Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2018-6044: Important: chromium-browser security update (RHSA-2018:2282)

Back to Search

Red Hat: CVE-2018-6044: Important: chromium-browser security update (RHSA-2018:2282)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
07/24/2018
Created
03/19/2019
Added
07/31/2018
Modified
09/24/2018

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From RHSA-2018:2282:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 68.0.3440.75.

Security Fix(es):

chromium-browser: Stack buffer overflow in Skia (CVE-2018-6153)chromium-browser: Heap buffer overflow in WebGL (CVE-2018-6154)chromium-browser: Use after free in WebRTC (CVE-2018-6155)chromium-browser: Heap buffer overflow in WebRTC (CVE-2018-6156)chromium-browser: Type confusion in WebRTC (CVE-2018-6157)chromium-browser: Cross origin information disclosure in Service Workers (CVE-2018-6150)chromium-browser: Bad cast in DevTools (CVE-2018-6151)chromium-browser: Local file write in DevTools (CVE-2018-6152)chromium-browser: Use after free in Blink (CVE-2018-6158)chromium-browser: Same origin policy bypass in ServiceWorker (CVE-2018-6159)chromium-browser: Same origin policy bypass in WebAudio (CVE-2018-6161)chromium-browser: Heap buffer overflow in WebGL (CVE-2018-6162)chromium-browser: URL spoof in Omnibox (CVE-2018-6163)chromium-browser: Same origin policy bypass in ServiceWorker (CVE-2018-6164)chromium-browser: URL spoof in Omnibox (CVE-2018-6165)chromium-browser: URL spoof in Omnibox (CVE-2018-6166)chromium-browser: URL spoof in Omnibox (CVE-2018-6167)chromium-browser: CORS bypass in Blink (CVE-2018-6168)chromium-browser: Permissions bypass in extension installation (CVE-2018-6169)chromium-browser: Type confusion in PDFium (CVE-2018-6170)chromium-browser: Use after free in WebBluetooth (CVE-2018-6171)chromium-browser: URL spoof in Omnibox (CVE-2018-6172)chromium-browser: URL spoof in Omnibox (CVE-2018-6173)chromium-browser: Integer overflow in SwiftShader (CVE-2018-6174)chromium-browser: URL spoof in Omnibox (CVE-2018-6175)chromium-browser: Local user privilege escalation in Extensions (CVE-2018-6176)chromium-browser: Cross origin information leak in Blink (CVE-2018-4117)chromium-browser: Request privilege escalation in Extensions (CVE-2018-6044)chromium-browser: Cross origin information leak in Blink (CVE-2018-6177)chromium-browser: UI spoof in Extensions (CVE-2018-6178)chromium-browser: Local file information leak in Extensions (CVE-2018-6179)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution(s)

  • redhat-upgrade-chromium-browser
  • redhat-upgrade-chromium-browser-debuginfo

References

  • redhat-upgrade-chromium-browser
  • redhat-upgrade-chromium-browser-debuginfo

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;