SB2018012908 - openSUSE update for chromium

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018012908

SB2018012908 - openSUSE update for chromium

Published: January 29, 2018 Updated: July 1, 2021

Security Bulletin ID SB2018012908
CSH Severity
High
Patch available
YES
Number of vulnerabilities 24
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 13% Low 88%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 24 vulnerabilities.


1) Spoofing attack (CVE-ID: CVE-2017-15420)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.

Successful exploitation of the vulnerability results in address spoofing.


2) Use-after-free error (CVE-ID: CVE-2018-6031)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due use-after-free memory error in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

3) Cross-origin bypass (CVE-ID: CVE-2018-6032)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in Shared Worker. A remote attacker can bypass same origin policy restrictions and access potentially sensitive information.


4) Race condition (CVE-ID: CVE-2018-6033)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to race condition when opening downloaded files. A remote attacker can trick the victim into opening a specially crafted file, trigger race condition and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.


5) Integer overflow (CVE-ID: CVE-2018-6034)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in Blink. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.


6) Security restrictions bypass (CVE-ID: CVE-2018-6035)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to insufficient isolation of devtools from extensions. A remote attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain access to system.


7) Integer underflow (CVE-ID: CVE-2018-6036)

CWE-ID: CWE-191 - Integer underflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due integer underflow in WebAssembly. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

8) Security restrictions bypass (CVE-ID: CVE-2018-6037)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to insufficient user gesture requirements in autofill. A remote attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain access to system.


9) Heap-based buffer overflow (CVE-ID: CVE-2018-6038)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due heap-based buffer overflow in WebGL. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

10) Cross-site scripting (CVE-ID: CVE-2018-6039)

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear


The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in DevTools due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


11) Information disclosure (CVE-ID: CVE-2018-6040)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to content security policy bypass. A remote attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and read arbitrary files on the target system.


12) Spoofing attack (CVE-ID: CVE-2018-6041)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to URL spoofing in Navigation. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.

Successful exploitation of the vulnerability results in address spoofing.


13) Spoofing attack (CVE-ID: CVE-2018-6042)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.

Successful exploitation of the vulnerability results in address spoofing.


14) Security restrictions bypass (CVE-ID: CVE-2018-6043)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to insufficient escaping with external URL handlers. A remote attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain access to system.


15) Security restrictions bypass (CVE-ID: CVE-2018-6045)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to insufficient isolation of devtools from extensions. A remote attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain access to system.


16) Security restrictions bypass (CVE-ID: CVE-2018-6046)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to шnsufficient isolation of devtools from extensions. A remote attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain access to system.


17) Memory leak (CVE-ID: CVE-2018-6047)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to cross origin leak of redirect URL in in WebGL. A remote attacker can trick the victim into visiting a specially crafted website and read important data from system memory.

18) Security restrictions bypass (CVE-ID: CVE-2018-6048)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into visiting a specially crafted website, bypass referrer policy in Blink and gain access to system.


19) Spoofing attack (CVE-ID: CVE-2018-6049)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to UI spoofing in Permissions. A remote attacker can create a specially crafted web page, trick the victim into visiting it and conduct domain spoofing attacks.

Successful exploitation of the vulnerability results in address spoofing.


20) Spoofing attack (CVE-ID: CVE-2018-6050)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.

Successful exploitation of the vulnerability results in address spoofing.


21) Memory leak (CVE-ID: CVE-2018-6051)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to referrer leak in XSS Auditor. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary files on the target system.


22) Security restrictions bypass (CVE-ID: CVE-2018-6052)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to incomplete no-referrer policy implementation. A remote attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain access to system.


23) Memory leak (CVE-ID: CVE-2018-6053)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to leak of page thumbnails in New Tab Page. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary files on the target system.


24) Use-after-free error (CVE-ID: CVE-2018-6054)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due use-after-free memory error in WebUI. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

Remediation

Install update from vendor's website.

References