OPENSUSE-SU-2018:4143-1
Vulnerability Summary
Timeline
Description
Security update for Chromium This update to Chromium 71.0.3578.98 fixes the following issues: Security issues fixed (boo#1118529): - CVE-2018-17480: Out of bounds write in V8 - CVE-2018-17481: Use after frees in PDFium - CVE-2018-18335: Heap buffer overflow in Skia - CVE-2018-18336: Use after free in PDFium - CVE-2018-18337: Use after free in Blink - CVE-2018-18338: Heap buffer overflow in Canvas - CVE-2018-18339: Use after free in WebAudio - CVE-2018-18340: Use after free in MediaRecorder - CVE-2018-18341: Heap buffer overflow in Blink - CVE-2018-18342: Out of bounds write in V8 - CVE-2018-18343: Use after free in Skia - CVE-2018-18344: Inappropriate implementation in Extensions - Multiple issues in SQLite via WebSQL - CVE-2018-18345: Inappropriate implementation in Site Isolation - CVE-2018-18346: Incorrect security UI in Blink - CVE-2018-18347: Inappropriate implementation in Navigation - CVE-2018-18348: Inappropriate implementation in Omnibox - CVE-2018-18349: Insufficient policy enforcement in Blink - CVE-2018-18350: Insufficient policy enforcement in Blink - CVE-2018-18351: Insufficient policy enforcement in Navigation - CVE-2018-18352: Inappropriate implementation in Media - CVE-2018-18353: Inappropriate implementation in Network Authentication - CVE-2018-18354: Insufficient data validation in Shell Integration - CVE-2018-18355: Insufficient policy enforcement in URL Formatter - CVE-2018-18356: Use after free in Skia - CVE-2018-18357: Insufficient policy enforcement in URL Formatter - CVE-2018-18358: Insufficient policy enforcement in Proxy - CVE-2018-18359: Out of bounds read in V8 - Inappropriate implementation in PDFium - Use after free in Extensions - Inappropriate implementation in Navigation - Insufficient policy enforcement in Navigation - Insufficient policy enforcement in URL Formatter - Various fixes from internal audits, fuzzing and other initiatives - CVE-2018-17481: Use after free in PDFium (boo#1119364) The following changes are included: - advertisements posing as error messages are now blocked - Automatic playing of content at page load mostly disabled - New JavaScript API for relative time display
Affected Systems
- suse•chromium&distro=SUSE Package Hub 12 SP2
< 71.0.3578.98-80.1
References (30)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46/#PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46
- https://bugzilla.suse.com/1118529
- https://bugzilla.suse.com/1119364
- https://www.suse.com/security/cve/CVE-2018-17480
- https://www.suse.com/security/cve/CVE-2018-17481
- https://www.suse.com/security/cve/CVE-2018-18335
- https://www.suse.com/security/cve/CVE-2018-18336
- https://www.suse.com/security/cve/CVE-2018-18337
- https://www.suse.com/security/cve/CVE-2018-18338
- https://www.suse.com/security/cve/CVE-2018-18339
- https://www.suse.com/security/cve/CVE-2018-18340
- https://www.suse.com/security/cve/CVE-2018-18341
- https://www.suse.com/security/cve/CVE-2018-18342
- https://www.suse.com/security/cve/CVE-2018-18343
- https://www.suse.com/security/cve/CVE-2018-18344
- https://www.suse.com/security/cve/CVE-2018-18345
- https://www.suse.com/security/cve/CVE-2018-18346
- https://www.suse.com/security/cve/CVE-2018-18347
- https://www.suse.com/security/cve/CVE-2018-18348
- https://www.suse.com/security/cve/CVE-2018-18349
- https://www.suse.com/security/cve/CVE-2018-18350
- https://www.suse.com/security/cve/CVE-2018-18351
- https://www.suse.com/security/cve/CVE-2018-18352
- https://www.suse.com/security/cve/CVE-2018-18353
- https://www.suse.com/security/cve/CVE-2018-18354
- https://www.suse.com/security/cve/CVE-2018-18355
- https://www.suse.com/security/cve/CVE-2018-18356
- https://www.suse.com/security/cve/CVE-2018-18357
- https://www.suse.com/security/cve/CVE-2018-18358
- https://www.suse.com/security/cve/CVE-2018-18359