CVE-2018-1195
published 2018-03-19CVE-2018-1195: In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh…
PriorityP351high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.99%
58.2th percentile
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudfoundry | capi-release | < 1.46.0 | 1.46.0 |
| cloudfoundry | cf-deployment | < 1.3.0 | 1.3.0 |
| cloudfoundry | cf-release | < 283 | 283 |
| dell_emc | cloud_controller | — | — |
| dell_emc | cloud_controller | — | — |
| dell_emc | cloud_controller | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-13153 ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c
bugzilla·2018-07-05·CVSS 6.5
CVE-2018-13153 [MEDIUM] CVE-2018-13153 ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c
CVE-2018-13153 ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c
A flaw was found in ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
References:
https://github.com/ImageMagick/ImageMagick/issues/1195
Upstream Patch:
https://github.com/ImageMagick/ImageMagick/commit/4ab4849d667e26df0e63ece9d63ae23bc7ab0fa1
https://github.com/ImageMagick/ImageMagick6/commit/6ce6d25b47caf9b6b2979a510b6202ce0f3dd2d4
Discussion:
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1598472]
---
A memory leak is present in magick/animate.c:XMagickCommand, where the memory for an array of strings, named `filelist`, is allocated but not correctly released in case the function ExpandFilenames return an er
Bugzilla
CVE-2018-6103 chromium-browser: UI spoof in Permissions
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6103 [MEDIUM] CVE-2018-6103 chromium-browser: UI spoof in Permissions
CVE-2018-6103 chromium-browser: UI spoof in Permissions
An ui spoof flaw was found in the Permissions component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=816033
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6100 chromium-browser: URL spoof in Omnibox
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6100 [MEDIUM] CVE-2018-6100 chromium-browser: URL spoof in Omnibox
CVE-2018-6100 chromium-browser: URL spoof in Omnibox
An url spoof flaw was found in the Omnibox component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=811117
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6097 chromium-browser: Fullscreen UI spoof
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6097 [MEDIUM] CVE-2018-6097 chromium-browser: Fullscreen UI spoof
CVE-2018-6097 chromium-browser: Fullscreen UI spoof
The following flaw was identified in the Chromium browser: Fullscreen UI spoof.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=806162
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6092 chromium-browser: Integer overflow in WebAssembly
bugzilla·2018-04-18·CVSS 8.8
CVE-2018-6092 [HIGH] CVE-2018-6092 chromium-browser: Integer overflow in WebAssembly
CVE-2018-6092 chromium-browser: Integer overflow in WebAssembly
An integer overflow flaw was found in the WebAssembly component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=819869
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6094 chromium-browser: Exploit hardening regression in Oilpan
bugzilla·2018-04-18·CVSS 8.8
CVE-2018-6094 [HIGH] CVE-2018-6094 chromium-browser: Exploit hardening regression in Oilpan
CVE-2018-6094 chromium-browser: Exploit hardening regression in Oilpan
An exploit hardening regression flaw was found in the Oilpan component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=633030
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6101 chromium-browser: Insufficient protection of remote debugging prototol in DevTools
bugzilla·2018-04-18·CVSS 7.5
CVE-2018-6101 [HIGH] CVE-2018-6101 chromium-browser: Insufficient protection of remote debugging prototol in DevTools
CVE-2018-6101 chromium-browser: Insufficient protection of remote debugging prototol in DevTools
An insufficient protection of remote debugging prototol flaw was found in the DevTools component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=813540
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6104 chromium-browser: URL spoof in Omnibox
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6104 [MEDIUM] CVE-2018-6104 chromium-browser: URL spoof in Omnibox
CVE-2018-6104 chromium-browser: URL spoof in Omnibox
An url spoof flaw was found in the Omnibox component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=820068
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6108 chromium-browser: URL spoof in Omnibox
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6108 [MEDIUM] CVE-2018-6108 chromium-browser: URL spoof in Omnibox
CVE-2018-6108 chromium-browser: URL spoof in Omnibox
An url spoof flaw was found in the Omnibox component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=816769
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6098 chromium-browser: URL spoof in Omnibox
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6098 [MEDIUM] CVE-2018-6098 chromium-browser: URL spoof in Omnibox
CVE-2018-6098 chromium-browser: URL spoof in Omnibox
An url spoof flaw was found in the Omnibox component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=798892
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6088 chromium-browser: Use after free in PDFium
bugzilla·2018-04-18·CVSS 8.8
CVE-2018-6088 [HIGH] CVE-2018-6088 chromium-browser: Use after free in PDFium
CVE-2018-6088 chromium-browser: Use after free in PDFium
An use after free flaw was found in the PDFium component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=822091
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6095 chromium-browser: Lack of meaningful user interaction requirement before file upload
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6095 [MEDIUM] CVE-2018-6095 chromium-browser: Lack of meaningful user interaction requirement before file upload
CVE-2018-6095 chromium-browser: Lack of meaningful user interaction requirement before file upload
The following flaw was identified in the Chromium browser: Lack of meaningful user interaction requirement before file upload.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=637098
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6116 chromium-browser: Incorrect low memory handling in WebAssembly
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6116 [MEDIUM] CVE-2018-6116 chromium-browser: Incorrect low memory handling in WebAssembly
CVE-2018-6116 chromium-browser: Incorrect low memory handling in WebAssembly
An incorrect low memory handling flaw was found in the WebAssembly component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=822266
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6114 chromium-browser: CSP bypass
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6114 [MEDIUM] CVE-2018-6114 chromium-browser: CSP bypass
CVE-2018-6114 chromium-browser: CSP bypass
The following flaw was identified in the Chromium browser: CSP bypass.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=811691
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6105 chromium-browser: URL spoof in Omnibox
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6105 [MEDIUM] CVE-2018-6105 chromium-browser: URL spoof in Omnibox
CVE-2018-6105 chromium-browser: URL spoof in Omnibox
An url spoof flaw was found in the Omnibox component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=803571
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6086 chromium-browser: Use after free in Disk Cache
bugzilla·2018-04-18·CVSS 8.8
CVE-2018-6086 [HIGH] CVE-2018-6086 chromium-browser: Use after free in Disk Cache
CVE-2018-6086 chromium-browser: Use after free in Disk Cache
An use after free flaw was found in the Disk Cache component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=827492
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6099 chromium-browser: CORS bypass in ServiceWorker
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6099 [MEDIUM] CVE-2018-6099 chromium-browser: CORS bypass in ServiceWorker
CVE-2018-6099 chromium-browser: CORS bypass in ServiceWorker
A cors bypass flaw was found in the ServiceWorker component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=808825
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6093 chromium-browser: Same origin bypass in Service Worker
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6093 [MEDIUM] CVE-2018-6093 chromium-browser: Same origin bypass in Service Worker
CVE-2018-6093 chromium-browser: Same origin bypass in Service Worker
A same origin bypass flaw was found in the Service Worker component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=780435
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6112 chromium-browser: Incorrect URL handling in DevTools
bugzilla·2018-04-18·CVSS 4.3
CVE-2018-6112 [MEDIUM] CVE-2018-6112 chromium-browser: Incorrect URL handling in DevTools
CVE-2018-6112 chromium-browser: Incorrect URL handling in DevTools
An incorrect url handling flaw was found in the DevTools component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=798096
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6087 chromium-browser: Use after free in WebAssembly
bugzilla·2018-04-18·CVSS 8.8
CVE-2018-6087 [HIGH] CVE-2018-6087 chromium-browser: Use after free in WebAssembly
CVE-2018-6087 chromium-browser: Use after free in WebAssembly
An use after free flaw was found in the WebAssembly component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=813876
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6107 chromium-browser: URL spoof in Omnibox
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6107 [MEDIUM] CVE-2018-6107 chromium-browser: URL spoof in Omnibox
CVE-2018-6107 chromium-browser: URL spoof in Omnibox
An url spoof flaw was found in the Omnibox component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=808316
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6106 chromium-browser: Incorrect handling of promises in V8
bugzilla·2018-04-18·CVSS 8.8
CVE-2018-6106 [HIGH] CVE-2018-6106 chromium-browser: Incorrect handling of promises in V8
CVE-2018-6106 chromium-browser: Incorrect handling of promises in V8
An incorrect handling of promises flaw was found in the V8 component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=805729
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6113 chromium-browser: URL spoof in Navigation
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6113 [MEDIUM] CVE-2018-6113 chromium-browser: URL spoof in Navigation
CVE-2018-6113 chromium-browser: URL spoof in Navigation
An url spoof flaw was found in the Navigation component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=805900
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6089 chromium-browser: Same origin policy bypass in Service Worker
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6089 [MEDIUM] CVE-2018-6089 chromium-browser: Same origin policy bypass in Service Worker
CVE-2018-6089 chromium-browser: Same origin policy bypass in Service Worker
A same origin policy bypass flaw was found in the Service Worker component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=808838
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6110 chromium-browser: Incorrect handling of plaintext files via file://
bugzilla·2018-04-18·CVSS 5.4
CVE-2018-6110 [MEDIUM] CVE-2018-6110 chromium-browser: Incorrect handling of plaintext files via file://
CVE-2018-6110 chromium-browser: Incorrect handling of plaintext files via file://
The following flaw was identified in the Chromium browser: Incorrect handling of plaintext files via file:// .
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=777737
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6091 chromium-browser: Incorrect handling of plug-ins by Service Worker
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6091 [MEDIUM] CVE-2018-6091 chromium-browser: Incorrect handling of plug-ins by Service Worker
CVE-2018-6091 chromium-browser: Incorrect handling of plug-ins by Service Worker
The following flaw was identified in the Chromium browser: Incorrect handling of plug-ins by Service Worker.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=771933
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6117 chromium-browser: Confusing autofill settings
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6117 [MEDIUM] CVE-2018-6117 chromium-browser: Confusing autofill settings
CVE-2018-6117 chromium-browser: Confusing autofill settings
The following flaw was identified in the Chromium browser: Confusing autofill settings.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=822465
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6090 chromium-browser: Heap buffer overflow in Skia
bugzilla·2018-04-18·CVSS 8.8
CVE-2018-6090 [HIGH] CVE-2018-6090 chromium-browser: Heap buffer overflow in Skia
CVE-2018-6090 chromium-browser: Heap buffer overflow in Skia
A heap buffer overflow flaw was found in the Skia component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=820913
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6111 chromium-browser: Heap-use-after-free in DevTools
bugzilla·2018-04-18·CVSS 8.8
CVE-2018-6111 [HIGH] CVE-2018-6111 chromium-browser: Heap-use-after-free in DevTools
CVE-2018-6111 chromium-browser: Heap-use-after-free in DevTools
A heap-use-after-free flaw was found in the DevTools component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=780694
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6096 chromium-browser: Fullscreen UI spoof
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6096 [MEDIUM] CVE-2018-6096 chromium-browser: Fullscreen UI spoof
CVE-2018-6096 chromium-browser: Fullscreen UI spoof
The following flaw was identified in the Chromium browser: Fullscreen UI spoof.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=776418
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6109 chromium-browser: Incorrect handling of files by FileAPI
bugzilla·2018-04-18·CVSS 6.5
CVE-2018-6109 [MEDIUM] CVE-2018-6109 chromium-browser: Incorrect handling of files by FileAPI
CVE-2018-6109 chromium-browser: Incorrect handling of files by FileAPI
The following flaw was identified in the Chromium browser: Incorrect handling of files by FileAPI.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=710190
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6085 chromium-browser: Use after free in Disk Cache
bugzilla·2018-04-18·CVSS 8.8
CVE-2018-6085 [HIGH] CVE-2018-6085 chromium-browser: Use after free in Disk Cache
CVE-2018-6085 chromium-browser: Use after free in Disk Cache
An use after free flaw was found in the Disk Cache component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=826626
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
Bugzilla
CVE-2018-6102 chromium-browser: URL spoof in Omnibox
bugzilla·2018-04-18·CVSS 4.3
CVE-2018-6102 [MEDIUM] CVE-2018-6102 chromium-browser: URL spoof in Omnibox
CVE-2018-6102 chromium-browser: URL spoof in Omnibox
An url spoof flaw was found in the Omnibox component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=813814
External References:
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1568801]
Affects: epel-7 [bug 1568800]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:1195 https://access.redhat.com/errata/RHSA-2018:1195
2018-03-19
Published