Several vulnerabilities have been discovered in the chromium web browser.

  - CVE-2018-4117     AhsanEjaz discovered an information leak.

  - CVE-2018-6044     Rob Wu discovered a way to escalate privileges using     extensions.

  - CVE-2018-6150     Rob Wu discovered an information disclosure issue (this     problem was fixed in a previous release but was     mistakenly omitted from upstream's announcement at the     time).

  - CVE-2018-6151     Rob Wu discovered an issue in the developer tools (this     problem was fixed in a previous release but was     mistakenly omitted from upstream's announcement at the     time).

  - CVE-2018-6152     Rob Wu discovered an issue in the developer tools (this     problem was fixed in a previous release but was     mistakenly omitted from upstream's announcement at the     time).

  - CVE-2018-6153     Zhen Zhou discovered a buffer overflow issue in the skia     library.

  - CVE-2018-6154     Omair discovered a buffer overflow issue in the WebGL     implementation.

  - CVE-2018-6155     Natalie Silvanovich discovered a use-after-free issue in     the WebRTC implementation.

  - CVE-2018-6156     Natalie Silvanovich discovered a buffer overflow issue     in the WebRTC implementation.

  - CVE-2018-6157     Natalie Silvanovich discovered a type confusion issue in     the WebRTC implementation.

  - CVE-2018-6158     Zhe Jin discovered a use-after-free issue.

  - CVE-2018-6159     Jun Kokatsu discovered a way to bypass the same origin     policy.

  - CVE-2018-6161     Jun Kokatsu discovered a way to bypass the same origin     policy.

  - CVE-2018-6162     Omair discovered a buffer overflow issue in the WebGL     implementation.

  - CVE-2018-6163     Khalil Zhani discovered a URL spoofing issue.

  - CVE-2018-6164     Jun Kokatsu discovered a way to bypass the same origin     policy.

  - CVE-2018-6165     evil1m0 discovered a URL spoofing issue.

  - CVE-2018-6166     Lynas Zhang discovered a URL spoofing issue.

  - CVE-2018-6167     Lynas Zhang discovered a URL spoofing issue.

  - CVE-2018-6168     Gunes Acar and Danny Y. Huang discovered a way to bypass     the Cross Origin Resource Sharing policy.

  - CVE-2018-6169     Sam P discovered a way to bypass permissions when     installing extensions.

  - CVE-2018-6170     A type confusion issue was discovered in the pdfium     library.

  - CVE-2018-6171     A use-after-free issue was discovered in the     WebBluetooth implementation.

  - CVE-2018-6172     Khalil Zhani discovered a URL spoofing issue.

  - CVE-2018-6173     Khalil Zhani discovered a URL spoofing issue.

  - CVE-2018-6174     Mark Brand discovered an integer overflow issue in the     swiftshader library.

  - CVE-2018-6175     Khalil Zhani discovered a URL spoofing issue.

  - CVE-2018-6176     Jann Horn discovered a way to escalate privileges using     extensions.

  - CVE-2018-6177     Ron Masas discovered an information leak.

  - CVE-2018-6178     Khalil Zhani discovered a user interface spoofing issue.

  - CVE-2018-6179     It was discovered that information about files local to     the system could be leaked to extensions.

This version also fixes a regression introduced in the previous security update that could prevent decoding of particular audio/video codecs.

Detections

Analytics

Debian DSA-4256-1 : chromium-browser - security update

critical Nessus Plugin ID 111360

Version 1.9