Описание
Security update for Chromium
This update for Chromium to version 70.0.3538.67 fixes multiple issues.
Security issues fixed (bsc#1112111):
- CVE-2018-17462: Sandbox escape in AppCache
- CVE-2018-17463: Remote code execution in V8
- Heap buffer overflow in Little CMS in PDFium
- CVE-2018-17464: URL spoof in Omnibox
- CVE-2018-17465: Use after free in V8
- CVE-2018-17466: Memory corruption in Angle
- CVE-2018-17467: URL spoof in Omnibox
- CVE-2018-17468: Cross-origin URL disclosure in Blink
- CVE-2018-17469: Heap buffer overflow in PDFium
- CVE-2018-17470: Memory corruption in GPU Internals
- CVE-2018-17471: Security UI occlusion in full screen mode
- CVE-2018-17473: URL spoof in Omnibox
- CVE-2018-17474: Use after free in Blink
- CVE-2018-17475: URL spoof in Omnibox
- CVE-2018-17476: Security UI occlusion in full screen mode
- CVE-2018-5179: Lack of limits on update() in ServiceWorker
- CVE-2018-17477: UI spoof in Extensions
VAAPI hardware accelerated rendering is now enabled by default.
This update contains the following packaging changes:
- Use the system libusb-1.0 library
- Use bundled harfbuzz library
- Disable gnome-keyring to avoid crashes
Список пакетов
SUSE Package Hub for SUSE Linux Enterprise 15
Ссылки
- E-Mail link for openSUSE-SU-2018:3273-1
- SUSE Security Ratings
Описание
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17462
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17463
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17464
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17465
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17466
- SUSE Bug 1112111
- SUSE Bug 1119105
- SUSE Bug 1121207
Описание
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17467
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17468
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
Затронутые продукты
Ссылки
- CVE-2018-17469
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17470
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17471
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17472
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Затронутые продукты
Ссылки
- CVE-2018-17473
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17474
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17475
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17476
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17477
- SUSE Bug 1112111
- SUSE Bug 1119105
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
Ссылки
- CVE-2018-5179
- SUSE Bug 1112111
- SUSE Bug 1119105