Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1042-1 Final 1 1 2018-04-20T16:34:42Z current 2018-04-20T16:34:42Z 2018-04-20T16:34:42Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for Chromium to version 66.0.3359.117 fixes the following issues: Security issues fixed (boo#1090000): - CVE-2018-6085: Use after free in Disk Cache - CVE-2018-6086: Use after free in Disk Cache - CVE-2018-6087: Use after free in WebAssembly - CVE-2018-6088: Use after free in PDFium - CVE-2018-6089: Same origin policy bypass in Service Worker - CVE-2018-6090: Heap buffer overflow in Skia - CVE-2018-6091: Incorrect handling of plug-ins by Service Worker - CVE-2018-6092: Integer overflow in WebAssembly - CVE-2018-6093: Same origin bypass in Service Worker - CVE-2018-6094: Exploit hardening regression in Oilpan - CVE-2018-6095: Lack of meaningful user interaction requirement before file upload - CVE-2018-6096: Fullscreen UI spoof - CVE-2018-6097: Fullscreen UI spoof - CVE-2018-6098: URL spoof in Omnibox - CVE-2018-6099: CORS bypass in ServiceWorker - CVE-2018-6100: URL spoof in Omnibox - CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools - CVE-2018-6102: URL spoof in Omnibox - CVE-2018-6103: UI spoof in Permissions - CVE-2018-6104: URL spoof in Omnibox - CVE-2018-6105: URL spoof in Omnibox - CVE-2018-6106: Incorrect handling of promises in V8 - CVE-2018-6107: URL spoof in Omnibox - CVE-2018-6108: URL spoof in Omnibox - CVE-2018-6109: Incorrect handling of files by FileAPI - CVE-2018-6110: Incorrect handling of plaintext files via file:// - CVE-2018-6111: Heap-use-after-free in DevTools - CVE-2018-6112: Incorrect URL handling in DevTools - CVE-2018-6113: URL spoof in Navigation - CVE-2018-6114: CSP bypass - CVE-2018-6115: SmartScreen bypass in downloads - CVE-2018-6116: Incorrect low memory handling in WebAssembly - CVE-2018-6117: Confusing autofill settings - Various fixes from internal audits, fuzzing and other initiatives This update also supports mitigation against the Spectre vulnerabilities: 'Strict site isolation' is disabled for most users and can be turned on via: chrome://flags/#enable-site-per-process This feature is undergoing a small percentage trial. Out out of the trial is possible via: chrome://flags/#site-isolation-trial-opt-out The following other changes are included: - distrust certificates issued by Symantec before 2016-06-01 - add option to export saved passwords - Reduce videos that auto-play with sound - boo#1086199: Fix UI freezing when loading/scaling down large images This update also contains a number of upstream bug fixes and improvements. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html E-Mail link for openSUSE-SU-2018:1042-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 chromedriver-66.0.3359.117-152.1 chromium-66.0.3359.117-152.1 chromedriver-66.0.3359.117-152.1 as a component of openSUSE Leap 42.3 chromium-66.0.3359.117-152.1 as a component of openSUSE Leap 42.3 Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2018-6085 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6085.html CVE-2018-6085 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2018-6086 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6086.html CVE-2018-6086 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-6087 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6087.html CVE-2018-6087 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. CVE-2018-6088 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6088.html CVE-2018-6088 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. CVE-2018-6089 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6089.html CVE-2018-6089 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-6090 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6090.html CVE-2018-6090 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6091 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6091.html CVE-2018-6091 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-6092 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6092.html CVE-2018-6092 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6093 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6093.html CVE-2018-6093 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6094 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6094.html CVE-2018-6094 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. CVE-2018-6095 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6095.html CVE-2018-6095 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. CVE-2018-6096 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6096.html CVE-2018-6096 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. CVE-2018-6097 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6097.html CVE-2018-6097 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6098 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6098.html CVE-2018-6098 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. CVE-2018-6099 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6099.html CVE-2018-6099 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6100 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6100.html CVE-2018-6100 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server. CVE-2018-6101 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6101.html CVE-2018-6101 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2018-6102 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6102.html CVE-2018-6102 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page. CVE-2018-6103 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6103.html CVE-2018-6103 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6104 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6104.html CVE-2018-6104 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6105 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6105.html CVE-2018-6105 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. CVE-2018-6106 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6106.html CVE-2018-6106 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6107 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6107.html CVE-2018-6107 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page. CVE-2018-6108 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6108.html CVE-2018-6108 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page. CVE-2018-6109 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6109.html CVE-2018-6109 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page. CVE-2018-6110 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6110.html CVE-2018-6110 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page. CVE-2018-6111 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6111.html CVE-2018-6111 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2018-6112 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6112.html CVE-2018-6112 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2018-6113 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6113.html CVE-2018-6113 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2018-6114 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6114.html CVE-2018-6114 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page. CVE-2018-6115 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6115.html CVE-2018-6115 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2018-6116 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6116.html CVE-2018-6116 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2018-6117 openSUSE Leap 42.3:chromedriver-66.0.3359.117-152.1 openSUSE Leap 42.3:chromium-66.0.3359.117-152.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00063.html https://www.suse.com/security/cve/CVE-2018-6117.html CVE-2018-6117 https://bugzilla.suse.com/1090000 SUSE Bug 1090000