Arch Linux Security Advisory ASA-201806-4 ========================================= Severity: High Date : 2018-06-07 CVE-ID : CVE-2018-6148 Package : chromium Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-712 Summary ======= The package chromium before version 67.0.3396.79-1 is vulnerable to access restriction bypass. Resolution ========== Upgrade to 67.0.3396.79-1. # pacman -Syu "chromium>=67.0.3396.79-1" The problem has been fixed upstream in version 67.0.3396.79. Workaround ========== None. Description =========== An incorrect handling of CSP header has been found in chromium before 67.0.3396.79. Impact ====== A remote attacker can bypass the content security policy. References ========== https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop.html https://crbug.com/845961 https://security.archlinux.org/CVE-2018-6148