English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.704352
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 4352-1 (chromium-browser - security update)
Summary:Several vulnerabilities have been discovered in the chromium web browser.;;CVE-2018-17480;Guang Gong discovered an out-of-bounds write issue in the v8 javascript;library.;;CVE-2018-17481;Several use-after-free issues were discovered in the pdfium library.;;CVE-2018-18335;A buffer overflow issue was discovered in the skia library.;;CVE-2018-18336;Huyna discovered a use-after-free issue in the pdfium library.;;CVE-2018-18337;cloudfuzzer discovered a use-after-free issue in blink/webkit.;;CVE-2018-18338;Zhe Jin discovered a buffer overflow issue in the canvas renderer.;;CVE-2018-18339;cloudfuzzer discovered a use-after-free issue in the WebAudio;implementation.;;CVE-2018-18340;A use-after-free issue was discovered in the MediaRecorder implementation.;;CVE-2018-18341;cloudfuzzer discovered a buffer overflow issue in blink/webkit.;;CVE-2018-18342;Guang Gong discovered an out-of-bounds write issue in the v8 javascript;library.;;CVE-2018-18343;Tran Tien Hung discovered a use-after-free issue in the skia library.;;CVE-2018-18344;Jann Horn discovered an error in the Extensions implementation.;;CVE-2018-18345;Masato Kinugawa and Jun Kokatsu discovered an error in the Site Isolation;feature.;;CVE-2018-18346;Luan Herrera discovered an error in the user interface.;;CVE-2018-18347;Luan Herrera discovered an error in the Navigation implementation.;;CVE-2018-18348;Ahmed Elsobky discovered an error in the omnibox implementation.;;CVE-2018-18349;David Erceg discovered a policy enforcement error.;;CVE-2018-18350;Jun Kokatsu discovered a policy enforcement error.;;CVE-2018-18351;Jun Kokatsu discovered a policy enforcement error.;;CVE-2018-18352;Jun Kokatsu discovered an error in Media handling.;;CVE-2018-18353;Wenxu Wu discovered an error in the network authentication implementation.;;CVE-2018-18354;Wenxu Wu discovered an error related to integration with GNOME Shell.;;CVE-2018-18355;evil1m0 discovered a policy enforcement error.;;CVE-2018-18356;Tran Tien Hung discovered a use-after-free issue in the skia library.;;CVE-2018-18357;evil1m0 discovered a policy enforcement error.;;CVE-2018-18358;Jann Horn discovered a policy enforcement error.;;CVE-2018-18359;cyrilliu discovered an out-of-bounds read issue in the v8 javascript;library.;;Several additional security relevant issues are also fixed in this update;that have not yet received CVE identifiers.
Description:Summary:
Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-17480
Guang Gong discovered an out-of-bounds write issue in the v8 javascript
library.

CVE-2018-17481
Several use-after-free issues were discovered in the pdfium library.

CVE-2018-18335
A buffer overflow issue was discovered in the skia library.

CVE-2018-18336
Huyna discovered a use-after-free issue in the pdfium library.

CVE-2018-18337
cloudfuzzer discovered a use-after-free issue in blink/webkit.

CVE-2018-18338
Zhe Jin discovered a buffer overflow issue in the canvas renderer.

CVE-2018-18339
cloudfuzzer discovered a use-after-free issue in the WebAudio
implementation.

CVE-2018-18340
A use-after-free issue was discovered in the MediaRecorder implementation.

CVE-2018-18341
cloudfuzzer discovered a buffer overflow issue in blink/webkit.

CVE-2018-18342
Guang Gong discovered an out-of-bounds write issue in the v8 javascript
library.

CVE-2018-18343
Tran Tien Hung discovered a use-after-free issue in the skia library.

CVE-2018-18344
Jann Horn discovered an error in the Extensions implementation.

CVE-2018-18345
Masato Kinugawa and Jun Kokatsu discovered an error in the Site Isolation
feature.

CVE-2018-18346
Luan Herrera discovered an error in the user interface.

CVE-2018-18347
Luan Herrera discovered an error in the Navigation implementation.

CVE-2018-18348
Ahmed Elsobky discovered an error in the omnibox implementation.

CVE-2018-18349
David Erceg discovered a policy enforcement error.

CVE-2018-18350
Jun Kokatsu discovered a policy enforcement error.

CVE-2018-18351
Jun Kokatsu discovered a policy enforcement error.

CVE-2018-18352
Jun Kokatsu discovered an error in Media handling.

CVE-2018-18353
Wenxu Wu discovered an error in the network authentication implementation.

CVE-2018-18354
Wenxu Wu discovered an error related to integration with GNOME Shell.

CVE-2018-18355
evil1m0 discovered a policy enforcement error.

CVE-2018-18356
Tran Tien Hung discovered a use-after-free issue in the skia library.

CVE-2018-18357
evil1m0 discovered a policy enforcement error.

CVE-2018-18358
Jann Horn discovered a policy enforcement error.

CVE-2018-18359
cyrilliu discovered an out-of-bounds read issue in the v8 javascript
library.

Several additional security relevant issues are also fixed in this update
that have not yet received CVE identifiers.

Affected Software/OS:
chromium-browser on Debian Linux

Solution:
For the stable distribution (stretch), these problems have been fixed in
version 71.0.3578.80-1~
deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page linked in the references.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-17480
Common Vulnerability Exposure (CVE) ID: CVE-2018-17481
Common Vulnerability Exposure (CVE) ID: CVE-2018-18335
Common Vulnerability Exposure (CVE) ID: CVE-2018-18336
Common Vulnerability Exposure (CVE) ID: CVE-2018-18337
Common Vulnerability Exposure (CVE) ID: CVE-2018-18338
Common Vulnerability Exposure (CVE) ID: CVE-2018-18339
Common Vulnerability Exposure (CVE) ID: CVE-2018-18340
Common Vulnerability Exposure (CVE) ID: CVE-2018-18341
Common Vulnerability Exposure (CVE) ID: CVE-2018-18342
Common Vulnerability Exposure (CVE) ID: CVE-2018-18343
Common Vulnerability Exposure (CVE) ID: CVE-2018-18344
Common Vulnerability Exposure (CVE) ID: CVE-2018-18345
Common Vulnerability Exposure (CVE) ID: CVE-2018-18346
Common Vulnerability Exposure (CVE) ID: CVE-2018-18347
Common Vulnerability Exposure (CVE) ID: CVE-2018-18348
Common Vulnerability Exposure (CVE) ID: CVE-2018-18349
Common Vulnerability Exposure (CVE) ID: CVE-2018-18350
Common Vulnerability Exposure (CVE) ID: CVE-2018-18351
Common Vulnerability Exposure (CVE) ID: CVE-2018-18352
Common Vulnerability Exposure (CVE) ID: CVE-2018-18353
Common Vulnerability Exposure (CVE) ID: CVE-2018-18354
Common Vulnerability Exposure (CVE) ID: CVE-2018-18355
Common Vulnerability Exposure (CVE) ID: CVE-2018-18356
Common Vulnerability Exposure (CVE) ID: CVE-2018-18357
Common Vulnerability Exposure (CVE) ID: CVE-2018-18358
Common Vulnerability Exposure (CVE) ID: CVE-2018-18359
CopyrightCopyright (c) 2018 Greenbone Networks GmbH http://greenbone.net

This is only one of 72306 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.