SB2018031612 - OpenSUSE Linux update for Chromium

Security Bulletin ID SB2018031612

Severity

Medium

Patch available

YES

Number of vulnerabilities 27

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 27 secuirty vulnerabilities.

1) Use-after-free error (CVE-ID: CVE-2017-11215)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

2) Use-after-free error (CVE-ID: CVE-2017-11225)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free error. A remote attacker can trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

3) Memory corruption (CVE-ID: CVE-2018-6057)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to incorrect permissions on shared memory. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Use-after-free error (CVE-ID: CVE-2018-6060)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in Blink. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) Race condition (CVE-ID: CVE-2018-6061)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to race condition in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

6) Heap-based buffer overflow (CVE-ID: CVE-2018-6062)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in Skia. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

7) Memory corruption (CVE-ID: CVE-2018-6063)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to incorrect permissions on shared memory. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

8) Type confusion (CVE-ID: CVE-2018-6064)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

9) Integer overflow (CVE-ID: CVE-2018-6065)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

10) Security restrictions bypass (CVE-ID: CVE-2018-6066)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to same origin bypass via canvas. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions.

11) Buffer overflow (CVE-ID: CVE-2018-6067)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in Skia due to buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash.

12) Improper resource shutdown (CVE-ID: CVE-2018-6068)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to object lifetime issues. A remote attacker can cause the service to crash.

13) Stack-based buffer overflow (CVE-ID: CVE-2018-6069)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in Skia due to stack-based buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash.

14) Improper access control (CVE-ID: CVE-2018-6070)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to CSP bypass through extensions. A remote attacker can bypass security restrictions.

15) Heap-based buffer overflow (CVE-ID: CVE-2018-6071)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in Skia due to heap-based buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash.

16) Integer overflow (CVE-ID: CVE-2018-6072)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in PDFium due to integer overflow. A remote attacker can trigger buffer overflow and cause the service to crash.

17) Heap-based buffer overflow (CVE-ID: CVE-2018-6073)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in WebGL due to heap-based buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash.

18) Improper access control (CVE-ID: CVE-2018-6074)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to Mark-of-the-Web bypass. A remote attacker can bypass security restrictions.

19) Security restrictions bypass (CVE-ID: CVE-2018-6075)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to overly permissive cross origin downloads. A remote attacker can bypass security restrictions.

20) Data handling (CVE-ID: CVE-2018-6076)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in Blink due to incorrect handling of URL fragment identifiers. A remote attacker can cause the service to crash.

21) Timing attack (CVE-ID: CVE-2018-6077)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in SVG filters due to covert timing channel. A remote attacker can gain access to potentially sensitive information.

22) Spoofing attack (CVE-ID: CVE-2018-6078)

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The weakness exists in OmniBox due to URL spoof. A remote attacker can perform spoofing attack and obtain arbitrary data.

23) Information disclosure (CVE-ID: CVE-2018-6079)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in WebGL due to improper information control via texture data. A remote attacker can gain access to potentially sensitive information.

24) Information disclosure (CVE-ID: CVE-2018-6080)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in IPC call due to improper information control. A remote attacker can gain access to potentially sensitive information.

25) Cross-site scripting (CVE-ID: CVE-2018-6081)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The weakness exists in interstitials due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

26) Security restrictions bypass (CVE-ID: CVE-2018-6082)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to circumvention of port blocking. A remote attacker can bypass security restrictions.

27) Improper access control (CVE-ID: CVE-2018-6083)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to incorrect processing of AppManifests. A remote attacker can bypass security restrictions.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html