SB2018052520 - Fedora 28 update for chromium
Published: May 25, 2018 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 37 secuirty vulnerabilities.
1) Use-after-free error (CVE-ID: CVE-2018-6085)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in Disk Cache. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Use-after-free error (CVE-ID: CVE-2018-6086)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in Disk Cache. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Use-after-free error (CVE-ID: CVE-2018-6087)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in WebAssembly. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Use-after-free error (CVE-ID: CVE-2018-6088)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in PDFium. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Security restrictions bypass (CVE-ID: CVE-2018-6089)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
6) Heap-based buffer overflow (CVE-ID: CVE-2018-6090)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to heap-based buffer overflow in Skia. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Security restrictions bypass (CVE-ID: CVE-2018-6091)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of plug-ins by Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass same origin policy restrictions and gain unauthorized access to the system.
8) Integer overflow (CVE-ID: CVE-2018-6092)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in WebAssembly. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Security restrictions bypass (CVE-ID: CVE-2018-6093)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass same origin restrictions and gain unauthorized access to the system.
10) Security restrictions bypass (CVE-ID: CVE-2018-6094)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to exploit hardening regression in Oilpan. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
11) Security restrictions bypass (CVE-ID: CVE-2018-6095)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the lack of meaningful user interaction requirement before file upload. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
12) Spoofing attack (CVE-ID: CVE-2018-6096)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to unspecified error. A remote attacker can trick the victim into visiting a specially crafted website and conduct spoof the Fullscreen UI.
13) Spoofing attack (CVE-ID: CVE-2018-6097)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to unspecified error. A remote attacker can trick the victim into visiting a specially crafted website and conduct spoof the Fullscreen UI.
14) Spoofing attack (CVE-ID: CVE-2018-6098)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
15) Security restrictions bypass (CVE-ID: CVE-2018-6099)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass CORS and gain unauthorized access to the system.
16) Spoofing attack (CVE-ID: CVE-2018-6100)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
17) Security restrictions bypass (CVE-ID: CVE-2018-6101)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to insufficient protection of remote debugging prototol in DevTools. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
18) Spoofing attack (CVE-ID: CVE-2018-6102)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
19) Spoofing attack (CVE-ID: CVE-2018-6103)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in Permissions. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
20) Spoofing attack (CVE-ID: CVE-2018-6104)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
21) Spoofing attack (CVE-ID: CVE-2018-6105)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
22) Security restrictions bypass (CVE-ID: CVE-2018-6106)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of promises in V8. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
23) Spoofing attack (CVE-ID: CVE-2018-6107)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
24) Spoofing attack (CVE-ID: CVE-2018-6108)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
25) Security restrictions bypass (CVE-ID: CVE-2018-6109)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of files by FileAPI. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
26) Security restrictions bypass (CVE-ID: CVE-2018-6110)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of plaintext files via file://. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
27) Heap-use-after-free error (CVE-ID: CVE-2018-6111)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-use-after-free error in DevTools. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service.
28) Security restrictions bypass (CVE-ID: CVE-2018-6112)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect URL handling in DevTools. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
29) Spoofing attack (CVE-ID: CVE-2018-6113)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in Navigation. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
30) Security restrictions bypass (CVE-ID: CVE-2018-6114)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to unspecified flaw. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass CSP and gain unauthorized access to the system.
31) Security restrictions bypass (CVE-ID: CVE-2018-6116)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect low memory handling in WebAssembly. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
32) Security restrictions bypass (CVE-ID: CVE-2018-6117)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error related to confusing autofill settings. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
33) Use-after-free error (CVE-ID: CVE-2018-6118)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in Media Cache. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
34) Privilege escalation (CVE-ID: CVE-2018-6121)
The vulnerability allows a remote attacker to gain elevated privileges on the target system.The weakness exists due to an error in extensions when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code withe elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
35) Type confusion (CVE-ID: CVE-2018-6122)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to type confusion in V8 when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code withe elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
36) Heap-based buffer overflow (CVE-ID: CVE-2018-6120)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow in PDFium when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code withe elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
37) Security restrictions bypass (CVE-ID: CVE-2018-6115)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to unspecified flaw. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass SmartScreen in downloads and gain unauthorized access to the system.
Remediation
Install update from vendor's website.