Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0704-1 Final 1 1 2018-03-16T07:49:58Z current 2018-03-16T07:49:58Z 2018-03-16T07:49:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium This update for Chromium to version 65.0.3325.162 fixes the following issues: - CVE-2017-11215: Use after free in Flash - CVE-2017-11225: Use after free in Flash - CVE-2018-6060: Use after free in Blink - CVE-2018-6061: Race condition in V8 - CVE-2018-6062: Heap buffer overflow in Skia - CVE-2018-6057: Incorrect permissions on shared memory - CVE-2018-6063: Incorrect permissions on shared memory - CVE-2018-6064: Type confusion in V8 - CVE-2018-6065: Integer overflow in V8 - CVE-2018-6066: Same Origin Bypass via canvas - CVE-2018-6067: Buffer overflow in Skia - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab - CVE-2018-6069: Stack buffer overflow in Skia - CVE-2018-6070: CSP bypass through extensions - CVE-2018-6071: Heap bufffer overflow in Skia - CVE-2018-6072: Integer overflow in PDFium - CVE-2018-6073: Heap bufffer overflow in WebGL - CVE-2018-6074: Mark-of-the-Web bypass - CVE-2018-6075: Overly permissive cross origin downloads - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink - CVE-2018-6077: Timing attack using SVG filters - CVE-2018-6078: URL Spoof in OmniBox - CVE-2018-6079: Information disclosure via texture data in WebGL - CVE-2018-6080: Information disclosure in IPC call - CVE-2018-6081: XSS in interstitials - CVE-2018-6082: Circumvention of port blocking - CVE-2018-6083: Incorrect processing of AppManifests The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html E-Mail link for openSUSE-SU-2018:0704-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 chromedriver-65.0.3325.162-146.1 chromium-65.0.3325.162-146.1 chromedriver-65.0.3325.162-146.1 as a component of openSUSE Leap 42.3 chromium-65.0.3325.162-146.1 as a component of openSUSE Leap 42.3 An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. CVE-2017-11215 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2017-11215.html CVE-2017-11215 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. CVE-2017-11225 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2017-11225.html CVE-2017-11225 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. CVE-2018-6057 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6057.html CVE-2018-6057 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6060 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6060.html CVE-2018-6060 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6061 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6061.html CVE-2018-6061 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVE-2018-6062 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6062.html CVE-2018-6062 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. CVE-2018-6063 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6063.html CVE-2018-6063 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6064 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6064.html CVE-2018-6064 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6065 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6065.html CVE-2018-6065 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6066 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6066.html CVE-2018-6066 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6067 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6067.html CVE-2018-6067 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-6068 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6068.html CVE-2018-6068 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-6069 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6069.html CVE-2018-6069 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. CVE-2018-6070 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6070.html CVE-2018-6070 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-6071 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6071.html CVE-2018-6071 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2018-6072 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6072.html CVE-2018-6072 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVE-2018-6073 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6073.html CVE-2018-6073 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. CVE-2018-6074 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6074.html CVE-2018-6074 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction. CVE-2018-6075 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6075.html CVE-2018-6075 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page. CVE-2018-6076 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6076.html CVE-2018-6076 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6077 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6077.html CVE-2018-6077 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2018-6078 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6078.html CVE-2018-6078 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6079 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6079.html CVE-2018-6079 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . CVE-2018-6080 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6080.html CVE-2018-6080 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page. CVE-2018-6081 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6081.html CVE-2018-6081 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. CVE-2018-6082 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6082.html CVE-2018-6082 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. CVE-2018-6083 openSUSE Leap 42.3:chromedriver-65.0.3325.162-146.1 openSUSE Leap 42.3:chromium-65.0.3325.162-146.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00042.html https://www.suse.com/security/cve/CVE-2018-6083.html CVE-2018-6083 https://bugzilla.suse.com/1084296 SUSE Bug 1084296