Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:3273-1 Final 1 1 2018-10-22T08:25:27Z current 2018-10-22T08:25:27Z 2018-10-22T08:25:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed (bsc#1112111): - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox - CVE-2018-17465: Use after free in V8 - CVE-2018-17466: Memory corruption in Angle - CVE-2018-17467: URL spoof in Omnibox - CVE-2018-17468: Cross-origin URL disclosure in Blink - CVE-2018-17469: Heap buffer overflow in PDFium - CVE-2018-17470: Memory corruption in GPU Internals - CVE-2018-17471: Security UI occlusion in full screen mode - CVE-2018-17473: URL spoof in Omnibox - CVE-2018-17474: Use after free in Blink - CVE-2018-17475: URL spoof in Omnibox - CVE-2018-17476: Security UI occlusion in full screen mode - CVE-2018-5179: Lack of limits on update() in ServiceWorker - CVE-2018-17477: UI spoof in Extensions VAAPI hardware accelerated rendering is now enabled by default. This update contains the following packaging changes: - Use the system libusb-1.0 library - Use bundled harfbuzz library - Disable gnome-keyring to avoid crashes The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html E-Mail link for openSUSE-SU-2018:3273-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub for SUSE Linux Enterprise 15 chromedriver-70.0.3538.67-bp150.2.14.1 chromium-70.0.3538.67-bp150.2.14.1 chromedriver-70.0.3538.67-bp150.2.14.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 chromium-70.0.3538.67-bp150.2.14.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 15 Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. CVE-2018-17462 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17462.html CVE-2018-17462 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-17463 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17463.html CVE-2018-17463 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-17464 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17464.html CVE-2018-17464 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. CVE-2018-17465 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17465.html CVE-2018-17465 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-17466 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17466.html CVE-2018-17466 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 https://bugzilla.suse.com/1121207 SUSE Bug 1121207 Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-17467 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17467.html CVE-2018-17467 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. CVE-2018-17468 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17468.html CVE-2018-17468 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. CVE-2018-17469 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17469.html CVE-2018-17469 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2018-17470 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17470.html CVE-2018-17470 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. CVE-2018-17471 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17471.html CVE-2018-17471 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page. CVE-2018-17472 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17472.html CVE-2018-17472 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2018-17473 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17473.html CVE-2018-17473 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-17474 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17474.html CVE-2018-17474 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-17475 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17475.html CVE-2018-17475 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. CVE-2018-17476 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17476.html CVE-2018-17476 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page. CVE-2018-17477 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-17477.html CVE-2018-17477 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-5179 SUSE Package Hub for SUSE Linux Enterprise 15:chromedriver-70.0.3538.67-bp150.2.14.1 SUSE Package Hub for SUSE Linux Enterprise 15:chromium-70.0.3538.67-bp150.2.14.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html https://www.suse.com/security/cve/CVE-2018-5179.html CVE-2018-5179 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105