Arch Linux Security Advisory ASA-201811-16 ========================================== Severity: Medium Date : 2018-11-20 CVE-ID : CVE-2018-17478 Package : chromium Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-812 Summary ======= The package chromium before version 70.0.3538.110-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 70.0.3538.110-1. # pacman -Syu "chromium>=70.0.3538.110-1" The problem has been fixed upstream in version 70.0.3538.110. Workaround ========== None. Description =========== An out of bounds memory access has been found in the V8 component of the chromium browser before 70.0.3538.110. Impact ====== A remote attacker can access sensitive information or crash the browser via a crafted web page. References ========== https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail?id=897512 https://security.archlinux.org/CVE-2018-17478