Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-5179 Yannic Boneberger discovered an error in the ServiceWorker implementation. CVE-2018-17462 Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox. CVE-2018-17463 Ned Williamson and Niklas Baumstark discovered a remote code execution issue in the v8 javascript library. CVE-2018-17464 xisigr discovered a URL spoofing issue. CVE-2018-17465 Lin Zuojian discovered a use-after-free issue in the v8 javascript library. CVE-2018-17466 Omair discovered a memory corruption issue in the angle library. CVE-2018-17467 Khalil Zhani discovered a URL spoofing issue. CVE-2018-17468 Jams Lee discovered an information disclosure issue. CVE-2018-17469 Zhen Zhou discovered a buffer overflow issue in the pdfium library. CVE-2018-17470 Zhe Jin discovered a memory corruption issue in the GPU backend implementation. CVE-2018-17471 Lnyas Zhang discovered an issue with the full screen user interface. CVE-2018-17473 Khalil Zhani discovered a URL spoofing issue. CVE-2018-17474 Zhe Jin discovered a use-after-free issue. CVE-2018-17475 Vladimir Metnew discovered a URL spoofing issue. CVE-2018-17476 Khalil Zhani discovered an issue with the full screen user interface. CVE-2018-17477 Aaron Muir Hamilton discovered a user interface spoofing issue in the extensions pane. This update also fixes a buffer overflow in the embedded lcms library included with chromium. For the stable distribution (stretch), these problems have been fixed in version 70.0.3538.67-1~deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser
Several vulnerabilities have been discovered in the chromium web browser.
Yannic Boneberger discovered an error in the ServiceWorker implementation.
Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox.
Ned Williamson and Niklas Baumstark discovered a remote code execution issue in the v8 javascript library.
xisigr discovered a URL spoofing issue.
Lin Zuojian discovered a use-after-free issue in the v8 javascript library.
Omair discovered a memory corruption issue in the angle library.
Khalil Zhani discovered a URL spoofing issue.
Jams Lee discovered an information disclosure issue.
Zhen Zhou discovered a buffer overflow issue in the pdfium library.
Zhe Jin discovered a memory corruption issue in the GPU backend implementation.
Lnyas Zhang discovered an issue with the full screen user interface.
Khalil Zhani discovered a URL spoofing issue.
Zhe Jin discovered a use-after-free issue.
Vladimir Metnew discovered a URL spoofing issue.
Khalil Zhani discovered an issue with the full screen user interface.
Aaron Muir Hamilton discovered a user interface spoofing issue in the extensions pane.
This update also fixes a buffer overflow in the embedded lcms library included with chromium.
For the stable distribution (stretch), these problems have been fixed in version 70.0.3538.67-1~deb9u1.
We recommend that you upgrade your chromium-browser packages.
For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser