SB2018073004 - OpenSUSE Linux update for Chromium

Description

This security bulletin contains information about 28 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2018-4117)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to input validation flaw in the WebKit component fetch API. A remote attacker can bypass cross-origin restrictions and obtain potentially sensitive information.

2) Privilege escalation (CVE-ID: CVE-2018-6044)

The vulnerability allows a local atacaker to gain elevated privileges on the target system.

The weakness exists due to unspecified flaw. A local attacker can use specially crafted extensions and gain elevated privileges to conduct further attacks.

3) Stack-based buffer overflow (CVE-ID: CVE-2018-6153)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow in Skia when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Heap-based buffer overflow (CVE-ID: CVE-2018-6154)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in WebGL when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) Use-after-free error (CVE-ID: CVE-2018-6155)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in WebRTC when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

6) Heap-based buffer overflow (CVE-ID: CVE-2018-6156)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in WebRTC when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

7) Type confusion (CVE-ID: CVE-2018-6157)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion in WebRTC when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

8) Use-after-free error (CVE-ID: CVE-2018-6158)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to use-after-free error in Blink when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

9) Security restrictions bypass (CVE-ID: CVE-2018-6159)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass same origin policy in ServiceWorker.

10) Security restrictions bypass (CVE-ID: CVE-2018-6161)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass same origin policy in WebAudio.

11) Heap-based buffer overflow (CVE-ID: CVE-2018-6162)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to heap-based buffer overflow in WebGL when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

12) Spoofing attack (CVE-ID: CVE-2018-6163)

The vulnerability allows a remote attacker to conduct spoofing attack.

The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.

13) Security restrictions bypass (CVE-ID: CVE-2018-6164)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass same origin policy in ServiceWorker.

14) Spoofing attack (CVE-ID: CVE-2018-6165)

The vulnerability allows a remote attacker to conduct spoofing attack.

The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.

15) Spoofing attack (CVE-ID: CVE-2018-6166)

The vulnerability allows a remote attacker to conduct spoofing attack.

The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.

16) Spoofing attack (CVE-ID: CVE-2018-6167)

The vulnerability allows a remote attacker to conduct spoofing attack.

The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.

17) Security restrictions bypass (CVE-ID: CVE-2018-6168)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass CORS in Blink.

18) Security restrictions bypass (CVE-ID: CVE-2018-6169)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions in extension installation.

19) Type confusion (CVE-ID: CVE-2018-6170)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to type confusion in PDFium when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

20) Use-after-free error (CVE-ID: CVE-2018-6171)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to  use-after-free error in WebBluetooth when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

21) Spoofing attack (CVE-ID: CVE-2018-6172)

The vulnerability allows a remote attacker to conduct spoofing attack.

The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.

22) Spoofing attack (CVE-ID: CVE-2018-6173)

The vulnerability allows a remote attacker to conduct spoofing attack.

The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.

23) Integer overflow (CVE-ID: CVE-2018-6174)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to integer overflow in SwiftShader when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service to crash.

24) Spoofing attack (CVE-ID: CVE-2018-6175)

The vulnerability allows a remote attacker to conduct spoofing attack.

The vulnerability exists due to an error in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and spoof URLs.

25) Privilege escalation (CVE-ID: CVE-2018-6176)

The vulnerability allows a local atacaker to gain elevated privileges on the target system.

The weakness exists due to unspecified flaw. A local attacker can use specially crafted extensions and gain elevated privileges in Extensions to conduct further attacks.

26) Memory leak (CVE-ID: CVE-2018-6177)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to cross origin information leak in Blink. A remote attacker can trick the victim into visiting a specially crafted website and gain access to arbitrary data.

27) Spoofing attack (CVE-ID: CVE-2018-6178)

The vulnerability allows a remote attacker to conduct spoofing attack.

The vulnerability exists due to an error in UI. A remote attacker can trick the victim into visiting a specially crafted website and spoof UI in Extensions.

28) Memory leak (CVE-ID: CVE-2018-6179)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to local file information leak in Extensions A local attacker can gain access to arbitrary data.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html