Security

Chromium-browser Security Stretch 68.0.3440.75-1~deb9u1 Resolves 28 Vulnerabilities

According to a security bulletin released on the Debian website, 28 CVE MITRE registered vulnerabilities have been discovered in the chromium web browser (package: chromium-broswer) running on the Debian operating system.

CVE-2018-4117 exposes the system to information leak.
CVE-2018-6044 allows attackers to elevate permissions using extensions.
CVE-2018-6153 causes buffer overflow in the skia library.
CVE-2018-6154 causes buffer overflow in the WebGL implementation.
CVE-2018-6155 causes a use-after-free issue in the WebRTC implementation.
CVE-2018-6156 causes a buffer overflow in the WebRTC implementation.
CVE-2018-6157 causes type confusion in the WebRTC implementation.
CVE-2018-6158 causes a generic use-after-free issue.
CVE-2018-6159 allows attackers to bypass origin policy.
CVE-2018-6161 allows attackers to bypass origin policy.
CVE-2018-6162 causes buffer overflow in the WebGL implementation.
CVE-2018-6163 causes a URL spoofing issue.
CVE-2018-6164 allows attackers to bypass origin policy.
CVE-2018-6165 causes a URL spoofing issue.
CVE-2018-6166 causes a URL spoofing issue.
CVE-2018-6167 causes a URL spoofing issue.
CVE-2018-6168 allows attackers to bypass the Cross Origin Resource Sharing policy.
CVE-2018-6169 allows attackers to bypass permissions when installing extensions.
CVE-2018-6170 causes type confusion in the pdfium library.
CVE-2018-6171 causes a use-after-free issue in the WebBluetooth implementation.
CVE-2018-6172 causes a URL spoofing issue.
CVE-2018-6173 causes a URL spoofing issue.
CVE-2018-6174 causes integer overflow in the swiftshader library
CVE-2018-6175 causes a URL spoofing issue.
CVE-2018-6176 allows attackers to elevate permissions using extensions.
CVE-2018-6177 causes an information leak.
CVE-2018-6178 causes a user interface spoofing issue.
CVE-2018-6179 allows local file information to be leaked to extensions.

The above vulnerabilities have been addressed and resolved in the version 68.0.3440.75-1~deb9u1 stable distribution of the chromium web browser package. Users are requested to update their chromium-browser packages respectively. The security stretch release also resolves regression from the previous security update to prevent decoding of audio/video codecs. The status of the Debian chromium-browser package vulnerabilities can be tracked through Debian’s security tracker and it can be observed whether the vulnerabilities have been resolved in jessie, stretch, buster, and sid.


Leave a Reply

Your email address will not be published.

Close