openSUSE-SU-2018:4143-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2018:4143-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2018:4143-1
Related
Published
2018-12-15T09:27:33Z
Modified
2018-12-15T09:27:33Z
Summary
Security update for Chromium
Details

This update to Chromium 71.0.3578.98 fixes the following issues:

Security issues fixed (boo#1118529):

  • CVE-2018-17480: Out of bounds write in V8
  • CVE-2018-17481: Use after frees in PDFium
  • CVE-2018-18335: Heap buffer overflow in Skia
  • CVE-2018-18336: Use after free in PDFium
  • CVE-2018-18337: Use after free in Blink
  • CVE-2018-18338: Heap buffer overflow in Canvas
  • CVE-2018-18339: Use after free in WebAudio
  • CVE-2018-18340: Use after free in MediaRecorder
  • CVE-2018-18341: Heap buffer overflow in Blink
  • CVE-2018-18342: Out of bounds write in V8
  • CVE-2018-18343: Use after free in Skia
  • CVE-2018-18344: Inappropriate implementation in Extensions
  • Multiple issues in SQLite via WebSQL
  • CVE-2018-18345: Inappropriate implementation in Site Isolation
  • CVE-2018-18346: Incorrect security UI in Blink
  • CVE-2018-18347: Inappropriate implementation in Navigation
  • CVE-2018-18348: Inappropriate implementation in Omnibox
  • CVE-2018-18349: Insufficient policy enforcement in Blink
  • CVE-2018-18350: Insufficient policy enforcement in Blink
  • CVE-2018-18351: Insufficient policy enforcement in Navigation
  • CVE-2018-18352: Inappropriate implementation in Media
  • CVE-2018-18353: Inappropriate implementation in Network Authentication
  • CVE-2018-18354: Insufficient data validation in Shell Integration
  • CVE-2018-18355: Insufficient policy enforcement in URL Formatter
  • CVE-2018-18356: Use after free in Skia
  • CVE-2018-18357: Insufficient policy enforcement in URL Formatter
  • CVE-2018-18358: Insufficient policy enforcement in Proxy
  • CVE-2018-18359: Out of bounds read in V8
  • Inappropriate implementation in PDFium
  • Use after free in Extensions
  • Inappropriate implementation in Navigation
  • Insufficient policy enforcement in Navigation
  • Insufficient policy enforcement in URL Formatter
  • Various fixes from internal audits, fuzzing and other initiatives
  • CVE-2018-17481: Use after free in PDFium (boo#1119364)

The following changes are included:

  • advertisements posing as error messages are now blocked
  • Automatic playing of content at page load mostly disabled
  • New JavaScript API for relative time display
References

Affected packages

SUSE:Package Hub 12 SP2 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
71.0.3578.98-80.1

Ecosystem specific

{
    "binaries": [
        {
            "chromedriver": "71.0.3578.98-80.1",
            "chromium": "71.0.3578.98-80.1"
        }
    ]
}