Fedora EPEL 7 update for chromium
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 62 |
| CVE-ID | CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6128 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6148 CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106 CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6116 CVE-2018-6117 CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122 CVE-2018-6115 CVE-2018-6138 CVE-2018-6139 CVE-2018-6140 CVE-2018-6141 CVE-2018-6142 CVE-2018-6143 CVE-2018-6144 CVE-2018-6145 CVE-2018-6147 |
| CWE-ID | CWE-416 CWE-843 CWE-264 CWE-122 CWE-79 CWE-787 CWE-119 CWE-451 CWE-125 CWE-401 CWE-20 CWE-190 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system chromium Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 62 vulnerabilities.
1) Use-after-free error
EUVDB-ID: #VU13072
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6123
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in Blink when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Type confusion
EUVDB-ID: #VU13073
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6124
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error in Blink when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU13078
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6125
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to overly permissive policy in WebUSB. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to perform further attacks.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU13074
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6126
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow in Skia when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free error
EUVDB-ID: #VU13075
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6127
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in indexedDB when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Universal cross-site scripting
EUVDB-ID: #VU13079
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6128
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists on iOS due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds write
EUVDB-ID: #VU13076
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6129
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write in WebRTC. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU13077
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6130
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write in WebRTC. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Security restrictions bypass
EUVDB-ID: #VU13080
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6131
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to incorrect mutability protection in WebAssembly. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to perform further attacks.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory corruption
EUVDB-ID: #VU13081
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6132
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to use of uninitialized memory in WebRTC. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Spoofing attack
EUVDB-ID: #VU13095
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6133
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Security restrictions bypass
EUVDB-ID: #VU13084
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6134
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to referrer policy bypass in Blink. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to perform further attacks.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Spoofing attack
EUVDB-ID: #VU13096
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6135
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in Blink. A remote attacker can trick the victim into visiting a specially crafted website and conduct UI spoofing attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU13082
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6136
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to out-of-bounds memory read in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory leak
EUVDB-ID: #VU13083
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6137
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to leak of visited status of page in Blink. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and gain access to arbitrary data.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Incorrect handling of CSP header
EUVDB-ID: #VU13220
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6148
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to incorrect handling of CSP header. A remote attacker can execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free error
EUVDB-ID: #VU11956
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6085
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in Disk Cache. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free error
EUVDB-ID: #VU11961
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6086
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in Disk Cache. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free error
EUVDB-ID: #VU11962
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6087
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in WebAssembly. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free error
EUVDB-ID: #VU11963
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6088
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in PDFium. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Security restrictions bypass
EUVDB-ID: #VU11968
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6089
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Heap-based buffer overflow
EUVDB-ID: #VU11967
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6090
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to heap-based buffer overflow in Skia. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Security restrictions bypass
EUVDB-ID: #VU11975
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6091
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of plug-ins by Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass same origin policy restrictions and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Integer overflow
EUVDB-ID: #VU11970
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6092
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in WebAssembly. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Security restrictions bypass
EUVDB-ID: #VU11974
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6093
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass same origin restrictions and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Security restrictions bypass
EUVDB-ID: #VU11973
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6094
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to exploit hardening regression in Oilpan. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Security restrictions bypass
EUVDB-ID: #VU11972
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6095
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the lack of meaningful user interaction requirement before file upload. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Spoofing attack
EUVDB-ID: #VU11997
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6096
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to unspecified error. A remote attacker can trick the victim into visiting a specially crafted website and conduct spoof the Fullscreen UI.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Spoofing attack
EUVDB-ID: #VU11996
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6097
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to unspecified error. A remote attacker can trick the victim into visiting a specially crafted website and conduct spoof the Fullscreen UI.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Spoofing attack
EUVDB-ID: #VU11995
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6098
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Security restrictions bypass
EUVDB-ID: #VU11977
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6099
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass CORS and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Spoofing attack
EUVDB-ID: #VU12005
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6100
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Security restrictions bypass
EUVDB-ID: #VU11981
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6101
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to insufficient protection of remote debugging prototol in DevTools. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Spoofing attack
EUVDB-ID: #VU12004
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6102
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Spoofing attack
EUVDB-ID: #VU12003
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6103
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in Permissions. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Spoofing attack
EUVDB-ID: #VU12002
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6104
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Spoofing attack
EUVDB-ID: #VU12001
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6105
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Security restrictions bypass
EUVDB-ID: #VU11982
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6106
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of promises in V8. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Spoofing attack
EUVDB-ID: #VU12000
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6107
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Spoofing attack
EUVDB-ID: #VU11999
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6108
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Security restrictions bypass
EUVDB-ID: #VU11983
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6109
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of files by FileAPI. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Security restrictions bypass
EUVDB-ID: #VU11984
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6110
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of plaintext files via file://. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Heap-use-after-free error
EUVDB-ID: #VU11992
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6111
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-use-after-free error in DevTools. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Security restrictions bypass
EUVDB-ID: #VU11985
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6112
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect URL handling in DevTools. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Spoofing attack
EUVDB-ID: #VU11998
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6113
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in Navigation. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Security restrictions bypass
EUVDB-ID: #VU11986
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6114
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to unspecified flaw. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass CSP and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Security restrictions bypass
EUVDB-ID: #VU11989
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6116
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect low memory handling in WebAssembly. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Security restrictions bypass
EUVDB-ID: #VU11990
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6117
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error related to confusing autofill settings. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Use-after-free error
EUVDB-ID: #VU12396
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6118
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in Media Cache. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Heap-based buffer overflow
EUVDB-ID: #VU12579
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6120
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow in PDFium when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code withe elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Privilege escalation
EUVDB-ID: #VU12582
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6121
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to an error in extensions when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code withe elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Type confusion
EUVDB-ID: #VU12580
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6122
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion in V8 when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code withe elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Security restrictions bypass
EUVDB-ID: #VU11988
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6115
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to unspecified flaw. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass SmartScreen in downloads and gain unauthorized access to the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Security restrictions bypass
EUVDB-ID: #VU13085
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6138
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to overly permissive policy in Extensions. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to perform further attacks.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Security restrictions bypass
EUVDB-ID: #VU13086
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6139
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to restrictions bypass in the debugger extension API. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to perform further attacks.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Security restrictions bypass
EUVDB-ID: #VU13087
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6140
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to restrictions bypass in the debugger extension API. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to perform further attacks.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Heap-based buffer overflow
EUVDB-ID: #VU13088
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6141
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to heap-based buffer overflow in Skia. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Out-of-bounds read
EUVDB-ID: #VU13089
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6142
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to out-of-bounds read in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Out-of-bounds read
EUVDB-ID: #VU13090
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6143
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to out-of-bounds read in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Out-of-bounds read
EUVDB-ID: #VU13092
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6144
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and gain access to arbitrary data.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Security restrictions bypass
EUVDB-ID: #VU13094
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6145
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to incorrect escaping of MathML in Blink. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to perform further attacks.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Information disclosure
EUVDB-ID: #VU13093
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6147
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to password fields don't take advantage of OS protections in Views. A remote attacker can trick the victim into visiting a specially crafted website and gain access to arbitrary data.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 7
chromium: before 67.0.3396.79-1.el7
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-656b24ec40
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
