Описание
Security update for Chromium
This update to Chromium version 71.0.3578.80 fixes security issues and bugs.
Security issues fixed (boo#1118529):
- CVE-2018-17480: Out of bounds write in V8
- CVE-2018-17481: Use after frees in PDFium
- CVE-2018-18335: Heap buffer overflow in Skia
- CVE-2018-18336: Use after free in PDFium
- CVE-2018-18337: Use after free in Blink
- CVE-2018-18338: Heap buffer overflow in Canvas
- CVE-2018-18339: Use after free in WebAudio
- CVE-2018-18340: Use after free in MediaRecorder
- CVE-2018-18341: Heap buffer overflow in Blink
- CVE-2018-18342: Out of bounds write in V8
- CVE-2018-18343: Use after free in Skia
- CVE-2018-18344: Inappropriate implementation in Extensions
- Multiple issues in SQLite via WebSQL
- CVE-2018-18345: Inappropriate implementation in Site Isolation
- CVE-2018-18346: Incorrect security UI in Blink
- CVE-2018-18347: Inappropriate implementation in Navigation
- CVE-2018-18348: Inappropriate implementation in Omnibox
- CVE-2018-18349: Insufficient policy enforcement in Blink
- CVE-2018-18350: Insufficient policy enforcement in Blink
- CVE-2018-18351: Insufficient policy enforcement in Navigation
- CVE-2018-18352: Inappropriate implementation in Media
- CVE-2018-18353: Inappropriate implementation in Network Authentication
- CVE-2018-18354: Insufficient data validation in Shell Integration
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter
- CVE-2018-18356: Use after free in Skia
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter
- CVE-2018-18358: Insufficient policy enforcement in Proxy
- CVE-2018-18359: Out of bounds read in V8
- Inappropriate implementation in PDFium
- Use after free in Extensions
- Inappropriate implementation in Navigation
- Insufficient policy enforcement in Navigation
- Insufficient policy enforcement in URL Formatter
- Various fixes from internal audits, fuzzing and other initiatives
The following changes are included:
- advertisements posing as error messages are now blocked
- Automatic playing of content at page load mostly disabled
- New JavaScript API for relative time display
Список пакетов
SUSE Package Hub for SUSE Linux Enterprise 15
Ссылки
- E-Mail link for openSUSE-SU-2018:4056-1
- SUSE Security Ratings
Описание
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-17480
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Затронутые продукты
Ссылки
- CVE-2018-17481
- SUSE Bug 1118529
- SUSE Bug 1119364
- SUSE Bug 1125330
Описание
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18335
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Затронутые продукты
Ссылки
- CVE-2018-18336
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18337
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18338
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18339
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18340
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18341
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18342
- SUSE Bug 1118529
Описание
Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18343
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2018-18344
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18345
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18346
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18347
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Затронутые продукты
Ссылки
- CVE-2018-18348
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2018-18349
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18350
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18351
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18352
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18353
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18354
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Затронутые продукты
Ссылки
- CVE-2018-18355
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18356
- SUSE Bug 1118529
- SUSE Bug 1125330
- SUSE Bug 1125396
Описание
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Затронутые продукты
Ссылки
- CVE-2018-18357
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
Затронутые продукты
Ссылки
- CVE-2018-18358
- SUSE Bug 1118529
- SUSE Bug 1125330
Описание
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2018-18359
- SUSE Bug 1118529
- SUSE Bug 1125330