Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-17481 (GCVE-0-2018-17481)
Vulnerability from cvelistv5 – Published: 2018-12-11 15:00 – Updated: 2024-08-05 10:47
VLAI?
EPSS
Summary
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://chromereleases.googleblog.com/2018/12/sta… | x_refsource_CONFIRM |
| https://www.debian.org/security/2019/dsa-4395 | vendor-advisoryx_refsource_DEBIAN |
| https://crbug.com/901654 | x_refsource_MISC |
| https://chromereleases.googleblog.com/2018/12/sta… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:3803 | vendor-advisoryx_refsource_REDHAT |
| https://www.debian.org/security/2018/dsa-4352 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/106084 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201908-18 | vendor-advisoryx_refsource_GENTOO |
Impacted products
Date Public ?
2018-12-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html"
},
{
"name": "DSA-4395",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4395"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/901654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "RHSA-2018:3803",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106084"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "71.0.3578.98",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-17T20:06:09.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html"
},
{
"name": "DSA-4395",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4395"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/901654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "RHSA-2018:3803",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106084"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-17481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "71.0.3578.98"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html"
},
{
"name": "DSA-4395",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4395"
},
{
"name": "https://crbug.com/901654",
"refsource": "MISC",
"url": "https://crbug.com/901654"
},
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "RHSA-2018:3803",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106084"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-17481",
"datePublished": "2018-12-11T15:00:00.000Z",
"dateReserved": "2018-09-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:47:04.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-17481",
"date": "2026-05-20",
"epss": "0.01652",
"percentile": "0.82236"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"71.0.3578.98\", \"matchCriteriaId\": \"F865110F-AA18-4F90-8146-FDED41F503FB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84596649-9CB0-44A7-A8EF-177E0D1640ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B985AFE9-69D3-4BF8-8BCB-18BFC5863BA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFEB3E58-B8D9-4A3E-8A11-215B4E7770B2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.\"}, {\"lang\": \"es\", \"value\": \"El manejo incorrecto del ciclo de vida de objetos en PDFium en Google Chrome, en versiones anteriores a la 71.0.3578.98, permit\\u00eda que un atacante remoto pudiese explotar una corrupci\\u00f3n de memoria din\\u00e1mica (heap) mediante un archivo PDF manipulado.\"}]",
"id": "CVE-2018-17481",
"lastModified": "2024-11-21T03:54:30.877",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2018-12-11T16:29:00.700",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/106084\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3803\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/901654\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://security.gentoo.org/glsa/201908-18\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4352\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4395\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"http://www.securityfocus.com/bid/106084\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3803\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/901654\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201908-18\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4352\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4395\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}, {\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-17481\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2018-12-11T16:29:00.700\",\"lastModified\":\"2024-11-21T03:54:30.877\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.\"},{\"lang\":\"es\",\"value\":\"El manejo incorrecto del ciclo de vida de objetos en PDFium en Google Chrome, en versiones anteriores a la 71.0.3578.98, permit\u00eda que un atacante remoto pudiese explotar una corrupci\u00f3n de memoria din\u00e1mica (heap) mediante un archivo PDF manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"71.0.3578.98\",\"matchCriteriaId\":\"F865110F-AA18-4F90-8146-FDED41F503FB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84596649-9CB0-44A7-A8EF-177E0D1640ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B985AFE9-69D3-4BF8-8BCB-18BFC5863BA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFEB3E58-B8D9-4A3E-8A11-215B4E7770B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106084\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3803\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/901654\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201908-18\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4352\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4395\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/106084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/901654\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201908-18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4395\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2018-AVI-585
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Chrome toutes versions ant\u00e9rieures \u00e0 71.0.3578.80",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-18352",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18352"
},
{
"name": "CVE-2018-18340",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18340"
},
{
"name": "CVE-2018-18359",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18359"
},
{
"name": "CVE-2018-18341",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18341"
},
{
"name": "CVE-2018-18348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18348"
},
{
"name": "CVE-2018-18346",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18346"
},
{
"name": "CVE-2018-18357",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18357"
},
{
"name": "CVE-2018-18347",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18347"
},
{
"name": "CVE-2018-17480",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17480"
},
{
"name": "CVE-2018-18338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18338"
},
{
"name": "CVE-2018-18349",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18349"
},
{
"name": "CVE-2018-18335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18335"
},
{
"name": "CVE-2018-17481",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17481"
},
{
"name": "CVE-2018-18342",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18342"
},
{
"name": "CVE-2018-18351",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18351"
},
{
"name": "CVE-2018-18337",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18337"
},
{
"name": "CVE-2018-18358",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18358"
},
{
"name": "CVE-2018-18336",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18336"
},
{
"name": "CVE-2018-18344",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18344"
},
{
"name": "CVE-2018-18339",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18339"
},
{
"name": "CVE-2018-18356",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18356"
},
{
"name": "CVE-2018-18355",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18355"
},
{
"name": "CVE-2018-18354",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18354"
},
{
"name": "CVE-2018-18343",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18343"
},
{
"name": "CVE-2018-18353",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18353"
},
{
"name": "CVE-2018-18350",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18350"
},
{
"name": "CVE-2018-18345",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18345"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-585",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 4 d\u00e9cembre 2018",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29"
}
]
}
CERTFR-2018-AVI-599
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Google Chrome. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 71.0.3578.98",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-17481",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17481"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-599",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Google Chrome. Elle permet \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 12 d\u00e9cembre 2018",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29"
}
]
}
CERTFR-2018-AVI-585
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Chrome toutes versions ant\u00e9rieures \u00e0 71.0.3578.80",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-18352",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18352"
},
{
"name": "CVE-2018-18340",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18340"
},
{
"name": "CVE-2018-18359",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18359"
},
{
"name": "CVE-2018-18341",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18341"
},
{
"name": "CVE-2018-18348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18348"
},
{
"name": "CVE-2018-18346",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18346"
},
{
"name": "CVE-2018-18357",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18357"
},
{
"name": "CVE-2018-18347",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18347"
},
{
"name": "CVE-2018-17480",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17480"
},
{
"name": "CVE-2018-18338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18338"
},
{
"name": "CVE-2018-18349",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18349"
},
{
"name": "CVE-2018-18335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18335"
},
{
"name": "CVE-2018-17481",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17481"
},
{
"name": "CVE-2018-18342",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18342"
},
{
"name": "CVE-2018-18351",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18351"
},
{
"name": "CVE-2018-18337",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18337"
},
{
"name": "CVE-2018-18358",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18358"
},
{
"name": "CVE-2018-18336",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18336"
},
{
"name": "CVE-2018-18344",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18344"
},
{
"name": "CVE-2018-18339",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18339"
},
{
"name": "CVE-2018-18356",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18356"
},
{
"name": "CVE-2018-18355",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18355"
},
{
"name": "CVE-2018-18354",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18354"
},
{
"name": "CVE-2018-18343",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18343"
},
{
"name": "CVE-2018-18353",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18353"
},
{
"name": "CVE-2018-18350",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18350"
},
{
"name": "CVE-2018-18345",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18345"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-585",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 4 d\u00e9cembre 2018",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29"
}
]
}
CERTFR-2018-AVI-599
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Google Chrome. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 71.0.3578.98",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-17481",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17481"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-599",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Google Chrome. Elle permet \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 12 d\u00e9cembre 2018",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29"
}
]
}
BDU:2018-01606
Vulnerability from fstec - Published: 05.12.2018
VLAI Severity ?
Title
Уязвимость компонента PDFium браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость компонента PDFium браузера Google Chrome связана с использованием памяти после ее освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код с помощью специально сформированного PDF-файла
Severity ?
Vendor
Novell Inc., Google Inc, ООО «РусБИТех-Астра»
Software Name
OpenSUSE Leap, Google Chrome, Astra Linux Special Edition (запись в едином реестре российских программ №369)
Software Version
42.3 (OpenSUSE Leap), до 71.0.3578.80 (Google Chrome), 1.6 «Смоленск» (Astra Linux Special Edition), 15.0 (OpenSUSE Leap)
Possible Mitigations
Для Google Chrome:
Обновление программного обеспечения до 71.0.3578.80 или более поздней версии
Для OpenSUSE:
https://www.suse.com/security/cve/CVE-2018-17481/
Для Astra Linux:
https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186
Reference
https://www.securitylab.ru/vulnerability/496829.php
https://www.cybersecurity-help.cz/vdb/SB2018120506?affChecked=1
https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186
CWE
CWE-416
{
"CVSS 2.0": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., Google Inc, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "42.3 (OpenSUSE Leap), \u0434\u043e 71.0.3578.80 (Google Chrome), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 15.0 (OpenSUSE Leap)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Google Chrome:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 71.0.3578.80 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f OpenSUSE:\nhttps://www.suse.com/security/cve/CVE-2018-17481/\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.12.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.12.2018",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-01606",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-17481",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "OpenSUSE Leap, Google Chrome, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. OpenSUSE Leap 42.3 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.0 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 PDFium \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 PDFium \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e PDF-\u0444\u0430\u0439\u043b\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.securitylab.ru/vulnerability/496829.php\n\nhttps://www.cybersecurity-help.cz/vdb/SB2018120506?affChecked=1\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CNVD-2019-01591
Vulnerability from cnvd - Published: 2019-01-11
VLAI Severity ?
Title
Google Chrome PDFium内存错误引用漏洞(CNVD-2019-01591)
Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。PDFium是其中的一个开源PDF渲染引擎。
Google Chrome 71.0.3578.80之前版本中的PDFium存在内存错误引用漏洞。远程攻击者可借助特制的PDF文件利用该漏洞造成堆损坏。
Severity
中
Patch Name
Google Chrome PDFium内存错误引用漏洞(CNVD-2019-01591)的补丁
Patch Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。PDFium是其中的一个开源PDF渲染引擎。
Google Chrome 71.0.3578.80之前版本中的PDFium存在内存错误引用漏洞。远程攻击者可借助特制的PDF文件利用该漏洞造成堆损坏。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://chromereleases.googleblog.com/
Reference
https://chromereleases.googleblog.com/
https://www.securityfocus.com/bid/106084
Impacted products
| Name | Google Chrome <71.0.3578.80 |
|---|
{
"cves": {
"cve": [
{
"cveNumber": "CVE-2018-17481",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17481"
},
{
"cveNumber": "106084"
}
]
},
"description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002PDFium\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f00\u6e90PDF\u6e32\u67d3\u5f15\u64ce\u3002\n\nGoogle Chrome 71.0.3578.80\u4e4b\u524d\u7248\u672c\u4e2d\u7684PDFium\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684PDF\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5806\u635f\u574f\u3002",
"discovererName": "Guang Gong of Alpha Team, Qihoo 360 via Tianfu Cup, Anonymous, Huyna at Viettel Cyber Security, cloudfuzzer, Zhe Jin,Luyao Liu from Chengdu Security Response Center of Qihoo 360 Technology, Tran Tien Hung (@hungtt28) of Viettel Cyber Security, Jann Horn of",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://chromereleases.googleblog.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-01591",
"openTime": "2019-01-11",
"patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002PDFium\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5f00\u6e90PDF\u6e32\u67d3\u5f15\u64ce\u3002\r\n\r\nGoogle Chrome 71.0.3578.80\u4e4b\u524d\u7248\u672c\u4e2d\u7684PDFium\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684PDF\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5806\u635f\u574f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Chrome PDFium\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2019-01591\uff09\u7684\u8865\u4e01",
"products": {
"product": "Google Chrome \u003c71.0.3578.80"
},
"referenceLink": "https://chromereleases.googleblog.com/\r\nhttps://www.securityfocus.com/bid/106084",
"serverity": "\u4e2d",
"submitTime": "2018-12-06",
"title": "Google Chrome PDFium\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2019-01591\uff09"
}
FKIE_CVE-2018-17481
Vulnerability from fkie_nvd - Published: 2018-12-11 16:29 - Updated: 2024-11-21 03:54
Severity ?
Summary
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| redhat | linux_desktop | 6.0 | |
| redhat | linux_server | 6.0 | |
| redhat | linux_workstation | 6.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F865110F-AA18-4F90-8146-FDED41F503FB",
"versionEndExcluding": "71.0.3578.98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84596649-9CB0-44A7-A8EF-177E0D1640ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B985AFE9-69D3-4BF8-8BCB-18BFC5863BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFEB3E58-B8D9-4A3E-8A11-215B4E7770B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
},
{
"lang": "es",
"value": "El manejo incorrecto del ciclo de vida de objetos en PDFium en Google Chrome, en versiones anteriores a la 71.0.3578.98, permit\u00eda que un atacante remoto pudiese explotar una corrupci\u00f3n de memoria din\u00e1mica (heap) mediante un archivo PDF manipulado."
}
],
"id": "CVE-2018-17481",
"lastModified": "2024-11-21T03:54:30.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-11T16:29:00.700",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/106084"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/901654"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://www.debian.org/security/2019/dsa-4395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/106084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/901654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2019/dsa-4395"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-4753-34XG-V688
Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19
VLAI?
Details
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2018-17481"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-11T16:29:00Z",
"severity": "HIGH"
},
"details": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"id": "GHSA-4753-34xg-v688",
"modified": "2022-05-13T01:19:27Z",
"published": "2022-05-13T01:19:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17481"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html"
},
{
"type": "WEB",
"url": "https://crbug.com/901654"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4395"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106084"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-17481
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-17481",
"description": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"id": "GSD-2018-17481",
"references": [
"https://www.suse.com/security/cve/CVE-2018-17481.html",
"https://www.debian.org/security/2019/dsa-4395",
"https://www.debian.org/security/2018/dsa-4352",
"https://access.redhat.com/errata/RHSA-2018:3803",
"https://security.archlinux.org/CVE-2018-17481"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-17481"
],
"details": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"id": "GSD-2018-17481",
"modified": "2023-12-13T01:22:31.527237Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-17481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "71.0.3578.98"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html"
},
{
"name": "DSA-4395",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4395"
},
{
"name": "https://crbug.com/901654",
"refsource": "MISC",
"url": "https://crbug.com/901654"
},
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "RHSA-2018:3803",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106084"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "71.0.3578.98",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-17481"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
},
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/901654",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/901654"
},
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "DSA-4352",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "RHSA-2018:3803",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "106084",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106084"
},
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html"
},
{
"name": "DSA-4395",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4395"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-08-24T17:37Z",
"publishedDate": "2018-12-11T16:29Z"
}
}
}
OPENSUSE-SU-2018:4143-1
Vulnerability from csaf_opensuse - Published: 2018-12-15 09:27 - Updated: 2018-12-15 09:27Summary
Security update for Chromium
Severity
Important
Notes
Title of the patch: Security update for Chromium
Description of the patch: This update to Chromium 71.0.3578.98 fixes the following issues:
Security issues fixed (boo#1118529):
- CVE-2018-17480: Out of bounds write in V8
- CVE-2018-17481: Use after frees in PDFium
- CVE-2018-18335: Heap buffer overflow in Skia
- CVE-2018-18336: Use after free in PDFium
- CVE-2018-18337: Use after free in Blink
- CVE-2018-18338: Heap buffer overflow in Canvas
- CVE-2018-18339: Use after free in WebAudio
- CVE-2018-18340: Use after free in MediaRecorder
- CVE-2018-18341: Heap buffer overflow in Blink
- CVE-2018-18342: Out of bounds write in V8
- CVE-2018-18343: Use after free in Skia
- CVE-2018-18344: Inappropriate implementation in Extensions
- Multiple issues in SQLite via WebSQL
- CVE-2018-18345: Inappropriate implementation in Site Isolation
- CVE-2018-18346: Incorrect security UI in Blink
- CVE-2018-18347: Inappropriate implementation in Navigation
- CVE-2018-18348: Inappropriate implementation in Omnibox
- CVE-2018-18349: Insufficient policy enforcement in Blink
- CVE-2018-18350: Insufficient policy enforcement in Blink
- CVE-2018-18351: Insufficient policy enforcement in Navigation
- CVE-2018-18352: Inappropriate implementation in Media
- CVE-2018-18353: Inappropriate implementation in Network Authentication
- CVE-2018-18354: Insufficient data validation in Shell Integration
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter
- CVE-2018-18356: Use after free in Skia
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter
- CVE-2018-18358: Insufficient policy enforcement in Proxy
- CVE-2018-18359: Out of bounds read in V8
- Inappropriate implementation in PDFium
- Use after free in Extensions
- Inappropriate implementation in Navigation
- Insufficient policy enforcement in Navigation
- Insufficient policy enforcement in URL Formatter
- Various fixes from internal audits, fuzzing and other initiatives
- CVE-2018-17481: Use after free in PDFium (boo#1119364)
The following changes are included:
- advertisements posing as error messages are now blocked
- Automatic playing of content at page load mostly disabled
- New JavaScript API for relative time display
Patchnames: openSUSE-2018-1558
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.7 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
115 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update to Chromium 71.0.3578.98 fixes the following issues:\n\nSecurity issues fixed (boo#1118529):\n\n- CVE-2018-17480: Out of bounds write in V8\n- CVE-2018-17481: Use after frees in PDFium\n- CVE-2018-18335: Heap buffer overflow in Skia\n- CVE-2018-18336: Use after free in PDFium\n- CVE-2018-18337: Use after free in Blink\n- CVE-2018-18338: Heap buffer overflow in Canvas\n- CVE-2018-18339: Use after free in WebAudio\n- CVE-2018-18340: Use after free in MediaRecorder\n- CVE-2018-18341: Heap buffer overflow in Blink\n- CVE-2018-18342: Out of bounds write in V8\n- CVE-2018-18343: Use after free in Skia\n- CVE-2018-18344: Inappropriate implementation in Extensions\n- Multiple issues in SQLite via WebSQL\n- CVE-2018-18345: Inappropriate implementation in Site Isolation\n- CVE-2018-18346: Incorrect security UI in Blink\n- CVE-2018-18347: Inappropriate implementation in Navigation\n- CVE-2018-18348: Inappropriate implementation in Omnibox\n- CVE-2018-18349: Insufficient policy enforcement in Blink\n- CVE-2018-18350: Insufficient policy enforcement in Blink\n- CVE-2018-18351: Insufficient policy enforcement in Navigation\n- CVE-2018-18352: Inappropriate implementation in Media\n- CVE-2018-18353: Inappropriate implementation in Network Authentication\n- CVE-2018-18354: Insufficient data validation in Shell Integration\n- CVE-2018-18355: Insufficient policy enforcement in URL Formatter\n- CVE-2018-18356: Use after free in Skia\n- CVE-2018-18357: Insufficient policy enforcement in URL Formatter\n- CVE-2018-18358: Insufficient policy enforcement in Proxy\n- CVE-2018-18359: Out of bounds read in V8\n- Inappropriate implementation in PDFium\n- Use after free in Extensions\n- Inappropriate implementation in Navigation\n- Insufficient policy enforcement in Navigation\n- Insufficient policy enforcement in URL Formatter\n- Various fixes from internal audits, fuzzing and other initiatives\n- CVE-2018-17481: Use after free in PDFium (boo#1119364)\n\nThe following changes are included:\n\n- advertisements posing as error messages are now blocked\n- Automatic playing of content at page load mostly disabled\n- New JavaScript API for relative time display\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2018-1558",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_4143-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2018:4143-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46/#PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2018:4143-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46/#PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46"
},
{
"category": "self",
"summary": "SUSE Bug 1118529",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "self",
"summary": "SUSE Bug 1119364",
"url": "https://bugzilla.suse.com/1119364"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17480 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17481 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18335 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18336 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18337 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18338 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18339 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18340 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18341 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18342 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18343 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18344 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18345 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18346 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18347 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18348 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18349 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18350 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18351 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18352 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18353 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18354 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18355 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18356 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18357 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18358 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18359/"
}
],
"title": "Security update for Chromium",
"tracking": {
"current_release_date": "2018-12-15T09:27:33Z",
"generator": {
"date": "2018-12-15T09:27:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2018:4143-1",
"initial_release_date": "2018-12-15T09:27:33Z",
"revision_history": [
{
"date": "2018-12-15T09:27:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-71.0.3578.98-80.1.x86_64",
"product": {
"name": "chromedriver-71.0.3578.98-80.1.x86_64",
"product_id": "chromedriver-71.0.3578.98-80.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-71.0.3578.98-80.1.x86_64",
"product": {
"name": "chromium-71.0.3578.98-80.1.x86_64",
"product_id": "chromium-71.0.3578.98-80.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12 SP2",
"product": {
"name": "SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-71.0.3578.98-80.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64"
},
"product_reference": "chromedriver-71.0.3578.98-80.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-71.0.3578.98-80.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
},
"product_reference": "chromium-71.0.3578.98-80.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-17480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17480"
}
],
"notes": [
{
"category": "general",
"text": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17480",
"url": "https://www.suse.com/security/cve/CVE-2018-17480"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-17480",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-17480",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-17480"
},
{
"cve": "CVE-2018-17481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17481"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17481",
"url": "https://www.suse.com/security/cve/CVE-2018-17481"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-17481",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1119364 for CVE-2018-17481",
"url": "https://bugzilla.suse.com/1119364"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-17481",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-17481"
},
{
"cve": "CVE-2018-18335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18335"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18335",
"url": "https://www.suse.com/security/cve/CVE-2018-18335"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18335"
},
{
"cve": "CVE-2018-18336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18336"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18336",
"url": "https://www.suse.com/security/cve/CVE-2018-18336"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18336",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18336",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18336"
},
{
"cve": "CVE-2018-18337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18337"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18337",
"url": "https://www.suse.com/security/cve/CVE-2018-18337"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18337",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18337",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18337"
},
{
"cve": "CVE-2018-18338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18338"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18338",
"url": "https://www.suse.com/security/cve/CVE-2018-18338"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18338",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18338",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18338"
},
{
"cve": "CVE-2018-18339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18339"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18339",
"url": "https://www.suse.com/security/cve/CVE-2018-18339"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18339",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18339",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18339"
},
{
"cve": "CVE-2018-18340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18340"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18340",
"url": "https://www.suse.com/security/cve/CVE-2018-18340"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18340",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18340",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18340"
},
{
"cve": "CVE-2018-18341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18341"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18341",
"url": "https://www.suse.com/security/cve/CVE-2018-18341"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18341",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18341",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18341"
},
{
"cve": "CVE-2018-18342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18342"
}
],
"notes": [
{
"category": "general",
"text": "Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18342",
"url": "https://www.suse.com/security/cve/CVE-2018-18342"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18342",
"url": "https://bugzilla.suse.com/1118529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18342"
},
{
"cve": "CVE-2018-18343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18343"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18343",
"url": "https://www.suse.com/security/cve/CVE-2018-18343"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18343",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18343",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18343"
},
{
"cve": "CVE-2018-18344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18344"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18344",
"url": "https://www.suse.com/security/cve/CVE-2018-18344"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18344",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18344",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18344"
},
{
"cve": "CVE-2018-18345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18345"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18345",
"url": "https://www.suse.com/security/cve/CVE-2018-18345"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18345",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18345",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18345"
},
{
"cve": "CVE-2018-18346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18346"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18346",
"url": "https://www.suse.com/security/cve/CVE-2018-18346"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18346",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18346",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18346"
},
{
"cve": "CVE-2018-18347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18347"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18347",
"url": "https://www.suse.com/security/cve/CVE-2018-18347"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18347",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18347",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18347"
},
{
"cve": "CVE-2018-18348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18348"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18348",
"url": "https://www.suse.com/security/cve/CVE-2018-18348"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18348",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18348",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18348"
},
{
"cve": "CVE-2018-18349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18349"
}
],
"notes": [
{
"category": "general",
"text": "Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18349",
"url": "https://www.suse.com/security/cve/CVE-2018-18349"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18349",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18349",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18349"
},
{
"cve": "CVE-2018-18350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18350"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18350",
"url": "https://www.suse.com/security/cve/CVE-2018-18350"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18350",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18350",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18350"
},
{
"cve": "CVE-2018-18351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18351"
}
],
"notes": [
{
"category": "general",
"text": "Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18351",
"url": "https://www.suse.com/security/cve/CVE-2018-18351"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18351",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18351",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18351"
},
{
"cve": "CVE-2018-18352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18352"
}
],
"notes": [
{
"category": "general",
"text": "Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18352",
"url": "https://www.suse.com/security/cve/CVE-2018-18352"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18352",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18352",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18352"
},
{
"cve": "CVE-2018-18353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18353"
}
],
"notes": [
{
"category": "general",
"text": "Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18353",
"url": "https://www.suse.com/security/cve/CVE-2018-18353"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18353",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18353",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18353"
},
{
"cve": "CVE-2018-18354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18354"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18354",
"url": "https://www.suse.com/security/cve/CVE-2018-18354"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18354",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18354",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18354"
},
{
"cve": "CVE-2018-18355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18355"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18355",
"url": "https://www.suse.com/security/cve/CVE-2018-18355"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18355",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18355",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18355"
},
{
"cve": "CVE-2018-18356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18356"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18356",
"url": "https://www.suse.com/security/cve/CVE-2018-18356"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18356"
},
{
"cve": "CVE-2018-18357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18357"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18357",
"url": "https://www.suse.com/security/cve/CVE-2018-18357"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18357",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18357",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18357"
},
{
"cve": "CVE-2018-18358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18358"
}
],
"notes": [
{
"category": "general",
"text": "Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18358",
"url": "https://www.suse.com/security/cve/CVE-2018-18358"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18358",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18358",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18358"
},
{
"cve": "CVE-2018-18359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18359"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18359",
"url": "https://www.suse.com/security/cve/CVE-2018-18359"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18359",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18359",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "important"
}
],
"title": "CVE-2018-18359"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…