First Last Prev Next    This bug is not in your last search results.
Bug 1090000 - VUL-0: chromium: multiple vulnerabilities fixed in 66.0.3359.117
VUL-0: chromium: multiple vulnerabilities fixed in 66.0.3359.117
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.3
Other Other
: P3 - Medium : Major (vote)
: ---
Assigned To: Security Team bot
E-mail List
:
Depends on: 1090046
Blocks:
  Show dependency treegraph
 
Reported: 2018-04-18 08:36 UTC by Andreas Stieger
Modified: 2018-05-27 16:07 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2018-04-18 08:36:16 UTC 
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html

CVE-2018-6085: Use after free in Disk Cache
CVE-2018-6086: Use after free in Disk Cache
CVE-2018-6087: Use after free in WebAssembly
CVE-2018-6088: Use after free in PDFium
CVE-2018-6089: Same origin policy bypass in Service Worker
CVE-2018-6090: Heap buffer overflow in Skia
CVE-2018-6091: Incorrect handling of plug-ins by Service Worker
CVE-2018-6092: Integer overflow in WebAssembly
CVE-2018-6093: Same origin bypass in Service Worker
CVE-2018-6094: Exploit hardening regression in Oilpan
CVE-2018-6095: Lack of meaningful user interaction requirement before file upload
CVE-2018-6096: Fullscreen UI spoof
CVE-2018-6097: Fullscreen UI spoof
CVE-2018-6098: URL spoof in Omnibox
CVE-2018-6099: CORS bypass in ServiceWorker
CVE-2018-6100: URL spoof in Omnibox
CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools 
CVE-2018-6102: URL spoof in Omnibox
CVE-2018-6103: UI spoof in Permissions
CVE-2018-6104: URL spoof in Omnibox
CVE-2018-6105: URL spoof in Omnibox
CVE-2018-6106: Incorrect handling of promises in V8
CVE-2018-6107: URL spoof in Omnibox
CVE-2018-6108: URL spoof in Omnibox
CVE-2018-6109: Incorrect handling of files by FileAPI
CVE-2018-6110: Incorrect handling of plaintext files via file:// 
CVE-2018-6111: Heap-use-after-free in DevTools
CVE-2018-6112: Incorrect URL handling in DevTools
CVE-2018-6113: URL spoof in Navigation
CVE-2018-6114: CSP bypass
CVE-2018-6115: SmartScreen bypass in downloads
CVE-2018-6116: Incorrect low memory handling in WebAssembly
CVE-2018-6117: Confusing autofill settings
Various fixes from internal audits, fuzzing and other initiatives

Not for us:
CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS
Comment 1 Swamp Workflow Management 2018-04-18 10:50:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1090000) was mentioned in
https://build.opensuse.org/request/show/597734 Factory / chromium
https://build.opensuse.org/request/show/597736 42.3 / chromium
Comment 2 Swamp Workflow Management 2018-04-19 07:50:14 UTC 
This is an autogenerated message for OBS integration:
This bug (1090000) was mentioned in
https://build.opensuse.org/request/show/598021 42.3 / chromium
Comment 3 Andreas Stieger 2018-04-19 13:54:58 UTC 
This update also supports mitigation against the Spectre vulnerabilities:

"Strict site isolation" is disabled for most users and can be turned on via:
chrome://flags/#enable-site-per-process

This feature is undergoing a small percentage trial. Out out of the trial is possible via:
chrome://flags/#site-isolation-trial-opt-out
Comment 4 Swamp Workflow Management 2018-04-20 22:08:41 UTC 
openSUSE-SU-2018:1042-1: An update that fixes 33 vulnerabilities is now available.

Category: security (important)
Bug References: 1086199,1090000
CVE References: CVE-2018-6085,CVE-2018-6086,CVE-2018-6087,CVE-2018-6088,CVE-2018-6089,CVE-2018-6090,CVE-2018-6091,CVE-2018-6092,CVE-2018-6093,CVE-2018-6094,CVE-2018-6095,CVE-2018-6096,CVE-2018-6097,CVE-2018-6098,CVE-2018-6099,CVE-2018-6100,CVE-2018-6101,CVE-2018-6102,CVE-2018-6103,CVE-2018-6104,CVE-2018-6105,CVE-2018-6106,CVE-2018-6107,CVE-2018-6108,CVE-2018-6109,CVE-2018-6110,CVE-2018-6111,CVE-2018-6112,CVE-2018-6113,CVE-2018-6114,CVE-2018-6115,CVE-2018-6116,CVE-2018-6117
Sources used:
openSUSE Leap 42.3 (src):    chromium-66.0.3359.117-152.1
Comment 5 Andreas Stieger 2018-05-07 19:19:11 UTC 
good build for openSUSE:Backports:SLE-12-SP2 at this time after some tweaks in :Update. Closing as resolved.
Comment 6 Swamp Workflow Management 2018-05-09 13:08:08 UTC 
openSUSE-SU-2018:1175-1: An update that fixes 61 vulnerabilities is now available.

Category: security (important)
Bug References: 1084296,1086124,1090000,1091288
CVE References: CVE-2017-11215,CVE-2017-11225,CVE-2018-6057,CVE-2018-6060,CVE-2018-6061,CVE-2018-6062,CVE-2018-6063,CVE-2018-6064,CVE-2018-6065,CVE-2018-6066,CVE-2018-6067,CVE-2018-6068,CVE-2018-6069,CVE-2018-6070,CVE-2018-6071,CVE-2018-6072,CVE-2018-6073,CVE-2018-6074,CVE-2018-6075,CVE-2018-6076,CVE-2018-6077,CVE-2018-6078,CVE-2018-6079,CVE-2018-6080,CVE-2018-6081,CVE-2018-6082,CVE-2018-6083,CVE-2018-6085,CVE-2018-6086,CVE-2018-6087,CVE-2018-6088,CVE-2018-6089,CVE-2018-6090,CVE-2018-6091,CVE-2018-6092,CVE-2018-6093,CVE-2018-6094,CVE-2018-6095,CVE-2018-6096,CVE-2018-6097,CVE-2018-6098,CVE-2018-6099,CVE-2018-6100,CVE-2018-6101,CVE-2018-6102,CVE-2018-6103,CVE-2018-6104,CVE-2018-6105,CVE-2018-6106,CVE-2018-6107,CVE-2018-6108,CVE-2018-6109,CVE-2018-6110,CVE-2018-6111,CVE-2018-6112,CVE-2018-6113,CVE-2018-6114,CVE-2018-6115,CVE-2018-6116,CVE-2018-6117,CVE-2018-6118
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-66.0.3359.139-2.1
Comment 7 Swamp Workflow Management 2018-05-23 13:20:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1090000) was mentioned in
https://build.opensuse.org/request/show/611552 Backports:SLE-12-SP2 / chromium
Comment 8 Swamp Workflow Management 2018-05-23 16:10:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1090000) was mentioned in
https://build.opensuse.org/request/show/611716 Backports:SLE-12-SP2 / chromium
Comment 9 Swamp Workflow Management 2018-05-26 23:50:22 UTC 
This is an autogenerated message for OBS integration:
This bug (1090000) was mentioned in
https://build.opensuse.org/request/show/612434 Backports:SLE-12-SP2 / chromium
Comment 10 Swamp Workflow Management 2018-05-27 16:07:19 UTC 
openSUSE-SU-2018:1437-1: An update that fixes 64 vulnerabilities is now available.

Category: security (important)
Bug References: 1084296,1086124,1090000,1091288,1092272,1092923,1093031
CVE References: CVE-2017-11215,CVE-2017-11225,CVE-2018-6057,CVE-2018-6060,CVE-2018-6061,CVE-2018-6062,CVE-2018-6063,CVE-2018-6064,CVE-2018-6065,CVE-2018-6066,CVE-2018-6067,CVE-2018-6068,CVE-2018-6069,CVE-2018-6070,CVE-2018-6071,CVE-2018-6072,CVE-2018-6073,CVE-2018-6074,CVE-2018-6075,CVE-2018-6076,CVE-2018-6077,CVE-2018-6078,CVE-2018-6079,CVE-2018-6080,CVE-2018-6081,CVE-2018-6082,CVE-2018-6083,CVE-2018-6085,CVE-2018-6086,CVE-2018-6087,CVE-2018-6088,CVE-2018-6089,CVE-2018-6090,CVE-2018-6091,CVE-2018-6092,CVE-2018-6093,CVE-2018-6094,CVE-2018-6095,CVE-2018-6096,CVE-2018-6097,CVE-2018-6098,CVE-2018-6099,CVE-2018-6100,CVE-2018-6101,CVE-2018-6102,CVE-2018-6103,CVE-2018-6104,CVE-2018-6105,CVE-2018-6106,CVE-2018-6107,CVE-2018-6108,CVE-2018-6109,CVE-2018-6110,CVE-2018-6111,CVE-2018-6112,CVE-2018-6113,CVE-2018-6114,CVE-2018-6115,CVE-2018-6116,CVE-2018-6117,CVE-2018-6118,CVE-2018-6120,CVE-2018-6121,CVE-2018-6122
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-66.0.3359.181-55.1
First Last Prev Next    This bug is not in your last search results.