AVG-781

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 69.0.3497.100-1
Fixed 70.0.3538.67-1
Current 71.0.3578.98-3 [extra]
Ticket None
Created Wed Oct 17 07:39:23 2018
Issue Severity Remote Type Description
CVE-2018-5179 Low Yes Denial of service
A security issue has been found in the ServiceWorker component of the chromium browser before 70.0.3538.67, due to a lack of limits on the update() function.
CVE-2018-17477 Low Yes Content spoofing
A UI spoofing issue has been found in the Extensions component of the chromium browser before 70.0.3538.67.
CVE-2018-17476 Low Yes Content spoofing
A security UI occlusion has been found in the the full screen mode of the chromium browser before 70.0.3538.67.
CVE-2018-17475 Low Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the chromium browser before 70.0.3538.67.
CVE-2018-17474 Medium Yes Arbitrary code execution
A use-after-free has been found in the Blink component of the chromium browser before 70.0.3538.67.
CVE-2018-17473 Medium Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the chromium browser before 70.0.3538.67.
CVE-2018-17471 Medium Yes Content spoofing
A security UI occlusion has been found in the the full screen mode of the chromium browser before 70.0.3538.67.
CVE-2018-17470 Medium Yes Arbitrary code execution
A memory corruption issue has been found in the GPU internals component of the chromium browser before 70.0.3538.67.
CVE-2018-17469 Medium Yes Arbitrary code execution
A heap-based buffer overflow has been found in the PDFium component of the chromium browser before 70.0.3538.67.
CVE-2018-17468 Medium Yes Information disclosure
A cross-origin URL disclosure issue has been found in the Blink component of the chromium browser before 70.0.3538.67.
CVE-2018-17467 Medium Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the chromium browser before 70.0.3538.67.
CVE-2018-17466 Medium Yes Arbitrary code execution
A buffer overflow and out-of-bounds read has been found in the TextureStorage11 function of the Angle library, as used in the chromium browser before...
CVE-2018-17465 High Yes Arbitrary code execution
A use-after-free issue has been found in the V8 component of the chromium browser before 70.0.3538.67.
CVE-2018-17464 High Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the chromium browser before 70.0.3538.67.
CVE-2018-17463 Critical Yes Arbitrary code execution
A remote code execution issue has been found in the V8 component of the chromium browser before 70.0.3538.67.
CVE-2018-17462 High Yes Sandbox escape
A sandbox escape has been found in the AppCache component of the chromium browser before 70.0.3538.67.
Date Advisory Package Description
17 Oct 2018 ASA-201810-12 chromium multiple issues
References
https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html