Debian update for chromium-browser

Published: 2018-12-08 23:21:41
Severity High
Patch available YES
Number of vulnerabilities 27
CVE ID CVE-2018-17480
CVE-2018-17481
CVE-2018-18335
CVE-2018-18336
CVE-2018-18337
CVE-2018-18338
CVE-2018-18339
CVE-2018-18340
CVE-2018-18341
CVE-2018-18342
CVE-2018-18343
CVE-2018-18344
CVE-2018-18345
CVE-2018-18346
CVE-2018-18347
CVE-2018-18348
CVE-2018-18349
CVE-2018-18350
CVE-2018-18351
CVE-2018-18352
CVE-2018-18353
CVE-2018-18354
CVE-2018-18355
CVE-2018-18356
CVE-2018-18357
CVE-2018-18358
CVE-2018-18359
CVSSv3 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-787
CWE-416
CWE-122
CWE-20
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software chromium-browser (Debian package)
Vulnerable software versions chromium-browser (Debian package) 70.0.3538.110-1~deb9u1
chromium-browser (Debian package) 70.0.3538.110-1
chromium-browser (Debian package) 70.0.3538.102-1~deb9u1

Show more

Vendor URL Debian

Security Advisory

1) Out-of-bounds write

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write in V8 when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

2) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in PDFium when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

3) Heap-based buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in Skia when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

4) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in PDFium when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

5) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in Blink when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

6) Heap-based buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in Canvas when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

7) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in WebAudio when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

8) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in MediaRecorder when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

9) Heap-based buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in Blink when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

10) Out-of-bounds write

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write in V8 when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

11) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in Skia when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

12) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to inappropriate implementation in Extensions when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

13) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to inappropriate implementation in Site when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and cause the browser to crash.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

14) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to incorrect security UI in Blink when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

15) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to inappropriate implementation in Navigation when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and cause the browser to crash.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

16) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to inappropriate implementation in Omnibox when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and cause the browser to crash.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

17) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to insufficient policy enforcement in Blink when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

18) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to insufficient policy enforcement in Blink when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

19) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to insufficient policy enforcement in Navigation when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

20) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to inappropriate implementation in Media when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and cause the browser to crash.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

21) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to inappropriate implementation in Network when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and cause the browser to crash.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

22) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to insufficient data validation in Shell. A remote attacker can trick the victim into visiting a specially crafted website and cause the browser to crash.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

23) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to insufficient policy enforcement in URL Formatter when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

24) Use-after-free error

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to use-after-free error in Skia when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the browser to crash.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

25) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to insufficient policy enforcement in URL Formatter when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

26) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to insufficient policy enforcement in Proxy when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions to conduct further attacks.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

27) Out-of-bounds read

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the browser to crash.

Remediation

Update the affected package to version: 71.0.3578.80-1~deb9u1.

External links

https://www.debian.org/security/2018/dsa-4352

Back to List