Arch Linux Security Advisory ASA-201812-2
========================================
Severity: Critical
Date    : 2018-12-08
CVE-ID  : CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336
          CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340
          CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344
          CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348
          CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352
          CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356
          CVE-2018-18357 CVE-2018-18358 CVE-2018-18359
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-824

Summary
======
The package chromium before version 71.0.3578.80-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, information disclosure and insufficient validation.

Resolution
=========
Upgrade to 71.0.3578.80-1.

# pacman -Syu "chromium>=71.0.3578.80-1"

The problems have been fixed upstream in version 71.0.3578.80.

Workaround
=========
None.

Description
==========
- CVE-2018-17480 (arbitrary code execution)

An out of bounds write has been found in the V8 component of chromium
before 71.0.3578.80.

- CVE-2018-17481 (arbitrary code execution)

A use-after-free has been found in the PDFium component of chromium
before 71.0.3578.80.

- CVE-2018-18335 (arbitrary code execution)

A heap-based buffer overflow has been found in the Skia component of
chromium before 71.0.3578.80.

- CVE-2018-18336 (arbitrary code execution)

A use-after-free has been found in the PDFium component of chromium
before 71.0.3578.80.

- CVE-2018-18337 (arbitrary code execution)

A use-after-free has been found in the Blink component of chromium
before 71.0.3578.80.

- CVE-2018-18338 (arbitrary code execution)

A heap-based buffer overflow has been found in the Canva component of
chromium before 71.0.3578.80.

- CVE-2018-18339 (arbitrary code execution)

A use-after-free has been found in the WebAudio component of chromium
before 71.0.3578.80.

- CVE-2018-18340 (arbitrary code execution)

A use-after-free has been found in the MediaRecorder component of
chromium before 71.0.3578.80.

- CVE-2018-18341 (arbitrary code execution)

A heap-based buffer overflow has been found in the Blink component of
chromium before 71.0.3578.80.

- CVE-2018-18342 (arbitrary code execution)

An out of bounds write has been found in the V8 component of chromium
before 71.0.3578.80.

- CVE-2018-18343 (arbitrary code execution)

A use-after-free has been found in the Skia component of chromium
before 71.0.3578.80.

- CVE-2018-18344 (access restriction bypass)

An inappropriate implementation issue has been found in the Extensions
component of chromium before 71.0.3578.80.

- CVE-2018-18345 (access restriction bypass)

An inappropriate implementation issue has been found in the Site
Isolation component of chromium before 71.0.3578.80.

- CVE-2018-18346 (access restriction bypass)

An incorrect security UI issue has been found in the Blink component of
chromium before 71.0.3578.80.

- CVE-2018-18347 (access restriction bypass)

An inappropriate implementation issue has been found in the Navigation
component of chromium before 71.0.3578.80.

- CVE-2018-18348 (access restriction bypass)

An inappropriate implementation issue has been found in the Omnibox
component of chromium before 71.0.3578.80.

- CVE-2018-18349 (access restriction bypass)

An insufficient policy enforcement issue has been found in the Blink
component of chromium before 71.0.3578.80.

- CVE-2018-18350 (access restriction bypass)

An insufficient policy enforcement issue has been found in the Blink
component of chromium before 71.0.3578.80.

- CVE-2018-18351 (access restriction bypass)

An insufficient policy enforcement issue has been found in the
Navigation component of chromium before 71.0.3578.80.

- CVE-2018-18352 (access restriction bypass)

An inappropriate implementation issue has been found in the Media
component of chromium before 71.0.3578.80.

- CVE-2018-18353 (access restriction bypass)

An inappropriate implementation issue has been found in the Network
Authentication component of chromium before 71.0.3578.80.

- CVE-2018-18354 (insufficient validation)

An insufficient data validation issue has been found in the Shell
Integration component of chromium before 71.0.3578.80.

- CVE-2018-18355 (access restriction bypass)

An insufficient policy enforcement issue has been found in the URL
Formatter component of chromium before 71.0.3578.80.

- CVE-2018-18356 (arbitrary code execution)

A use-after-free has been found in the Skia component of chromium
before 71.0.3578.80.

- CVE-2018-18357 (access restriction bypass)

An insufficient policy enforcement issue has been found in the URL
Formatter component of chromium before 71.0.3578.80.

- CVE-2018-18358 (access restriction bypass)

An insufficient policy enforcement issue has been found in the Proxy
component of chromium before 71.0.3578.80.

- CVE-2018-18359 (information disclosure)

An out-of-bounds read has been found in the V8 component of chromium
before 71.0.3578.80.

Impact
=====
A remote attacker can access sensitive information, bypass security
restrictions and execute arbitrary code on the affected host.

References
=========
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
https://bugs.chromium.org/p/chromium/issues/detail?id=905940
https://bugs.chromium.org/p/chromium/issues/detail?id=901654
https://bugs.chromium.org/p/chromium/issues/detail?id=895362
https://bugs.chromium.org/p/chromium/issues/detail?id=898531
https://bugs.chromium.org/p/chromium/issues/detail?id=886753
https://bugs.chromium.org/p/chromium/issues/detail?id=890576
https://bugs.chromium.org/p/chromium/issues/detail?id=891187
https://bugs.chromium.org/p/chromium/issues/detail?id=896736
https://bugs.chromium.org/p/chromium/issues/detail?id=901030
https://bugs.chromium.org/p/chromium/issues/detail?id=906313
https://bugs.chromium.org/p/chromium/issues/detail?id=882423
https://bugs.chromium.org/p/chromium/issues/detail?id=866426
https://bugs.chromium.org/p/chromium/issues/detail?id=886976
https://bugs.chromium.org/p/chromium/issues/detail?id=606104
https://bugs.chromium.org/p/chromium/issues/detail?id=850824
https://bugs.chromium.org/p/chromium/issues/detail?id=881659
https://bugs.chromium.org/p/chromium/issues/detail?id=894399
https://bugs.chromium.org/p/chromium/issues/detail?id=799747
https://bugs.chromium.org/p/chromium/issues/detail?id=833847
https://bugs.chromium.org/p/chromium/issues/detail?id=849942
https://bugs.chromium.org/p/chromium/issues/detail?id=884179
https://bugs.chromium.org/p/chromium/issues/detail?id=889459
https://bugs.chromium.org/p/chromium/issues/detail?id=896717
https://bugs.chromium.org/p/chromium/issues/detail?id=883666
https://bugs.chromium.org/p/chromium/issues/detail?id=895207
https://bugs.chromium.org/p/chromium/issues/detail?id=899126
https://bugs.chromium.org/p/chromium/issues/detail?id=907714
https://security.archlinux.org/CVE-2018-17480
https://security.archlinux.org/CVE-2018-17481
https://security.archlinux.org/CVE-2018-18335
https://security.archlinux.org/CVE-2018-18336
https://security.archlinux.org/CVE-2018-18337
https://security.archlinux.org/CVE-2018-18338
https://security.archlinux.org/CVE-2018-18339
https://security.archlinux.org/CVE-2018-18340
https://security.archlinux.org/CVE-2018-18341
https://security.archlinux.org/CVE-2018-18342
https://security.archlinux.org/CVE-2018-18343
https://security.archlinux.org/CVE-2018-18344
https://security.archlinux.org/CVE-2018-18345
https://security.archlinux.org/CVE-2018-18346
https://security.archlinux.org/CVE-2018-18347
https://security.archlinux.org/CVE-2018-18348
https://security.archlinux.org/CVE-2018-18349
https://security.archlinux.org/CVE-2018-18350
https://security.archlinux.org/CVE-2018-18351
https://security.archlinux.org/CVE-2018-18352
https://security.archlinux.org/CVE-2018-18353
https://security.archlinux.org/CVE-2018-18354
https://security.archlinux.org/CVE-2018-18355
https://security.archlinux.org/CVE-2018-18356
https://security.archlinux.org/CVE-2018-18357
https://security.archlinux.org/CVE-2018-18358
https://security.archlinux.org/CVE-2018-18359

ArchLinux: 201812-2: chromium: multiple issues

December 11, 2018

Summary

- CVE-2018-17480 (arbitrary code execution) An out of bounds write has been found in the V8 component of chromium before 71.0.3578.80.
- CVE-2018-17481 (arbitrary code execution)
A use-after-free has been found in the PDFium component of chromium before 71.0.3578.80.
- CVE-2018-18335 (arbitrary code execution)
A heap-based buffer overflow has been found in the Skia component of chromium before 71.0.3578.80.
- CVE-2018-18336 (arbitrary code execution)
A use-after-free has been found in the PDFium component of chromium before 71.0.3578.80.
- CVE-2018-18337 (arbitrary code execution)
A use-after-free has been found in the Blink component of chromium before 71.0.3578.80.
- CVE-2018-18338 (arbitrary code execution)
A heap-based buffer overflow has been found in the Canva component of chromium before 71.0.3578.80.
- CVE-2018-18339 (arbitrary code execution)
A use-after-free has been found in the WebAudio component of chromium before 71.0.3578.80.
- CVE-2018-18340 (arbitrary code execution)
A use-after-free has been found in the MediaRecorder component of chromium before 71.0.3578.80.
- CVE-2018-18341 (arbitrary code execution)
A heap-based buffer overflow has been found in the Blink component of chromium before 71.0.3578.80.
- CVE-2018-18342 (arbitrary code execution)
An out of bounds write has been found in the V8 component of chromium before 71.0.3578.80.
- CVE-2018-18343 (arbitrary code execution)
A use-after-free has been found in the Skia component of chromium before 71.0.3578.80.
- CVE-2018-18344 (access restriction bypass)
An inappropriate implementation issue has been found in the Extensions component of chromium before 71.0.3578.80.
- CVE-2018-18345 (access restriction bypass)
An inappropriate implementation issue has been found in the Site Isolation component of chromium before 71.0.3578.80.
- CVE-2018-18346 (access restriction bypass)
An incorrect security UI issue has been found in the Blink component of chromium before 71.0.3578.80.
- CVE-2018-18347 (access restriction bypass)
An inappropriate implementation issue has been found in the Navigation component of chromium before 71.0.3578.80.
- CVE-2018-18348 (access restriction bypass)
An inappropriate implementation issue has been found in the Omnibox component of chromium before 71.0.3578.80.
- CVE-2018-18349 (access restriction bypass)
An insufficient policy enforcement issue has been found in the Blink component of chromium before 71.0.3578.80.
- CVE-2018-18350 (access restriction bypass)
An insufficient policy enforcement issue has been found in the Blink component of chromium before 71.0.3578.80.
- CVE-2018-18351 (access restriction bypass)
An insufficient policy enforcement issue has been found in the Navigation component of chromium before 71.0.3578.80.
- CVE-2018-18352 (access restriction bypass)
An inappropriate implementation issue has been found in the Media component of chromium before 71.0.3578.80.
- CVE-2018-18353 (access restriction bypass)
An inappropriate implementation issue has been found in the Network Authentication component of chromium before 71.0.3578.80.
- CVE-2018-18354 (insufficient validation)
An insufficient data validation issue has been found in the Shell Integration component of chromium before 71.0.3578.80.
- CVE-2018-18355 (access restriction bypass)
An insufficient policy enforcement issue has been found in the URL Formatter component of chromium before 71.0.3578.80.
- CVE-2018-18356 (arbitrary code execution)
A use-after-free has been found in the Skia component of chromium before 71.0.3578.80.
- CVE-2018-18357 (access restriction bypass)
An insufficient policy enforcement issue has been found in the URL Formatter component of chromium before 71.0.3578.80.
- CVE-2018-18358 (access restriction bypass)
An insufficient policy enforcement issue has been found in the Proxy component of chromium before 71.0.3578.80.
- CVE-2018-18359 (information disclosure)
An out-of-bounds read has been found in the V8 component of chromium before 71.0.3578.80.

Resolution

Upgrade to 71.0.3578.80-1. # pacman -Syu "chromium>=71.0.3578.80-1"
The problems have been fixed upstream in version 71.0.3578.80.

References

https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail?id=905940 https://bugs.chromium.org/p/chromium/issues/detail?id=901654 https://bugs.chromium.org/p/chromium/issues/detail?id=895362 https://bugs.chromium.org/p/chromium/issues/detail?id=898531 https://bugs.chromium.org/p/chromium/issues/detail?id=886753 https://bugs.chromium.org/p/chromium/issues/detail?id=890576 https://bugs.chromium.org/p/chromium/issues/detail?id=891187 https://bugs.chromium.org/p/chromium/issues/detail?id=896736 https://bugs.chromium.org/p/chromium/issues/detail?id=901030 https://bugs.chromium.org/p/chromium/issues/detail?id=906313 https://bugs.chromium.org/p/chromium/issues/detail?id=882423 https://bugs.chromium.org/p/chromium/issues/detail?id=866426 https://bugs.chromium.org/p/chromium/issues/detail?id=886976 https://bugs.chromium.org/p/chromium/issues/detail?id=606104 https://bugs.chromium.org/p/chromium/issues/detail?id=850824 https://bugs.chromium.org/p/chromium/issues/detail?id=881659 https://bugs.chromium.org/p/chromium/issues/detail?id=894399 https://bugs.chromium.org/p/chromium/issues/detail?id=799747 https://bugs.chromium.org/p/chromium/issues/detail?id=833847 https://bugs.chromium.org/p/chromium/issues/detail?id=849942 https://bugs.chromium.org/p/chromium/issues/detail?id=884179 https://bugs.chromium.org/p/chromium/issues/detail?id=889459 https://bugs.chromium.org/p/chromium/issues/detail?id=896717 https://bugs.chromium.org/p/chromium/issues/detail?id=883666 https://bugs.chromium.org/p/chromium/issues/detail?id=895207 https://bugs.chromium.org/p/chromium/issues/detail?id=899126 https://bugs.chromium.org/p/chromium/issues/detail?id=907714 https://security.archlinux.org/CVE-2018-17480 https://security.archlinux.org/CVE-2018-17481 https://security.archlinux.org/CVE-2018-18335 https://security.archlinux.org/CVE-2018-18336 https://security.archlinux.org/CVE-2018-18337 https://security.archlinux.org/CVE-2018-18338 https://security.archlinux.org/CVE-2018-18339 https://security.archlinux.org/CVE-2018-18340 https://security.archlinux.org/CVE-2018-18341 https://security.archlinux.org/CVE-2018-18342 https://security.archlinux.org/CVE-2018-18343 https://security.archlinux.org/CVE-2018-18344 https://security.archlinux.org/CVE-2018-18345 https://security.archlinux.org/CVE-2018-18346 https://security.archlinux.org/CVE-2018-18347 https://security.archlinux.org/CVE-2018-18348 https://security.archlinux.org/CVE-2018-18349 https://security.archlinux.org/CVE-2018-18350 https://security.archlinux.org/CVE-2018-18351 https://security.archlinux.org/CVE-2018-18352 https://security.archlinux.org/CVE-2018-18353 https://security.archlinux.org/CVE-2018-18354 https://security.archlinux.org/CVE-2018-18355 https://security.archlinux.org/CVE-2018-18356 https://security.archlinux.org/CVE-2018-18357 https://security.archlinux.org/CVE-2018-18358 https://security.archlinux.org/CVE-2018-18359