Arch Linux Security Advisory ASA-201812-2 ========================================= Severity: Critical Date : 2018-12-08 CVE-ID : CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-824 Summary ======= The package chromium before version 71.0.3578.80-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, information disclosure and insufficient validation. Resolution ========== Upgrade to 71.0.3578.80-1. # pacman -Syu "chromium>=71.0.3578.80-1" The problems have been fixed upstream in version 71.0.3578.80. Workaround ========== None. Description =========== - CVE-2018-17480 (arbitrary code execution) An out of bounds write has been found in the V8 component of chromium before 71.0.3578.80. - CVE-2018-17481 (arbitrary code execution) A use-after-free has been found in the PDFium component of chromium before 71.0.3578.80. - CVE-2018-18335 (arbitrary code execution) A heap-based buffer overflow has been found in the Skia component of chromium before 71.0.3578.80. - CVE-2018-18336 (arbitrary code execution) A use-after-free has been found in the PDFium component of chromium before 71.0.3578.80. - CVE-2018-18337 (arbitrary code execution) A use-after-free has been found in the Blink component of chromium before 71.0.3578.80. - CVE-2018-18338 (arbitrary code execution) A heap-based buffer overflow has been found in the Canva component of chromium before 71.0.3578.80. - CVE-2018-18339 (arbitrary code execution) A use-after-free has been found in the WebAudio component of chromium before 71.0.3578.80. - CVE-2018-18340 (arbitrary code execution) A use-after-free has been found in the MediaRecorder component of chromium before 71.0.3578.80. - CVE-2018-18341 (arbitrary code execution) A heap-based buffer overflow has been found in the Blink component of chromium before 71.0.3578.80. - CVE-2018-18342 (arbitrary code execution) An out of bounds write has been found in the V8 component of chromium before 71.0.3578.80. - CVE-2018-18343 (arbitrary code execution) A use-after-free has been found in the Skia component of chromium before 71.0.3578.80. - CVE-2018-18344 (access restriction bypass) An inappropriate implementation issue has been found in the Extensions component of chromium before 71.0.3578.80. - CVE-2018-18345 (access restriction bypass) An inappropriate implementation issue has been found in the Site Isolation component of chromium before 71.0.3578.80. - CVE-2018-18346 (access restriction bypass) An incorrect security UI issue has been found in the Blink component of chromium before 71.0.3578.80. - CVE-2018-18347 (access restriction bypass) An inappropriate implementation issue has been found in the Navigation component of chromium before 71.0.3578.80. - CVE-2018-18348 (access restriction bypass) An inappropriate implementation issue has been found in the Omnibox component of chromium before 71.0.3578.80. - CVE-2018-18349 (access restriction bypass) An insufficient policy enforcement issue has been found in the Blink component of chromium before 71.0.3578.80. - CVE-2018-18350 (access restriction bypass) An insufficient policy enforcement issue has been found in the Blink component of chromium before 71.0.3578.80. - CVE-2018-18351 (access restriction bypass) An insufficient policy enforcement issue has been found in the Navigation component of chromium before 71.0.3578.80. - CVE-2018-18352 (access restriction bypass) An inappropriate implementation issue has been found in the Media component of chromium before 71.0.3578.80. - CVE-2018-18353 (access restriction bypass) An inappropriate implementation issue has been found in the Network Authentication component of chromium before 71.0.3578.80. - CVE-2018-18354 (insufficient validation) An insufficient data validation issue has been found in the Shell Integration component of chromium before 71.0.3578.80. - CVE-2018-18355 (access restriction bypass) An insufficient policy enforcement issue has been found in the URL Formatter component of chromium before 71.0.3578.80. - CVE-2018-18356 (arbitrary code execution) A use-after-free has been found in the Skia component of chromium before 71.0.3578.80. - CVE-2018-18357 (access restriction bypass) An insufficient policy enforcement issue has been found in the URL Formatter component of chromium before 71.0.3578.80. - CVE-2018-18358 (access restriction bypass) An insufficient policy enforcement issue has been found in the Proxy component of chromium before 71.0.3578.80. - CVE-2018-18359 (information disclosure) An out-of-bounds read has been found in the V8 component of chromium before 71.0.3578.80. Impact ====== A remote attacker can access sensitive information, bypass security restrictions and execute arbitrary code on the affected host. References ========== https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desk... https://bugs.chromium.org/p/chromium/issues/detail?id=905940 https://bugs.chromium.org/p/chromium/issues/detail?id=901654 https://bugs.chromium.org/p/chromium/issues/detail?id=895362 https://bugs.chromium.org/p/chromium/issues/detail?id=898531 https://bugs.chromium.org/p/chromium/issues/detail?id=886753 https://bugs.chromium.org/p/chromium/issues/detail?id=890576 https://bugs.chromium.org/p/chromium/issues/detail?id=891187 https://bugs.chromium.org/p/chromium/issues/detail?id=896736 https://bugs.chromium.org/p/chromium/issues/detail?id=901030 https://bugs.chromium.org/p/chromium/issues/detail?id=906313 https://bugs.chromium.org/p/chromium/issues/detail?id=882423 https://bugs.chromium.org/p/chromium/issues/detail?id=866426 https://bugs.chromium.org/p/chromium/issues/detail?id=886976 https://bugs.chromium.org/p/chromium/issues/detail?id=606104 https://bugs.chromium.org/p/chromium/issues/detail?id=850824 https://bugs.chromium.org/p/chromium/issues/detail?id=881659 https://bugs.chromium.org/p/chromium/issues/detail?id=894399 https://bugs.chromium.org/p/chromium/issues/detail?id=799747 https://bugs.chromium.org/p/chromium/issues/detail?id=833847 https://bugs.chromium.org/p/chromium/issues/detail?id=849942 https://bugs.chromium.org/p/chromium/issues/detail?id=884179 https://bugs.chromium.org/p/chromium/issues/detail?id=889459 https://bugs.chromium.org/p/chromium/issues/detail?id=896717 https://bugs.chromium.org/p/chromium/issues/detail?id=883666 https://bugs.chromium.org/p/chromium/issues/detail?id=895207 https://bugs.chromium.org/p/chromium/issues/detail?id=899126 https://bugs.chromium.org/p/chromium/issues/detail?id=907714 https://security.archlinux.org/CVE-2018-17480 https://security.archlinux.org/CVE-2018-17481 https://security.archlinux.org/CVE-2018-18335 https://security.archlinux.org/CVE-2018-18336 https://security.archlinux.org/CVE-2018-18337 https://security.archlinux.org/CVE-2018-18338 https://security.archlinux.org/CVE-2018-18339 https://security.archlinux.org/CVE-2018-18340 https://security.archlinux.org/CVE-2018-18341 https://security.archlinux.org/CVE-2018-18342 https://security.archlinux.org/CVE-2018-18343 https://security.archlinux.org/CVE-2018-18344 https://security.archlinux.org/CVE-2018-18345 https://security.archlinux.org/CVE-2018-18346 https://security.archlinux.org/CVE-2018-18347 https://security.archlinux.org/CVE-2018-18348 https://security.archlinux.org/CVE-2018-18349 https://security.archlinux.org/CVE-2018-18350 https://security.archlinux.org/CVE-2018-18351 https://security.archlinux.org/CVE-2018-18352 https://security.archlinux.org/CVE-2018-18353 https://security.archlinux.org/CVE-2018-18354 https://security.archlinux.org/CVE-2018-18355 https://security.archlinux.org/CVE-2018-18356 https://security.archlinux.org/CVE-2018-18357 https://security.archlinux.org/CVE-2018-18358 https://security.archlinux.org/CVE-2018-18359