Описание
Security update for Chromium
This update for Chromium to version 65.0.3325.162 fixes the following issues:
- CVE-2017-11215: Use after free in Flash
- CVE-2017-11225: Use after free in Flash
- CVE-2018-6060: Use after free in Blink
- CVE-2018-6061: Race condition in V8
- CVE-2018-6062: Heap buffer overflow in Skia
- CVE-2018-6057: Incorrect permissions on shared memory
- CVE-2018-6063: Incorrect permissions on shared memory
- CVE-2018-6064: Type confusion in V8
- CVE-2018-6065: Integer overflow in V8
- CVE-2018-6066: Same Origin Bypass via canvas
- CVE-2018-6067: Buffer overflow in Skia
- CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- CVE-2018-6069: Stack buffer overflow in Skia
- CVE-2018-6070: CSP bypass through extensions
- CVE-2018-6071: Heap bufffer overflow in Skia
- CVE-2018-6072: Integer overflow in PDFium
- CVE-2018-6073: Heap bufffer overflow in WebGL
- CVE-2018-6074: Mark-of-the-Web bypass
- CVE-2018-6075: Overly permissive cross origin downloads
- CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- CVE-2018-6077: Timing attack using SVG filters
- CVE-2018-6078: URL Spoof in OmniBox
- CVE-2018-6079: Information disclosure via texture data in WebGL
- CVE-2018-6080: Information disclosure in IPC call
- CVE-2018-6081: XSS in interstitials
- CVE-2018-6082: Circumvention of port blocking
- CVE-2018-6083: Incorrect processing of AppManifests
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:0704-1
- SUSE Security Ratings
Описание
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-11215
- SUSE Bug 1084296
Описание
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2017-11225
- SUSE Bug 1084296
Описание
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6057
- SUSE Bug 1084296
Описание
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6060
- SUSE Bug 1084296
Описание
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6061
- SUSE Bug 1084296
Описание
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6062
- SUSE Bug 1084296
Описание
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6063
- SUSE Bug 1084296
Описание
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6064
- SUSE Bug 1084296
Описание
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6065
- SUSE Bug 1084296
Описание
Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6066
- SUSE Bug 1084296
Описание
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6067
- SUSE Bug 1084296
Описание
Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6068
- SUSE Bug 1084296
Описание
Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6069
- SUSE Bug 1084296
Описание
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2018-6070
- SUSE Bug 1084296
Описание
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6071
- SUSE Bug 1084296
Описание
An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Затронутые продукты
Ссылки
- CVE-2018-6072
- SUSE Bug 1084296
Описание
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6073
- SUSE Bug 1084296
Описание
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6074
- SUSE Bug 1084296
Описание
Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.
Затронутые продукты
Ссылки
- CVE-2018-6075
- SUSE Bug 1084296
Описание
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6076
- SUSE Bug 1084296
Описание
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6077
- SUSE Bug 1084296
Описание
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Затронутые продукты
Ссылки
- CVE-2018-6078
- SUSE Bug 1084296
Описание
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6079
- SUSE Bug 1084296
Описание
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .
Затронутые продукты
Ссылки
- CVE-2018-6080
- SUSE Bug 1084296
Описание
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6081
- SUSE Bug 1084296
Описание
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6082
- SUSE Bug 1084296
Описание
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6083
- SUSE Bug 1084296