AVG-824

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 70.0.3538.110-1
Fixed 71.0.3578.80-1
Current 75.0.3770.90-3 [extra]
Ticket None
Created Wed Dec 5 16:48:26 2018
Issue Severity Remote Type Description
CVE-2018-18359 Medium Yes Information disclosure
An out-of-bounds read has been found in the V8 component of chromium before 71.0.3578.80.
CVE-2018-18358 Medium Yes Access restriction bypass
An insufficient policy enforcement issue has been found in the Proxy component of chromium before 71.0.3578.80.
CVE-2018-18357 Medium Yes Access restriction bypass
An insufficient policy enforcement issue has been found in the URL Formatter component of chromium before 71.0.3578.80.
CVE-2018-18356 High Yes Arbitrary code execution
A use-after-free has been found in the Skia component of chromium before 71.0.3578.80 and firefox before 65.0.1 and thunderbird before 60.5.1.
CVE-2018-18355 Medium Yes Access restriction bypass
An insufficient policy enforcement issue has been found in the URL Formatter component of chromium before 71.0.3578.80.
CVE-2018-18354 Medium Yes Insufficient validation
An insufficient data validation issue has been found in the Shell Integration component of chromium before 71.0.3578.80.
CVE-2018-18353 Medium Yes Access restriction bypass
An inappropriate implementation issue has been found in the Network Authentication component of chromium before 71.0.3578.80.
CVE-2018-18352 Medium Yes Access restriction bypass
An inappropriate implementation issue has been found in the Media component of chromium before 71.0.3578.80.
CVE-2018-18351 Medium Yes Access restriction bypass
An insufficient policy enforcement issue has been found in the Navigation component of chromium before 71.0.3578.80.
CVE-2018-18350 Medium Yes Access restriction bypass
An insufficient policy enforcement issue has been found in the Blink component of chromium before 71.0.3578.80.
CVE-2018-18349 Medium Yes Access restriction bypass
An insufficient policy enforcement issue has been found in the Blink component of chromium before 71.0.3578.80.
CVE-2018-18348 Medium Yes Access restriction bypass
An inappropriate implementation issue has been found in the Omnibox component of chromium before 71.0.3578.80.
CVE-2018-18347 Medium Yes Access restriction bypass
An inappropriate implementation issue has been found in the Navigation component of chromium before 71.0.3578.80.
CVE-2018-18346 Medium Yes Access restriction bypass
An incorrect security UI issue has been found in the Blink component of chromium before 71.0.3578.80.
CVE-2018-18345 Medium Yes Access restriction bypass
An inappropriate implementation issue has been found in the Site Isolation component of chromium before 71.0.3578.80.
CVE-2018-18344 High Yes Access restriction bypass
An inappropriate implementation issue has been found in the Extensions component of chromium before 71.0.3578.80.
CVE-2018-18343 Critical Yes Arbitrary code execution
A use-after-free has been found in the Skia component of chromium before 71.0.3578.80.
CVE-2018-18342 Critical Yes Arbitrary code execution
An out of bounds write has been found in the V8 component of chromium before 71.0.3578.80.
CVE-2018-18341 Critical Yes Arbitrary code execution
A heap-based buffer overflow has been found in the Blink component of chromium before 71.0.3578.80.
CVE-2018-18340 Critical Yes Arbitrary code execution
A use-after-free has been found in the MediaRecorder component of chromium before 71.0.3578.80.
CVE-2018-18339 Critical Yes Arbitrary code execution
A use-after-free has been found in the WebAudio component of chromium before 71.0.3578.80.
CVE-2018-18338 Critical Yes Arbitrary code execution
A heap-based buffer overflow has been found in the Canva component of chromium before 71.0.3578.80.
CVE-2018-18337 Critical Yes Arbitrary code execution
A use-after-free has been found in the Blink component of chromium before 71.0.3578.80.
CVE-2018-18336 Critical Yes Arbitrary code execution
A use-after-free has been found in the PDFium component of chromium before 71.0.3578.80.
CVE-2018-18335 Critical Yes Arbitrary code execution
A heap-based buffer overflow has been found in the Skia component of chromium before 71.0.3578.80 and thunderbird before 60.5.1.
CVE-2018-17481 Critical Yes Arbitrary code execution
A use-after-free has been found in the PDFium component of chromium before 71.0.3578.80.
CVE-2018-17480 Critical Yes Arbitrary code execution
An out of bounds write has been found in the V8 component of chromium before 71.0.3578.80.
Date Advisory Package Description
08 Dec 2018 ASA-201812-2 chromium multiple issues
References
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html