openSUSE-SU-2018:4143-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2018:4143-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2018:4143-1
- Related
- Published
- 2018-12-15T09:27:33Z
- Modified
- 2018-12-15T09:27:33Z
- Summary
- Security update for Chromium
- Details
-
This update to Chromium 71.0.3578.98 fixes the following issues:
Security issues fixed (boo#1118529):
- CVE-2018-17480: Out of bounds write in V8
- CVE-2018-17481: Use after frees in PDFium
- CVE-2018-18335: Heap buffer overflow in Skia
- CVE-2018-18336: Use after free in PDFium
- CVE-2018-18337: Use after free in Blink
- CVE-2018-18338: Heap buffer overflow in Canvas
- CVE-2018-18339: Use after free in WebAudio
- CVE-2018-18340: Use after free in MediaRecorder
- CVE-2018-18341: Heap buffer overflow in Blink
- CVE-2018-18342: Out of bounds write in V8
- CVE-2018-18343: Use after free in Skia
- CVE-2018-18344: Inappropriate implementation in Extensions
- Multiple issues in SQLite via WebSQL
- CVE-2018-18345: Inappropriate implementation in Site Isolation
- CVE-2018-18346: Incorrect security UI in Blink
- CVE-2018-18347: Inappropriate implementation in Navigation
- CVE-2018-18348: Inappropriate implementation in Omnibox
- CVE-2018-18349: Insufficient policy enforcement in Blink
- CVE-2018-18350: Insufficient policy enforcement in Blink
- CVE-2018-18351: Insufficient policy enforcement in Navigation
- CVE-2018-18352: Inappropriate implementation in Media
- CVE-2018-18353: Inappropriate implementation in Network Authentication
- CVE-2018-18354: Insufficient data validation in Shell Integration
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter
- CVE-2018-18356: Use after free in Skia
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter
- CVE-2018-18358: Insufficient policy enforcement in Proxy
- CVE-2018-18359: Out of bounds read in V8
- Inappropriate implementation in PDFium
- Use after free in Extensions
- Inappropriate implementation in Navigation
- Insufficient policy enforcement in Navigation
- Insufficient policy enforcement in URL Formatter
- Various fixes from internal audits, fuzzing and other initiatives
- CVE-2018-17481: Use after free in PDFium (boo#1119364)
The following changes are included:
- advertisements posing as error messages are now blocked
- Automatic playing of content at page load mostly disabled
- New JavaScript API for relative time display
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46/#PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46
- https://bugzilla.suse.com/1118529
- https://bugzilla.suse.com/1119364
- https://www.suse.com/security/cve/CVE-2018-17480
- https://www.suse.com/security/cve/CVE-2018-17481
- https://www.suse.com/security/cve/CVE-2018-18335
- https://www.suse.com/security/cve/CVE-2018-18336
- https://www.suse.com/security/cve/CVE-2018-18337
- https://www.suse.com/security/cve/CVE-2018-18338
- https://www.suse.com/security/cve/CVE-2018-18339
- https://www.suse.com/security/cve/CVE-2018-18340
- https://www.suse.com/security/cve/CVE-2018-18341
- https://www.suse.com/security/cve/CVE-2018-18342
- https://www.suse.com/security/cve/CVE-2018-18343
- https://www.suse.com/security/cve/CVE-2018-18344
- https://www.suse.com/security/cve/CVE-2018-18345
- https://www.suse.com/security/cve/CVE-2018-18346
- https://www.suse.com/security/cve/CVE-2018-18347
- https://www.suse.com/security/cve/CVE-2018-18348
- https://www.suse.com/security/cve/CVE-2018-18349
- https://www.suse.com/security/cve/CVE-2018-18350
- https://www.suse.com/security/cve/CVE-2018-18351
- https://www.suse.com/security/cve/CVE-2018-18352
- https://www.suse.com/security/cve/CVE-2018-18353
- https://www.suse.com/security/cve/CVE-2018-18354
- https://www.suse.com/security/cve/CVE-2018-18355
- https://www.suse.com/security/cve/CVE-2018-18356
- https://www.suse.com/security/cve/CVE-2018-18357
- https://www.suse.com/security/cve/CVE-2018-18358
- https://www.suse.com/security/cve/CVE-2018-18359