SB2018112750 - Fedora 28 update for chromium
Published: November 27, 2018 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 20 vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2018-17478)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to out-of-bounds memory read in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds memory access and cause the service to crash.
2) Use-after-free error (CVE-ID: CVE-2018-17479)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in GPU when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
3) Integer overflow (CVE-ID: CVE-2018-16435)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the AllocateDataSet function in cmscgats.c when handling malicious input. A remote unauthenticated attacker can supply a specially crafted file in the second argument to cmsIT8LoadFromFile, trigger heap-based buffer overflow in the SetData function and cause the service to crash or execute arbitrary code with elevated prvileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Sandbox escape (CVE-ID: CVE-2018-17462)
CWE-ID: CWE-265 - Privilege / Sandbox Issues
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to sandbox escape in AppCache. A remote attacker can trick the victim into visiting a specially crafted website, escape sandbox in AppCache and gain unauthorized access to the system to execute arbitrary code with elevated privileges.
Successful exploitation on the vulnerability may result in system compromise.
5) Type Confusion (CVE-ID: CVE-2018-17463)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when processing HTML content in Google Chromes JIT compiler. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) URL spoofing (CVE-ID: CVE-2018-17464)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to spoof URLs.
The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
7) Use-after-free error (CVE-ID: CVE-2018-17465)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation on the vulnerability may result in system compromise.
8) Memory corruption (CVE-ID: CVE-2018-17466)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in Angle. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation on the vulnerability may result in system compromise.
9) URL spoofing (CVE-ID: CVE-2018-17467)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to spoof URLs.
The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
10) Information disclosure (CVE-ID: CVE-2018-17468)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to cross-origin URL disclosure in Blink. A remote attacker can trick the victim into visiting a specially crafted website and disclose cross-origin URL.
11) Heap-based buffer overflow (CVE-ID: CVE-2018-17469)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to heap-based buffer overflow in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
12) Memory corruption (CVE-ID: CVE-2018-17470)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to boundary error in GPU Internals. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
13) Security restrictions bypass (CVE-ID: CVE-2018-17471)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to security UI occlusion in full screen mode. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.
14) URL spoofing (CVE-ID: CVE-2018-17473)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to spoof URLs.
The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
15) Use-after-free error (CVE-ID: CVE-2018-17474)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to use-after-free error in Blink. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.
16) URL spoofing (CVE-ID: CVE-2018-17475)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to spoof URLs.
The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.
17) Security restrictions bypass (CVE-ID: CVE-2018-17476)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to security UI occlusion in full screen mode. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.
18) Security restrictions bypass (CVE-ID: CVE-2018-5179)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to lack of limits on update() in ServiceWorker. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.
19) Spoofing attack (CVE-ID: CVE-2018-17477)
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in Blink. A remote attacker can trick the victim into visiting a specially crafted website and conduct UI spoofing attack.
20) Security restrictions bypass (CVE-ID: CVE-2018-17472)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to iframe sandbox escape on iOS. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.
Remediation
Install update from vendor's website.