New subject: [Bug 1112111] VUL-0: chromium 70.0.3538.67 security update

17 Oct 2018

      http://bugzilla.suse.com/show_bug.cgi?id=1112111

            Bug ID: 1112111
           Summary: VUL-0: chromium 70.0.3538.67 security update
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: Leap 42.3
          Hardware: Other
                OS: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Security
          Assignee: security-team@suse.de
          Reporter: tchvatal@suse.com
        QA Contact: qa-bugs@suse.de
          Found By: ---
           Blocker: ---

This update fixes 32 sec issues:

https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desk...

[$N/A][888926] High CVE-2018-17462: Sandbox escape in AppCache. Reported by Ned
Williamson and Niklas Baumstark working with Beyond Security’s SecuriTeam
Secure Disclosure program on 2018-09-25
[$N/A][888923] High CVE-2018-17463: Remote code execution in V8. Reported by
Samuel Gross working with Beyond Security’s SecuriTeam Secure Disclosure
program on 2018-09-25
[$3500][872189] High CVE to be assigned: Heap buffer overflow in Little CMS in
PDFium. Reported by Quang Nguyễn (@quangnh89) of Viettel Cyber Security on
2018-08-08
[$3000][887273] High CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr
of Tencent's Xuanwu Lab on 2018-09-20
[$3000][870226] High CVE-2018-17465: Use after free in V8. Reported by Lin
Zuojian on 2018-08-02
[$1000][880906] High CVE-2018-17466: Memory corruption in Angle. Reported by
Omair on 2018-09-05
[$3000][844881] Medium CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil
Zhani on 2018-05-19
[$2000][876822] Medium CVE-2018-17468: Cross-origin URL disclosure in Blink.
Reported by James Lee (@Windowsrcer) of Kryptos Logic on 2018-08-22
[$1000][880675] Medium CVE-2018-17469: Heap buffer overflow in PDFium. Reported
by Zhen Zhou of NSFOCUS Security Team on 2018-09-05
[$1000][877874] Medium CVE-2018-17470: Memory corruption in GPU Internals.
Reported by Zhe Jin（金哲），Luyao Liu(刘路遥) from Chengdu Security Response Center of
Qihoo 360 Technology Co. Ltd on 2018-08-27
[$1000][873080] Medium CVE-2018-17471: Security UI occlusion in full screen
mode. Reported by Lnyas Zhang on 2018-08-10
[$1000][822518] Medium CVE-2018-17472: iframe sandbox escape on iOS. Reported
by Jun Kokatsu (@shhnjk) on 2018-03-16
[$500][882078] Medium CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil
Zhani on 2018-09-08
[$500][843151] Medium CVE-2018-17474: Use after free in Blink. Reported by Zhe
Jin（金哲），Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360
Technology Co. Ltd on 2018-05-15
[$500][852634] Low CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir
Metnew on 2018-06-14
[$500][812769] Low CVE-2018-17476: Security UI occlusion in full screen mode.
Reported by Khalil Zhani on 2018-02-15
[$500][805496] Low CVE-2018-5179: Lack of limits on update() in ServiceWorker.
Reported by Yannic Bonenberger on 2018-01-24
[$N/A][863703] Low CVE-2018-17477: UI spoof in Extensions. Reported by Aaron
Muir Hamilton  on 2018-07-14

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1112111] New: VUL-0: chromium 70.0.3538.67 security update

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

tags

participants (1)