AVG-678 log

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 65.0.3325.181-7
Fixed 66.0.3359.117-1
Current 123.0.6312.86-1 [extra]
Ticket None
Created Wed Apr 18 21:12:04 2018
Issue Severity Remote Type Description
CVE-2018-6117 Low Yes Content spoofing
A confusing autofill settings issue has been found in the Chromium browser before 66.0.3359.117.
CVE-2018-6116 Low Yes Denial of service
An incorrect low memory handling issue has been found in the WebAssembly component of the Chromium browser before 66.0.3359.117.
CVE-2018-6115 Low Yes Access restriction bypass
A SmartScreen bypass issue has been found in the downloads component of the Chromium browser before 66.0.3359.117.
CVE-2018-6114 Low Yes Access restriction bypass
A Content Security Policy bypass has been found in the Chromium browser before 66.0.3359.117.
CVE-2018-6113 Low Yes Content spoofing
A URL spoofing issue has been found in the Navigation component of the Chromium browser before 66.0.3359.117.
CVE-2018-6112 Low Yes Access restriction bypass
An incorrect URL handling has been found in the DevTools component of the Chromium browser before 66.0.3359.117.
CVE-2018-6111 Low Yes Arbitrary code execution
A heap-based use-after-free has been found in the DevTools component of the Chromium browser before 66.0.3359.117.
CVE-2018-6110 Low Yes Access restriction bypass
An incorrect handling of plaintext files via file:// issue has been found in the Chromium browser before 66.0.3359.117.
CVE-2018-6109 Low Yes Arbitrary filesystem access
An incorrect handling of files issue has been found in the FileAPI component of  the Chromium browser before 66.0.3359.117.
CVE-2018-6108 Medium Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 66.0.3359.117.
CVE-2018-6107 Medium Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 66.0.3359.117.
CVE-2018-6106 Medium Yes Access restriction bypass
An incorrect handling of promises isue has been found in the V8 component of the Chromium browser before 66.0.3359.117.
CVE-2018-6105 Medium Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 66.0.3359.117.
CVE-2018-6104 Medium Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 66.0.3359.117.
CVE-2018-6103 Medium Yes Content spoofing
A UI spoof issue has been found in the Permissions component of the Chromium browser before 66.0.3359.117.
CVE-2018-6102 Medium Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 66.0.3359.117.
CVE-2018-6101 Medium Yes Access restriction bypass
An insufficient protection of remote debugging protocol issue has been found in the DevTools component of the Chromium browser before 66.0.3359.117.
CVE-2018-6100 Medium Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 66.0.3359.117.
CVE-2018-6099 Medium Yes Access restriction bypass
A Cross Origin Resource Sharing bypass has been found in the Service Worker component of the Chromium browser before 66.0.3359.117.
CVE-2018-6098 Medium Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 66.0.3359.117.
CVE-2018-6097 Medium Yes Content spoofing
A fullscreen UI spoofing issue has been found in the Chromium browser before 66.0.3359.117.
CVE-2018-6096 Medium Yes Content spoofing
A fullscreen UI spoofing issue has been found in the Chromium browser before 66.0.3359.117.
CVE-2018-6095 Medium Yes Content spoofing
A lack of meaningful user interaction requirement before file upload security issue has been found  in the Chromium browser before 66.0.3359.117.
CVE-2018-6094 Medium Yes Access restriction bypass
An exploit hardening regression has been found in the Oilpan component of the Chromium browser before 66.0.3359.117.
CVE-2018-6093 Medium Yes Same-origin policy bypass
A same-origin policy bypass vulnerability has been found in the Service Worker component of the Chromium browser before 66.0.3359.117.
CVE-2018-6092 High Yes Arbitrary code execution
An integer overflow vulnerability has been found in the WebAssembly component of the Chromium browser before 66.0.3359.117.
CVE-2018-6091 High Yes Access restriction bypass
An incorrect handling of plugins vulnerability has been found in the Service Worker component of the Chromium browser before 66.0.3359.117.
CVE-2018-6090 High Yes Arbitrary code execution
A heap-base buffer overflow vulnerability has been found in the Skia component of the Chromium browser before 66.0.3359.117.
CVE-2018-6089 High Yes Same-origin policy bypass
A same-origin policy bypass vulnerability has been found in the Service Worker component of the Chromium browser before 66.0.3359.117.
CVE-2018-6088 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in the PDFium component of the Chromium browser before 66.0.3359.117.
CVE-2018-6087 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in the WebAssembly component of the Chromium browser before 66.0.3359.117.
CVE-2018-6086 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in the Disk Cache component of the Chromium browser before 66.0.3359.117.
CVE-2018-6085 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in the Disk Cache component of the Chromium browser before 66.0.3359.117.
References
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html