Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:3835-1 Final 1 1 2018-11-20T18:13:21Z current 2018-11-20T18:13:21Z 2018-11-20T18:13:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update contains Chromium 70.0.3538.102 and fixes security issues and bugs. Vulnerabilities fixed in 70.0.3538.102: - CVE-2018-17478: Out of bounds memory access in V8 (boo#1115537) Vulnerabilities fixed in 70.0.3538.67 (bsc#1112111): - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox - CVE-2018-17465: Use after free in V8 - CVE-2018-17466: Memory corruption in Angle - CVE-2018-17467: URL spoof in Omnibox - CVE-2018-17468: Cross-origin URL disclosure in Blink - CVE-2018-17469: Heap buffer overflow in PDFium - CVE-2018-17470: Memory corruption in GPU Internals - CVE-2018-17471: Security UI occlusion in full screen mode - CVE-2018-17473: URL spoof in Omnibox - CVE-2018-17474: Use after free in Blink - CVE-2018-17475: URL spoof in Omnibox - CVE-2018-17476: Security UI occlusion in full screen mode - CVE-2018-5179: Lack of limits on update() in ServiceWorker - CVE-2018-17477: UI spoof in Extensions This update contains the following packaging changes: - VAAPI hardware accelerated rendering is now enabled by default. - Use the system libusb-1.0 library - Use bundled harfbuzz library - Disable gnome-keyring to avoid crashes - noto-emoji-fonts is no longer a recommended dependency The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2018-1436 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I E-Mail link for openSUSE-SU-2018:3835-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1115537 SUSE Bug 1115537 https://www.suse.com/security/cve/CVE-2018-17462/ SUSE CVE CVE-2018-17462 page https://www.suse.com/security/cve/CVE-2018-17463/ SUSE CVE CVE-2018-17463 page https://www.suse.com/security/cve/CVE-2018-17464/ SUSE CVE CVE-2018-17464 page https://www.suse.com/security/cve/CVE-2018-17465/ SUSE CVE CVE-2018-17465 page https://www.suse.com/security/cve/CVE-2018-17466/ SUSE CVE CVE-2018-17466 page https://www.suse.com/security/cve/CVE-2018-17467/ SUSE CVE CVE-2018-17467 page https://www.suse.com/security/cve/CVE-2018-17468/ SUSE CVE CVE-2018-17468 page https://www.suse.com/security/cve/CVE-2018-17469/ SUSE CVE CVE-2018-17469 page https://www.suse.com/security/cve/CVE-2018-17470/ SUSE CVE CVE-2018-17470 page https://www.suse.com/security/cve/CVE-2018-17471/ SUSE CVE CVE-2018-17471 page https://www.suse.com/security/cve/CVE-2018-17472/ SUSE CVE CVE-2018-17472 page https://www.suse.com/security/cve/CVE-2018-17473/ SUSE CVE CVE-2018-17473 page https://www.suse.com/security/cve/CVE-2018-17474/ SUSE CVE CVE-2018-17474 page https://www.suse.com/security/cve/CVE-2018-17475/ SUSE CVE CVE-2018-17475 page https://www.suse.com/security/cve/CVE-2018-17476/ SUSE CVE CVE-2018-17476 page https://www.suse.com/security/cve/CVE-2018-17477/ SUSE CVE CVE-2018-17477 page https://www.suse.com/security/cve/CVE-2018-17478/ SUSE CVE CVE-2018-17478 page https://www.suse.com/security/cve/CVE-2018-5179/ SUSE CVE CVE-2018-5179 page SUSE Package Hub 12 SP2 chromedriver-70.0.3538.102-74.1 chromium-70.0.3538.102-74.1 chromedriver-70.0.3538.102-74.1 as a component of SUSE Package Hub 12 SP2 chromium-70.0.3538.102-74.1 as a component of SUSE Package Hub 12 SP2 Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. CVE-2018-17462 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17462.html CVE-2018-17462 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-17463 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17463.html CVE-2018-17463 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-17464 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17464.html CVE-2018-17464 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. CVE-2018-17465 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17465.html CVE-2018-17465 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-17466 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17466.html CVE-2018-17466 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 https://bugzilla.suse.com/1121207 SUSE Bug 1121207 Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-17467 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17467.html CVE-2018-17467 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. CVE-2018-17468 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17468.html CVE-2018-17468 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. CVE-2018-17469 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17469.html CVE-2018-17469 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2018-17470 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17470.html CVE-2018-17470 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. CVE-2018-17471 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17471.html CVE-2018-17471 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page. CVE-2018-17472 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17472.html CVE-2018-17472 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2018-17473 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17473.html CVE-2018-17473 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-17474 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17474.html CVE-2018-17474 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-17475 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17475.html CVE-2018-17475 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. CVE-2018-17476 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17476.html CVE-2018-17476 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page. CVE-2018-17477 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17477.html CVE-2018-17477 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. CVE-2018-17478 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-17478.html CVE-2018-17478 https://bugzilla.suse.com/1115537 SUSE Bug 1115537 A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. CVE-2018-5179 SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1 SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I https://www.suse.com/security/cve/CVE-2018-5179.html CVE-2018-5179 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105