http://bugzilla.opensuse.org/show_bug.cgi?id=1090000 Bug ID: 1090000 Summary: VUL-0: chromium: multiple vulnerabilities fixed in 66.0.3359.117 Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: astieger@suse.com QA Contact: qa-bugs@suse.de Found By: Security Response Team Blocker: --- https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desk... CVE-2018-6085: Use after free in Disk Cache CVE-2018-6086: Use after free in Disk Cache CVE-2018-6087: Use after free in WebAssembly CVE-2018-6088: Use after free in PDFium CVE-2018-6089: Same origin policy bypass in Service Worker CVE-2018-6090: Heap buffer overflow in Skia CVE-2018-6091: Incorrect handling of plug-ins by Service Worker CVE-2018-6092: Integer overflow in WebAssembly CVE-2018-6093: Same origin bypass in Service Worker CVE-2018-6094: Exploit hardening regression in Oilpan CVE-2018-6095: Lack of meaningful user interaction requirement before file upload CVE-2018-6096: Fullscreen UI spoof CVE-2018-6097: Fullscreen UI spoof CVE-2018-6098: URL spoof in Omnibox CVE-2018-6099: CORS bypass in ServiceWorker CVE-2018-6100: URL spoof in Omnibox CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools CVE-2018-6102: URL spoof in Omnibox CVE-2018-6103: UI spoof in Permissions CVE-2018-6104: URL spoof in Omnibox CVE-2018-6105: URL spoof in Omnibox CVE-2018-6106: Incorrect handling of promises in V8 CVE-2018-6107: URL spoof in Omnibox CVE-2018-6108: URL spoof in Omnibox CVE-2018-6109: Incorrect handling of files by FileAPI CVE-2018-6110: Incorrect handling of plaintext files via file:// CVE-2018-6111: Heap-use-after-free in DevTools CVE-2018-6112: Incorrect URL handling in DevTools CVE-2018-6113: URL spoof in Navigation CVE-2018-6114: CSP bypass CVE-2018-6115: SmartScreen bypass in downloads CVE-2018-6116: Incorrect low memory handling in WebAssembly CVE-2018-6117: Confusing autofill settings Various fixes from internal audits, fuzzing and other initiatives Not for us: CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS -- You are receiving this mail because: You are on the CC list for the bug.