Описание
Security update for chromium
This update for Chromium to version 66.0.3359.117 fixes the following issues:
Security issues fixed (boo#1090000):
- CVE-2018-6085: Use after free in Disk Cache
- CVE-2018-6086: Use after free in Disk Cache
- CVE-2018-6087: Use after free in WebAssembly
- CVE-2018-6088: Use after free in PDFium
- CVE-2018-6089: Same origin policy bypass in Service Worker
- CVE-2018-6090: Heap buffer overflow in Skia
- CVE-2018-6091: Incorrect handling of plug-ins by Service Worker
- CVE-2018-6092: Integer overflow in WebAssembly
- CVE-2018-6093: Same origin bypass in Service Worker
- CVE-2018-6094: Exploit hardening regression in Oilpan
- CVE-2018-6095: Lack of meaningful user interaction requirement before file upload
- CVE-2018-6096: Fullscreen UI spoof
- CVE-2018-6097: Fullscreen UI spoof
- CVE-2018-6098: URL spoof in Omnibox
- CVE-2018-6099: CORS bypass in ServiceWorker
- CVE-2018-6100: URL spoof in Omnibox
- CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools
- CVE-2018-6102: URL spoof in Omnibox
- CVE-2018-6103: UI spoof in Permissions
- CVE-2018-6104: URL spoof in Omnibox
- CVE-2018-6105: URL spoof in Omnibox
- CVE-2018-6106: Incorrect handling of promises in V8
- CVE-2018-6107: URL spoof in Omnibox
- CVE-2018-6108: URL spoof in Omnibox
- CVE-2018-6109: Incorrect handling of files by FileAPI
- CVE-2018-6110: Incorrect handling of plaintext files via file://
- CVE-2018-6111: Heap-use-after-free in DevTools
- CVE-2018-6112: Incorrect URL handling in DevTools
- CVE-2018-6113: URL spoof in Navigation
- CVE-2018-6114: CSP bypass
- CVE-2018-6115: SmartScreen bypass in downloads
- CVE-2018-6116: Incorrect low memory handling in WebAssembly
- CVE-2018-6117: Confusing autofill settings
- Various fixes from internal audits, fuzzing and other initiatives
This update also supports mitigation against the Spectre vulnerabilities: 'Strict site isolation' is disabled for most users and can be turned on via: chrome://flags/#enable-site-per-process This feature is undergoing a small percentage trial. Out out of the trial is possible via: chrome://flags/#site-isolation-trial-opt-out
The following other changes are included:
- distrust certificates issued by Symantec before 2016-06-01
- add option to export saved passwords
- Reduce videos that auto-play with sound
- boo#1086199: Fix UI freezing when loading/scaling down large images
This update also contains a number of upstream bug fixes and improvements.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:1042-1
- SUSE Security Ratings
Описание
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6085
- SUSE Bug 1090000
Описание
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6086
- SUSE Bug 1090000
Описание
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6087
- SUSE Bug 1090000
Описание
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
Затронутые продукты
Ссылки
- CVE-2018-6088
- SUSE Bug 1090000
Описание
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6089
- SUSE Bug 1090000
Описание
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6090
- SUSE Bug 1090000
Описание
Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6091
- SUSE Bug 1090000
Описание
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6092
- SUSE Bug 1090000
Описание
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6093
- SUSE Bug 1090000
Описание
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6094
- SUSE Bug 1090000
Описание
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6095
- SUSE Bug 1090000
Описание
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6096
- SUSE Bug 1090000
Описание
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6097
- SUSE Bug 1090000
Описание
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Затронутые продукты
Ссылки
- CVE-2018-6098
- SUSE Bug 1090000
Описание
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6099
- SUSE Bug 1090000
Описание
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Затронутые продукты
Ссылки
- CVE-2018-6100
- SUSE Bug 1090000
Описание
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
Затронутые продукты
Ссылки
- CVE-2018-6101
- SUSE Bug 1090000
Описание
Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Затронутые продукты
Ссылки
- CVE-2018-6102
- SUSE Bug 1090000
Описание
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6103
- SUSE Bug 1090000
Описание
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Затронутые продукты
Ссылки
- CVE-2018-6104
- SUSE Bug 1090000
Описание
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Затронутые продукты
Ссылки
- CVE-2018-6105
- SUSE Bug 1090000
Описание
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6106
- SUSE Bug 1090000
Описание
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Затронутые продукты
Ссылки
- CVE-2018-6107
- SUSE Bug 1090000
Описание
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6108
- SUSE Bug 1090000
Описание
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6109
- SUSE Bug 1090000
Описание
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6110
- SUSE Bug 1090000
Описание
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6111
- SUSE Bug 1090000
Описание
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6112
- SUSE Bug 1090000
Описание
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6113
- SUSE Bug 1090000
Описание
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6114
- SUSE Bug 1090000
Описание
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6115
- SUSE Bug 1090000
Описание
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6116
- SUSE Bug 1090000
Описание
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-6117
- SUSE Bug 1090000