Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Titlechromium-browser security update
Informations
NameDSA-4352First vendor Publication2018-12-07
VendorDebianLast vendor Modification2018-12-07
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2018-17480

Guang Gong discovered an out-of-bounds write issue in the v8 javascript library.

CVE-2018-17481

Several use-after-free issues were discovered in the pdfium library.

CVE-2018-18335

A buffer overflow issue was discovered in the skia library.

CVE-2018-18336

Huyna discovered a use-after-free issue in the pdfium library.

CVE-2018-18337

cloudfuzzer discovered a use-after-free issue in blink/webkit.

CVE-2018-18338

Zhe Jin discovered a buffer overflow issue in the canvas renderer.

CVE-2018-18339

cloudfuzzer discovered a use-after-free issue in the WebAudio implementation.

CVE-2018-18340

A use-after-free issue was discovered in the MediaRecorder implementation.

CVE-2018-18341

cloudfuzzer discovered a buffer overflow issue in blink/webkit.

CVE-2018-18342

Guang Gong discovered an out-of-bounds write issue in the v8 javascript library.

CVE-2018-18343

Tran Tien Hung discovered a use-after-free issue in the skia library.

CVE-2018-18344

Jann Horn discovered an error in the Extensions implementation.

CVE-2018-18345

Masato Kinugawa and Jun Kokatsu discovered an error in the Site Isolation feature.

CVE-2018-18346

Luan Herrera discovered an error in the user interface.

CVE-2018-18347

Luan Herrera discovered an error in the Navigation implementation.

CVE-2018-18348

Ahmed Elsobky discovered an error in the omnibox implementation.

CVE-2018-18349

David Erceg discovered a policy enforcement error.

CVE-2018-18350

Jun Kokatsu discovered a policy enforcement error.

CVE-2018-18351

Jun Kokatsu discovered a policy enforcement error.

CVE-2018-18352

Jun Kokatsu discovered an error in Media handling.

CVE-2018-18353

Wenxu Wu discovered an error in the network authentication implementation.

CVE-2018-18354

Wenxu Wu discovered an error related to integration with GNOME Shell.

CVE-2018-18355

evil1m0 discovered a policy enforcement error.

CVE-2018-18356

Tran Tien Hung discovered a use-after-free issue in the skia library.

CVE-2018-18357

evil1m0 discovered a policy enforcement error.

CVE-2018-18358

Jann Horn discovered a policy enforcement error.

CVE-2018-18359

cyrilliu discovered an out-of-bounds read issue in the v8 javascript library.

Several additional security relevant issues are also fixed in this update that have not yet received CVE identifiers.

For the stable distribution (stretch), these problems have been fixed in version 71.0.3578.80-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser

Original Source

Url : http://www.debian.org/security/2018/dsa-4352

CWE : Common Weakness Enumeration

%idName
32 %CWE-20Improper Input Validation
18 %CWE-416Use After Free
14 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
7 %CWE-264Permissions, Privileges, and Access Controls
7 %CWE-190Integer Overflow or Wraparound (CWE/SANS Top 25)
4 %CWE-787Out-of-bounds Write (CWE/SANS Top 25)
4 %CWE-502Deserialization of Untrusted Data
4 %CWE-254Security Features
4 %CWE-125Out-of-bounds Read
4 %CWE-19Data Handling
4 %CWE-18Source Code

CPE : Common Platform Enumeration

TypeDescriptionCount
Application3910
Os4
Os2
Os1
Os1
Os2
Os2
Os1
Os1
Os1
Os2
Os1
Os1
Os1

Nessus® Vulnerability Scanner

DateDescription
2019-01-16Name : The remote Fedora host is missing a security update.
File : fedora_2019-348547a32d.nasl - Type : ACT_GATHER_INFO
2019-01-07Name : The remote Fedora host is missing a security update.
File : fedora_2019-859384e002.nasl - Type : ACT_GATHER_INFO
2019-01-07Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_546d4dd410ea11e9b407080027ef1a23.nasl - Type : ACT_GATHER_INFO
2019-01-07Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_720590df10eb11e9b407080027ef1a23.nasl - Type : ACT_GATHER_INFO
2018-12-14Name : A web browser installed on the remote Windows host is affected by a use after...
File : google_chrome_71_0_3578_98.nasl - Type : ACT_GATHER_INFO
2018-12-14Name : A web browser installed on the remote macOS host is affected by a use after f...
File : macosx_google_chrome_71_0_3578_98.nasl - Type : ACT_GATHER_INFO
2018-12-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4352.nasl - Type : ACT_GATHER_INFO
2018-12-10Name : A web browser installed on the remote Windows host is affected by multiple vu...
File : google_chrome_71_0_3578_80.nasl - Type : ACT_GATHER_INFO
2018-12-10Name : A web browser installed on the remote macOS host is affected by multiple vuln...
File : macosx_google_chrome_71_0_3578_80.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2018-12-14 05:20:37
  • Multiple Updates
2018-12-12 17:21:42
  • Multiple Updates
2018-12-08 05:17:26
  • First insertion