[ASA-201812-2] chromium: multiple issues

Jelle van der Waa jelle at archlinux.org
Tue Dec 11 17:08:37 UTC 2018


Arch Linux Security Advisory ASA-201812-2
=========================================

Severity: Critical
Date    : 2018-12-08
CVE-ID  : CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336
          CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340
          CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344
          CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348
          CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352
          CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356
          CVE-2018-18357 CVE-2018-18358 CVE-2018-18359
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-824

Summary
=======

The package chromium before version 71.0.3578.80-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, information disclosure and insufficient validation.

Resolution
==========

Upgrade to 71.0.3578.80-1.

# pacman -Syu "chromium>=71.0.3578.80-1"

The problems have been fixed upstream in version 71.0.3578.80.

Workaround
==========

None.

Description
===========

- CVE-2018-17480 (arbitrary code execution)

An out of bounds write has been found in the V8 component of chromium
before 71.0.3578.80.

- CVE-2018-17481 (arbitrary code execution)

A use-after-free has been found in the PDFium component of chromium
before 71.0.3578.80.

- CVE-2018-18335 (arbitrary code execution)

A heap-based buffer overflow has been found in the Skia component of
chromium before 71.0.3578.80.

- CVE-2018-18336 (arbitrary code execution)

A use-after-free has been found in the PDFium component of chromium
before 71.0.3578.80.

- CVE-2018-18337 (arbitrary code execution)

A use-after-free has been found in the Blink component of chromium
before 71.0.3578.80.

- CVE-2018-18338 (arbitrary code execution)

A heap-based buffer overflow has been found in the Canva component of
chromium before 71.0.3578.80.

- CVE-2018-18339 (arbitrary code execution)

A use-after-free has been found in the WebAudio component of chromium
before 71.0.3578.80.

- CVE-2018-18340 (arbitrary code execution)

A use-after-free has been found in the MediaRecorder component of
chromium before 71.0.3578.80.

- CVE-2018-18341 (arbitrary code execution)

A heap-based buffer overflow has been found in the Blink component of
chromium before 71.0.3578.80.

- CVE-2018-18342 (arbitrary code execution)

An out of bounds write has been found in the V8 component of chromium
before 71.0.3578.80.

- CVE-2018-18343 (arbitrary code execution)

A use-after-free has been found in the Skia component of chromium
before 71.0.3578.80.

- CVE-2018-18344 (access restriction bypass)

An inappropriate implementation issue has been found in the Extensions
component of chromium before 71.0.3578.80.

- CVE-2018-18345 (access restriction bypass)

An inappropriate implementation issue has been found in the Site
Isolation component of chromium before 71.0.3578.80.

- CVE-2018-18346 (access restriction bypass)

An incorrect security UI issue has been found in the Blink component of
chromium before 71.0.3578.80.

- CVE-2018-18347 (access restriction bypass)

An inappropriate implementation issue has been found in the Navigation
component of chromium before 71.0.3578.80.

- CVE-2018-18348 (access restriction bypass)

An inappropriate implementation issue has been found in the Omnibox
component of chromium before 71.0.3578.80.

- CVE-2018-18349 (access restriction bypass)

An insufficient policy enforcement issue has been found in the Blink
component of chromium before 71.0.3578.80.

- CVE-2018-18350 (access restriction bypass)

An insufficient policy enforcement issue has been found in the Blink
component of chromium before 71.0.3578.80.

- CVE-2018-18351 (access restriction bypass)

An insufficient policy enforcement issue has been found in the
Navigation component of chromium before 71.0.3578.80.

- CVE-2018-18352 (access restriction bypass)

An inappropriate implementation issue has been found in the Media
component of chromium before 71.0.3578.80.

- CVE-2018-18353 (access restriction bypass)

An inappropriate implementation issue has been found in the Network
Authentication component of chromium before 71.0.3578.80.

- CVE-2018-18354 (insufficient validation)

An insufficient data validation issue has been found in the Shell
Integration component of chromium before 71.0.3578.80.

- CVE-2018-18355 (access restriction bypass)

An insufficient policy enforcement issue has been found in the URL
Formatter component of chromium before 71.0.3578.80.

- CVE-2018-18356 (arbitrary code execution)

A use-after-free has been found in the Skia component of chromium
before 71.0.3578.80.

- CVE-2018-18357 (access restriction bypass)

An insufficient policy enforcement issue has been found in the URL
Formatter component of chromium before 71.0.3578.80.

- CVE-2018-18358 (access restriction bypass)

An insufficient policy enforcement issue has been found in the Proxy
component of chromium before 71.0.3578.80.

- CVE-2018-18359 (information disclosure)

An out-of-bounds read has been found in the V8 component of chromium
before 71.0.3578.80.

Impact
======

A remote attacker can access sensitive information, bypass security
restrictions and execute arbitrary code on the affected host.

References
==========

https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
https://bugs.chromium.org/p/chromium/issues/detail?id=905940
https://bugs.chromium.org/p/chromium/issues/detail?id=901654
https://bugs.chromium.org/p/chromium/issues/detail?id=895362
https://bugs.chromium.org/p/chromium/issues/detail?id=898531
https://bugs.chromium.org/p/chromium/issues/detail?id=886753
https://bugs.chromium.org/p/chromium/issues/detail?id=890576
https://bugs.chromium.org/p/chromium/issues/detail?id=891187
https://bugs.chromium.org/p/chromium/issues/detail?id=896736
https://bugs.chromium.org/p/chromium/issues/detail?id=901030
https://bugs.chromium.org/p/chromium/issues/detail?id=906313
https://bugs.chromium.org/p/chromium/issues/detail?id=882423
https://bugs.chromium.org/p/chromium/issues/detail?id=866426
https://bugs.chromium.org/p/chromium/issues/detail?id=886976
https://bugs.chromium.org/p/chromium/issues/detail?id=606104
https://bugs.chromium.org/p/chromium/issues/detail?id=850824
https://bugs.chromium.org/p/chromium/issues/detail?id=881659
https://bugs.chromium.org/p/chromium/issues/detail?id=894399
https://bugs.chromium.org/p/chromium/issues/detail?id=799747
https://bugs.chromium.org/p/chromium/issues/detail?id=833847
https://bugs.chromium.org/p/chromium/issues/detail?id=849942
https://bugs.chromium.org/p/chromium/issues/detail?id=884179
https://bugs.chromium.org/p/chromium/issues/detail?id=889459
https://bugs.chromium.org/p/chromium/issues/detail?id=896717
https://bugs.chromium.org/p/chromium/issues/detail?id=883666
https://bugs.chromium.org/p/chromium/issues/detail?id=895207
https://bugs.chromium.org/p/chromium/issues/detail?id=899126
https://bugs.chromium.org/p/chromium/issues/detail?id=907714
https://security.archlinux.org/CVE-2018-17480
https://security.archlinux.org/CVE-2018-17481
https://security.archlinux.org/CVE-2018-18335
https://security.archlinux.org/CVE-2018-18336
https://security.archlinux.org/CVE-2018-18337
https://security.archlinux.org/CVE-2018-18338
https://security.archlinux.org/CVE-2018-18339
https://security.archlinux.org/CVE-2018-18340
https://security.archlinux.org/CVE-2018-18341
https://security.archlinux.org/CVE-2018-18342
https://security.archlinux.org/CVE-2018-18343
https://security.archlinux.org/CVE-2018-18344
https://security.archlinux.org/CVE-2018-18345
https://security.archlinux.org/CVE-2018-18346
https://security.archlinux.org/CVE-2018-18347
https://security.archlinux.org/CVE-2018-18348
https://security.archlinux.org/CVE-2018-18349
https://security.archlinux.org/CVE-2018-18350
https://security.archlinux.org/CVE-2018-18351
https://security.archlinux.org/CVE-2018-18352
https://security.archlinux.org/CVE-2018-18353
https://security.archlinux.org/CVE-2018-18354
https://security.archlinux.org/CVE-2018-18355
https://security.archlinux.org/CVE-2018-18356
https://security.archlinux.org/CVE-2018-18357
https://security.archlinux.org/CVE-2018-18358
https://security.archlinux.org/CVE-2018-18359
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20181211/bc12d834/attachment.asc>


More information about the arch-security mailing list