Chromium-browser Security Stretch 68.0.3440.75-1~deb9u1 Resolves 28 Vulnerabilities

According to a security bulletin released on the Debian website, 28 CVE MITRE registered vulnerabilities have been discovered in the chromium web browser (package: chromium-broswer) running on the Debian operating system.

CVE-2018-4117 exposes the system to information leak.
CVE-2018-6044 allows attackers to elevate permissions using extensions.
CVE-2018-6153 causes buffer overflow in the skia library.
CVE-2018-6154 causes buffer overflow in the WebGL implementation.
CVE-2018-6155 causes a use-after-free issue in the WebRTC implementation.
CVE-2018-6156 causes a buffer overflow in the WebRTC implementation.
CVE-2018-6157 causes type confusion in the WebRTC implementation.
CVE-2018-6158 causes a generic use-after-free issue.
CVE-2018-6159 allows attackers to bypass origin policy.
CVE-2018-6161 allows attackers to bypass origin policy.
CVE-2018-6162 causes buffer overflow in the WebGL implementation.
CVE-2018-6163 causes a URL spoofing issue.
CVE-2018-6164 allows attackers to bypass origin policy.
CVE-2018-6165 causes a URL spoofing issue.
CVE-2018-6166 causes a URL spoofing issue.
CVE-2018-6167 causes a URL spoofing issue.
CVE-2018-6168 allows attackers to bypass the Cross Origin Resource Sharing policy.
CVE-2018-6169 allows attackers to bypass permissions when installing extensions.
CVE-2018-6170 causes type confusion in the pdfium library.
CVE-2018-6171 causes a use-after-free issue in the WebBluetooth implementation.
CVE-2018-6172 causes a URL spoofing issue.
CVE-2018-6173 causes a URL spoofing issue.
CVE-2018-6174 causes integer overflow in the swiftshader library
CVE-2018-6175 causes a URL spoofing issue.
CVE-2018-6176 allows attackers to elevate permissions using extensions.
CVE-2018-6177 causes an information leak.
CVE-2018-6178 causes a user interface spoofing issue.
CVE-2018-6179 allows local file information to be leaked to extensions.

The above vulnerabilities have been addressed and resolved in the version 68.0.3440.75-1~deb9u1 stable distribution of the chromium web browser package. Users are requested to update their chromium-browser packages respectively. The security stretch release also resolves regression from the previous security update to prevent decoding of audio/video codecs. The status of the Debian chromium-browser package vulnerabilities can be tracked through Debian’s security tracker and it can be observed whether the vulnerabilities have been resolved in jessie, stretch, buster, and sid.

Aaron Michael
Aaron Micheal is an electrical engineer by profession and a hard-core gamer by passion. His exceptional experience with computer hardware and profound knowledge in gaming makes him a very competent writer. What makes him unique is his growing interest in the state of the art technologies that motivates him to learn, adopt, and integrate latest techniques into his work.