Update Info

openSUSE-2018-436


Security update for Chromium


Type: security
Severity: important
Issued: 2018-05-27
Description:
This update for Chromium to version 66.0.3359.181 fixes the following issues:

- CVE-2018-6118: Use after free in Media Cache (bsc#1091288)
- CVE-2018-6085: Use after free in Disk Cache
- CVE-2018-6086: Use after free in Disk Cache
- CVE-2018-6087: Use after free in WebAssembly
- CVE-2018-6088: Use after free in PDFium
- CVE-2018-6089: Same origin policy bypass in Service Worker
- CVE-2018-6090: Heap buffer overflow in Skia
- CVE-2018-6091: Incorrect handling of plug-ins by Service Worker
- CVE-2018-6092: Integer overflow in WebAssembly
- CVE-2018-6093: Same origin bypass in Service Worker
- CVE-2018-6094: Exploit hardening regression in Oilpan
- CVE-2018-6095: Lack of meaningful user interaction requirement before file upload
- CVE-2018-6096: Fullscreen UI spoof
- CVE-2018-6097: Fullscreen UI spoof
- CVE-2018-6098: URL spoof in Omnibox
- CVE-2018-6099: CORS bypass in ServiceWorker
- CVE-2018-6100: URL spoof in Omnibox
- CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools 
- CVE-2018-6102: URL spoof in Omnibox
- CVE-2018-6103: UI spoof in Permissions
- CVE-2018-6104: URL spoof in Omnibox
- CVE-2018-6105: URL spoof in Omnibox
- CVE-2018-6106: Incorrect handling of promises in V8
- CVE-2018-6107: URL spoof in Omnibox
- CVE-2018-6108: URL spoof in Omnibox
- CVE-2018-6109: Incorrect handling of files by FileAPI
- CVE-2018-6110: Incorrect handling of plaintext files via file:// 
- CVE-2018-6111: Heap-use-after-free in DevTools
- CVE-2018-6112: Incorrect URL handling in DevTools
- CVE-2018-6113: URL spoof in Navigation
- CVE-2018-6114: CSP bypass
- CVE-2018-6115: SmartScreen bypass in downloads
- CVE-2018-6116: Incorrect low memory handling in WebAssembly
- CVE-2018-6117: Confusing autofill settings
- CVE-2017-11215: Use after free in Flash
- CVE-2017-11225: Use after free in Flash
- CVE-2018-6060: Use after free in Blink
- CVE-2018-6061: Race condition in V8
- CVE-2018-6062: Heap buffer overflow in Skia
- CVE-2018-6057: Incorrect permissions on shared memory
- CVE-2018-6063: Incorrect permissions on shared memory
- CVE-2018-6064: Type confusion in V8
- CVE-2018-6065: Integer overflow in V8
- CVE-2018-6066: Same Origin Bypass via canvas
- CVE-2018-6067: Buffer overflow in Skia
- CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- CVE-2018-6069: Stack buffer overflow in Skia
- CVE-2018-6070: CSP bypass through extensions
- CVE-2018-6071: Heap bufffer overflow in Skia
- CVE-2018-6072: Integer overflow in PDFium
- CVE-2018-6073: Heap bufffer overflow in WebGL
- CVE-2018-6074: Mark-of-the-Web bypass
- CVE-2018-6075: Overly permissive cross origin downloads
- CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- CVE-2018-6077: Timing attack using SVG filters
- CVE-2018-6078: URL Spoof in OmniBox
- CVE-2018-6079: Information disclosure via texture data in WebGL
- CVE-2018-6080: Information disclosure in IPC call
- CVE-2018-6081: XSS in interstitials
- CVE-2018-6082: Circumvention of port blocking
- CVE-2018-6083: Incorrect processing of AppManifests
- CVE-2018-6121: Privilege Escalation in extensions
- CVE-2018-6122: Type confusion in V8
- CVE-2018-6120: Heap buffer overflow in PDFium    
- bsc#1086124: Various fixes from internal audits, fuzzing and other initiatives

This update also supports mitigation against the Spectre vulnerabilities:

"Strict site isolation" is disabled for most users and can be turned on via:
chrome://flags/#enable-site-per-process

This feature is undergoing a small percentage trial. Out out of the trial is possible via:
chrome://flags/#site-isolation-trial-opt-out

    
The following tracked packaging bug were fixed:

- Chromium could not be installed from SUSE PackageHub 12 without having the SDK enabled (bsc#1070421)
- Chromium could not be installed when libminizip1 was not available (bsc#1093031)


              

References


Packages


  • chromium-66.0.3359.181-55.1