Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-4117 AhsanEjaz discovered an information leak. CVE-2018-6044 Rob Wu discovered a way to escalate privileges using extensions. CVE-2018-6150 Rob Wu discovered an information disclosure issue (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time). CVE-2018-6151 Rob Wu discovered an issue in the developer tools (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time). CVE-2018-6152 Rob Wu discovered an issue in the developer tools (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time). CVE-2018-6153 Zhen Zhou discovered a buffer overflow issue in the skia library. CVE-2018-6154 Omair discovered a buffer overflow issue in the WebGL implementation. CVE-2018-6155 Natalie Silvanovich discovered a use-after-free issue in the WebRTC implementation. CVE-2018-6156 Natalie Silvanovich discovered a buffer overflow issue in the WebRTC implementation. CVE-2018-6157 Natalie Silvanovich discovered a type confusion issue in the WebRTC implementation. CVE-2018-6158 Zhe Jin discovered a use-after-free issue. CVE-2018-6159 Jun Kokatsu discovered a way to bypass the same origin policy. CVE-2018-6161 Jun Kokatsu discovered a way to bypass the same origin policy. CVE-2018-6162 Omair discovered a buffer overflow issue in the WebGL implementation. CVE-2018-6163 Khalil Zhani discovered a URL spoofing issue. CVE-2018-6164 Jun Kokatsu discovered a way to bypass the same origin policy. CVE-2018-6165 evil1m0 discovered a URL spoofing issue. CVE-2018-6166 Lynas Zhang discovered a URL spoofing issue. CVE-2018-6167 Lynas Zhang discovered a URL spoofing issue. CVE-2018-6168 Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross Origin Resource Sharing policy. CVE-2018-6169 Sam P discovered a way to bypass permissions when installing extensions. CVE-2018-6170 A type confusion issue was discovered in the pdfium library. CVE-2018-6171 A use-after-free issue was discovered in the WebBluetooth implementation. CVE-2018-6172 Khalil Zhani discovered a URL spoofing issue. CVE-2018-6173 Khalil Zhani discovered a URL spoofing issue. CVE-2018-6174 Mark Brand discovered an integer overflow issue in the swiftshader library. CVE-2018-6175 Khalil Zhani discovered a URL spoofing issue. CVE-2018-6176 Jann Horn discovered a way to escalate privileges using extensions. CVE-2018-6177 Ron Masas discovered an information leak. CVE-2018-6178 Khalil Zhani discovered a user interface spoofing issue. CVE-2018-6179 It was discovered that information about files local to the system could be leaked to extensions. This version also fixes a regression introduced in the previous security update that could prevent decoding of particular audio/video codecs. For the stable distribution (stretch), these problems have been fixed in version 68.0.3440.75-1~deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser
Several vulnerabilities have been discovered in the chromium web browser.
AhsanEjaz discovered an information leak.
Rob Wu discovered a way to escalate privileges using extensions.
Rob Wu discovered an information disclosure issue (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time).
Rob Wu discovered an issue in the developer tools (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time).
Rob Wu discovered an issue in the developer tools (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time).
Zhen Zhou discovered a buffer overflow issue in the skia library.
Omair discovered a buffer overflow issue in the WebGL implementation.
Natalie Silvanovich discovered a use-after-free issue in the WebRTC implementation.
Natalie Silvanovich discovered a buffer overflow issue in the WebRTC implementation.
Natalie Silvanovich discovered a type confusion issue in the WebRTC implementation.
Zhe Jin discovered a use-after-free issue.
Jun Kokatsu discovered a way to bypass the same origin policy.
Jun Kokatsu discovered a way to bypass the same origin policy.
Omair discovered a buffer overflow issue in the WebGL implementation.
Khalil Zhani discovered a URL spoofing issue.
Jun Kokatsu discovered a way to bypass the same origin policy.
evil1m0 discovered a URL spoofing issue.
Lynas Zhang discovered a URL spoofing issue.
Lynas Zhang discovered a URL spoofing issue.
Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross Origin Resource Sharing policy.
Sam P discovered a way to bypass permissions when installing extensions.
A type confusion issue was discovered in the pdfium library.
A use-after-free issue was discovered in the WebBluetooth implementation.
Khalil Zhani discovered a URL spoofing issue.
Khalil Zhani discovered a URL spoofing issue.
Mark Brand discovered an integer overflow issue in the swiftshader library.
Khalil Zhani discovered a URL spoofing issue.
Jann Horn discovered a way to escalate privileges using extensions.
Ron Masas discovered an information leak.
Khalil Zhani discovered a user interface spoofing issue.
It was discovered that information about files local to the system could be leaked to extensions.
This version also fixes a regression introduced in the previous security update that could prevent decoding of particular audio/video codecs.
For the stable distribution (stretch), these problems have been fixed in version 68.0.3440.75-1~deb9u1.
We recommend that you upgrade your chromium-browser packages.
For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser
Vulmon