Detections
Analytics
Debian DSA-4237-1 : chromium-browser - security update
critical Nessus Plugin ID 110820
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities have been discovered in the chromium web browser.- CVE-2018-6118 Ned Williamson discovered a use-after-free issue.
- CVE-2018-6120 Zhou Aiting discovered a buffer overflow issue in the pdfium library.
- CVE-2018-6121 It was discovered that malicious extensions could escalate privileges.
- CVE-2018-6122 A type confusion issue was discovered in the v8 JavaScript library.
- CVE-2018-6123 Looben Yang discovered a use-after-free issue.
- CVE-2018-6124 Guang Gong discovered a type confusion issue.
- CVE-2018-6125 Yubico discovered that the WebUSB implementation was too permissive.
- CVE-2018-6126 Ivan Fratric discovered a buffer overflow issue in the skia library.
- CVE-2018-6127 Looben Yang discovered a use-after-free issue.
- CVE-2018-6129 Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.
- CVE-2018-6130 Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.
- CVE-2018-6131 Natalie Silvanovich discovered an error in WebAssembly.
- CVE-2018-6132 Ronald E. Crane discovered an uninitialized memory issue.
- CVE-2018-6133 Khalil Zhani discovered a URL spoofing issue.
- CVE-2018-6134 Jun Kokatsu discovered a way to bypass the Referrer Policy.
- CVE-2018-6135 Jasper Rebane discovered a user interface spoofing issue.
- CVE-2018-6136 Peter Wong discovered an out-of-bounds read issue in the v8 JavaScript library.
- CVE-2018-6137 Michael Smith discovered an information leak.
- CVE-2018-6138 Francois Lajeunesse-Robert discovered that the extensions policy was too permissive.
- CVE-2018-6139 Rob Wu discovered a way to bypass restrictions in the debugger extension.
- CVE-2018-6140 Rob Wu discovered a way to bypass restrictions in the debugger extension.
- CVE-2018-6141 Yangkang discovered a buffer overflow issue in the skia library.
- CVE-2018-6142 Choongwoo Han discovered an out-of-bounds read in the v8 JavaScript library.
- CVE-2018-6143 Guang Gong discovered an out-of-bounds read in the v8 JavaScript library.
- CVE-2018-6144 pdknsk discovered an out-of-bounds read in the pdfium library.
- CVE-2018-6145 Masato Kinugawa discovered an error in the MathML implementation.
- CVE-2018-6147 Michail Pishchagin discovered an error in password entry fields.
- CVE-2018-6148 Michal Bentkowski discovered that the Content Security Policy header was handled incorrectly.
- CVE-2018-6149 Yu Zhou and Jundong Xie discovered an out-of-bounds write issue in the v8 JavaScript library.
Solution
Upgrade the chromium-browser packages.For the stable distribution (stretch), these problems have been fixed in version 67.0.3396.87-1~deb9u1.
See Also
https://security-tracker.debian.org/tracker/CVE-2018-6118
https://security-tracker.debian.org/tracker/CVE-2018-6120
https://security-tracker.debian.org/tracker/CVE-2018-6121
https://security-tracker.debian.org/tracker/CVE-2018-6122
https://security-tracker.debian.org/tracker/CVE-2018-6123
https://security-tracker.debian.org/tracker/CVE-2018-6124
https://security-tracker.debian.org/tracker/CVE-2018-6125
https://security-tracker.debian.org/tracker/CVE-2018-6126
https://security-tracker.debian.org/tracker/CVE-2018-6127
https://security-tracker.debian.org/tracker/CVE-2018-6129
https://security-tracker.debian.org/tracker/CVE-2018-6130
https://security-tracker.debian.org/tracker/CVE-2018-6131
https://security-tracker.debian.org/tracker/CVE-2018-6132
https://security-tracker.debian.org/tracker/CVE-2018-6133
https://security-tracker.debian.org/tracker/CVE-2018-6134
https://security-tracker.debian.org/tracker/CVE-2018-6135
https://security-tracker.debian.org/tracker/CVE-2018-6136
https://security-tracker.debian.org/tracker/CVE-2018-6137
https://security-tracker.debian.org/tracker/CVE-2018-6138
https://security-tracker.debian.org/tracker/CVE-2018-6139
https://security-tracker.debian.org/tracker/CVE-2018-6140
https://security-tracker.debian.org/tracker/CVE-2018-6141
https://security-tracker.debian.org/tracker/CVE-2018-6142
https://security-tracker.debian.org/tracker/CVE-2018-6143
https://security-tracker.debian.org/tracker/CVE-2018-6144
https://security-tracker.debian.org/tracker/CVE-2018-6145
https://security-tracker.debian.org/tracker/CVE-2018-6147
https://security-tracker.debian.org/tracker/CVE-2018-6148
https://security-tracker.debian.org/tracker/CVE-2018-6149
http://www.nessus.org/u?e33901a2
Plugin Details
Severity: Critical
ID: 110820
File Name: debian_DSA-4237.nasl
Version: 1.9
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 7/2/2018
Updated: 9/10/2024
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2018-6140
CVSS v3
Risk Factor: Critical
Base Score: 9.6
Temporal Score: 8.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2018-6127
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:chromium-browser, cpe:/o:debian:debian_linux:9.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/30/2018
Vulnerability Publication Date: 1/9/2019
Reference Information
CVE: CVE-2018-6118, CVE-2018-6120, CVE-2018-6121, CVE-2018-6122, CVE-2018-6123, CVE-2018-6124, CVE-2018-6125, CVE-2018-6126, CVE-2018-6127, CVE-2018-6129, CVE-2018-6130, CVE-2018-6131, CVE-2018-6132, CVE-2018-6133, CVE-2018-6134, CVE-2018-6135, CVE-2018-6136, CVE-2018-6137, CVE-2018-6138, CVE-2018-6139, CVE-2018-6140, CVE-2018-6141, CVE-2018-6142, CVE-2018-6143, CVE-2018-6144, CVE-2018-6145, CVE-2018-6147, CVE-2018-6148, CVE-2018-6149
DSA: 4237