Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:4142-1 Final 1 1 2018-12-15T09:26:24Z current 2018-12-15T09:26:24Z 2018-12-15T09:26:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium This update to Chromium 71.0.3578.98 fixes the following issues: Security issues fixed (boo#1118529): - CVE-2018-17480: Out of bounds write in V8 - CVE-2018-17481: Use after frees in PDFium - CVE-2018-18335: Heap buffer overflow in Skia - CVE-2018-18336: Use after free in PDFium - CVE-2018-18337: Use after free in Blink - CVE-2018-18338: Heap buffer overflow in Canvas - CVE-2018-18339: Use after free in WebAudio - CVE-2018-18340: Use after free in MediaRecorder - CVE-2018-18341: Heap buffer overflow in Blink - CVE-2018-18342: Out of bounds write in V8 - CVE-2018-18343: Use after free in Skia - CVE-2018-18344: Inappropriate implementation in Extensions - Multiple issues in SQLite via WebSQL - CVE-2018-18345: Inappropriate implementation in Site Isolation - CVE-2018-18346: Incorrect security UI in Blink - CVE-2018-18347: Inappropriate implementation in Navigation - CVE-2018-18348: Inappropriate implementation in Omnibox - CVE-2018-18349: Insufficient policy enforcement in Blink - CVE-2018-18350: Insufficient policy enforcement in Blink - CVE-2018-18351: Insufficient policy enforcement in Navigation - CVE-2018-18352: Inappropriate implementation in Media - CVE-2018-18353: Inappropriate implementation in Network Authentication - CVE-2018-18354: Insufficient data validation in Shell Integration - CVE-2018-18355: Insufficient policy enforcement in URL Formatter - CVE-2018-18356: Use after free in Skia - CVE-2018-18357: Insufficient policy enforcement in URL Formatter - CVE-2018-18358: Insufficient policy enforcement in Proxy - CVE-2018-18359: Out of bounds read in V8 - Inappropriate implementation in PDFium - Use after free in Extensions - Inappropriate implementation in Navigation - Insufficient policy enforcement in Navigation - Insufficient policy enforcement in URL Formatter - Various fixes from internal audits, fuzzing and other initiatives - CVE-2018-17481: Use after free in PDFium (boo#1119364) The following changes are included: - advertisements posing as error messages are now blocked - Automatic playing of content at page load mostly disabled - New JavaScript API for relative time display The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html E-Mail link for openSUSE-SU-2018:4142-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 chromedriver-71.0.3578.98-189.1 chromium-71.0.3578.98-189.1 chromedriver-71.0.3578.98-189.1 as a component of openSUSE Leap 42.3 chromium-71.0.3578.98-189.1 as a component of openSUSE Leap 42.3 Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-17480 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-17480.html CVE-2018-17480 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2018-17481 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-17481.html CVE-2018-17481 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1119364 SUSE Bug 1119364 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18335 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18335.html CVE-2018-18335 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2018-18336 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18336.html CVE-2018-18336 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18337 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18337.html CVE-2018-18337 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18338 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18338.html CVE-2018-18338 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18339 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18339.html CVE-2018-18339 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18340 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18340.html CVE-2018-18340 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18341 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18341.html CVE-2018-18341 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-18342 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18342.html CVE-2018-18342 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18343 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18343.html CVE-2018-18343 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension. CVE-2018-18344 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18344.html CVE-2018-18344 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page. CVE-2018-18345 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18345.html CVE-2018-18345 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page. CVE-2018-18346 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18346.html CVE-2018-18346 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page. CVE-2018-18347 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18347.html CVE-2018-18347 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2018-18348 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18348.html CVE-2018-18348 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. CVE-2018-18349 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18349.html CVE-2018-18349 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2018-18350 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18350.html CVE-2018-18350 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page. CVE-2018-18351 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18351.html CVE-2018-18351 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page. CVE-2018-18352 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18352.html CVE-2018-18352 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page. CVE-2018-18353 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18353.html CVE-2018-18353 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. CVE-2018-18354 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18354.html CVE-2018-18354 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2018-18355 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18355.html CVE-2018-18355 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18356 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18356.html CVE-2018-18356 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 https://bugzilla.suse.com/1125396 SUSE Bug 1125396 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2018-18357 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18357.html CVE-2018-18357 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file. CVE-2018-18358 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18358.html CVE-2018-18358 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-18359 openSUSE Leap 42.3:chromedriver-71.0.3578.98-189.1 openSUSE Leap 42.3:chromium-71.0.3578.98-189.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00040.html https://www.suse.com/security/cve/CVE-2018-18359.html CVE-2018-18359 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330