoofing issue.

- CVE-2018-6168 Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross Origin Resource Sharing policy.

- CVE-2018-6169 Sam P discovered a way to bypass permissions when installing extensions.

- CVE-2018-6170 A type confusion issue was discovered in the pdfium library.

- CVE-2018-6171 A use-after-free issue was discovered in the WebBluetooth implementation.

- CVE-2018-6172 Khalil Zhani discovered a URL spoofing issue.

- CVE-2018-6173 Khalil Zhani discovered a URL spoofing issue.

- CVE-2018-6174 Mark Brand discovered an integer overflow issue in the swiftshader library.

- CVE-2018-6175 Khalil Zhani discovered a URL spoofing issue.

- CVE-2018-6176 Jann Horn discovered a way to escalate privileges using extensions.

- CVE-2018-6177 Ron Masas discovered an information leak.

- CVE-2018-6178 Khalil Zhani discovered a user interface spoofing issue.

- CVE-2018-6179 It was discovered that information about files local to the system could be leaked to extensions.

This version also fixes a regression introduced in the previous security update that could prevent decoding of particular audio/video codecs.

Solution

Upgrade the chromium-browser packages.

For the stable distribution (stretch), these problems have been fixed in version 68.0.3440.75-1~deb9u1.

Debian DSA-4256-1 : chromium-browser - security update

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSSv2

CVSSv3

Vulnerability Information

Reference Information