Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 4237-1 (chromium-browser - security update)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-6118 Ned Williamson discovered a use-after-free issue. CVE-2018-6120 Zhou Aiting discovered a buffer overflow issue in the pdfium library. CVE-2018-6121 It was discovered that malicious extensions could escalate privileges. CVE-2018-6122 A type confusion issue was discovered in the v8 javascript library. CVE-2018-6123 Looben Yang discovered a use-after-free issue. CVE-2018-6124 Guang Gong discovered a type confusion issue. CVE-2018-6125 Yubico discovered that the WebUSB implementation was too permissive. CVE-2018-6126 Ivan Fratric discovered a buffer overflow issue in the skia library. CVE-2018-6127 Looben Yang discovered a use-after-free issue. CVE-2018-6129 Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC. CVE-2018-6130 Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC. CVE-2018-6131 Natalie Silvanovich discovered an error in WebAssembly. CVE-2018-6132 Ronald E. Crane discovered an uninitialized memory issue. CVE-2018-6133 Khalil Zhani discovered a URL spoofing issue. CVE-2018-6134 Jun Kokatsu discovered a way to bypass the Referrer Policy. CVE-2018-6135 Jasper Rebane discovered a user interface spoofing issue. CVE-2018-6136 Peter Wong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2018-6137 Michael Smith discovered an information leak. CVE-2018-6138 François Lajeunesse-Robert discovered that the extensions policy was too permissive. CVE-2018-6139 Rob Wu discovered a way to bypass restrictions in the debugger extension. CVE-2018-6140 Rob Wu discovered a way to bypass restrictions in the debugger extension. CVE-2018-6141 Yangkang discovered a buffer overflow issue in the skia library. CVE-2018-6142 Choongwoo Han discovered an out-of-bounds read in the v8 javascript library. CVE-2018-6143 Guang Gong discovered an out-of-bounds read in the v8 javascript library. CVE-2018-6144 pdknsk discovered an out-of-bounds read in the pdfium library. CVE-2018-6145 Masato Kinugawa discovered an error in the MathML implementation. CVE-2018-6147 Michail Pishchagin discovered an error in password entry fields. CVE-2018-6148 Micha? Bentkowski discovered that the Content Security Policy header was handled incorrectly. CVE-2018-6149 Yu Zhou and Jundong Xie discovered an out-of-bounds write issue in the v8 javascript library.
Affected Software
Affected Software
chromium-browser on Debian Linux
Detection Method
Detection Method
This check tests the installed software version using the apt package manager.
Solution
Solution
For the stable distribution (stretch), these problems have been fixed in version 67.0.3396.87-1~deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page linked in the references.
Common Vulnerabilities and Exposures (CVE)
- CVE-2018-6118
- CVE-2018-6120
- CVE-2018-6121
- CVE-2018-6122
- CVE-2018-6123
- CVE-2018-6124
- CVE-2018-6125
- CVE-2018-6126
- CVE-2018-6127
- CVE-2018-6129
- CVE-2018-6130
- CVE-2018-6131
- CVE-2018-6132
- CVE-2018-6133
- CVE-2018-6134
- CVE-2018-6135
- CVE-2018-6136
- CVE-2018-6137
- CVE-2018-6138
- CVE-2018-6139
- CVE-2018-6140
- CVE-2018-6141
- CVE-2018-6142
- CVE-2018-6143
- CVE-2018-6144
- CVE-2018-6145
- CVE-2018-6147
- CVE-2018-6148
- CVE-2018-6149