openSUSE-SU-2018:3835-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2018:3835-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2018:3835-1
Related
  • CVE-2018-17462
  • CVE-2018-17463
  • CVE-2018-17464
  • CVE-2018-17465
  • CVE-2018-17466
  • CVE-2018-17467
  • CVE-2018-17468
  • CVE-2018-17469
  • CVE-2018-17470
  • CVE-2018-17471
  • CVE-2018-17472
  • CVE-2018-17473
  • CVE-2018-17474
  • CVE-2018-17475
  • CVE-2018-17476
  • CVE-2018-17477
  • CVE-2018-17478
  • CVE-2018-5179
Published
2018-11-20T18:13:21Z
Modified
2018-11-20T18:13:21Z
Summary
Security update for chromium
Details

This update contains Chromium 70.0.3538.102 and fixes security issues and bugs.

Vulnerabilities fixed in 70.0.3538.102:

  • CVE-2018-17478: Out of bounds memory access in V8 (boo#1115537)

Vulnerabilities fixed in 70.0.3538.67 (bsc#1112111):

  • CVE-2018-17462: Sandbox escape in AppCache
  • CVE-2018-17463: Remote code execution in V8
  • Heap buffer overflow in Little CMS in PDFium
  • CVE-2018-17464: URL spoof in Omnibox
  • CVE-2018-17465: Use after free in V8
  • CVE-2018-17466: Memory corruption in Angle
  • CVE-2018-17467: URL spoof in Omnibox
  • CVE-2018-17468: Cross-origin URL disclosure in Blink
  • CVE-2018-17469: Heap buffer overflow in PDFium
  • CVE-2018-17470: Memory corruption in GPU Internals
  • CVE-2018-17471: Security UI occlusion in full screen mode
  • CVE-2018-17473: URL spoof in Omnibox
  • CVE-2018-17474: Use after free in Blink
  • CVE-2018-17475: URL spoof in Omnibox
  • CVE-2018-17476: Security UI occlusion in full screen mode
  • CVE-2018-5179: Lack of limits on update() in ServiceWorker
  • CVE-2018-17477: UI spoof in Extensions

This update contains the following packaging changes:

  • VAAPI hardware accelerated rendering is now enabled by default.
  • Use the system libusb-1.0 library
  • Use bundled harfbuzz library
  • Disable gnome-keyring to avoid crashes
  • noto-emoji-fonts is no longer a recommended dependency
References

Affected packages

SUSE:Package Hub 12 SP2 / chromium

Package

Name
chromium
Purl
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
70.0.3538.102-74.1

Ecosystem specific

{
    "binaries": [
        {
            "chromedriver": "70.0.3538.102-74.1",
            "chromium": "70.0.3538.102-74.1"
        }
    ]
}