Debian Chromium vulnerabilities

CVE-2018-18342 [HIGH] CVE-2018-18342: chromium - Execution of user supplied Javascript during object deserialization can update o... Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1

CVE-2018-18339 [HIGH] CVE-2018-18339: chromium - Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 al... Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in 71.0.3578.80-1) trixie: resolv

CVE-2018-18337 [HIGH] CVE-2018-18337: chromium - Incorrect handling of stylesheets leading to a use after free in Blink in Google... Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed i

CVE-2018-18336 [HIGH] CVE-2018-18336: chromium - Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allo... Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in 71.0.3578.80-1) trixie: resolved

CVE-2018-18343 [HIGH] CVE-2018-18343: chromium - Incorrect handing of paths leading to a use after free in Skia in Google Chrome ... Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in 71.0.3

CVE-2018-18338 [HIGH] CVE-2018-18338: chromium - Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0... Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in 71.0.3578.80-1) tri

CVE-2018-18347 [HIGH] CVE-2018-18347: chromium - Incorrect handling of failed navigations with invalid URLs in Navigation in Goog... Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.

CVE-2018-20065 [HIGH] CVE-2018-20065: chromium - Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed ... Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in 71.0.3578.

CVE-2018-18335 [HIGH] CVE-2018-18335: chromium - Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a re... Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in 71.0.3578.80-1) trixie: resolved (fixed

CVE-2018-18356 [HIGH] CVE-2018-18356: chromium - An integer overflow in path handling lead to a use after free in Skia in Google ... An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in

CVE-2018-18354 [HIGH] CVE-2018-18354: chromium - Insufficient validate of external protocols in Shell Integration in Google Chrom... Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in 71.0

CVE-2018-17481 [HIGH] CVE-2018-17481: chromium - Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.357... Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in 71.0.3578.80-1) trixie:

CVE-2018-18341 [HIGH] CVE-2018-18341: chromium - An integer overflow leading to a heap buffer overflow in Blink in Google Chrome ... An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in 71.0.3

CVE-2018-17480 [HIGH] CVE-2018-17480: chromium - Execution of user supplied Javascript during array deserialization leading to an... Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed i

CVE-2018-20066 [HIGH] CVE-2018-20066: chromium - Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 ... Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in 71.0.3578.80-1) trixie: reso

CVE-2018-18340 [HIGH] CVE-2018-18340: chromium - Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.... Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in 71.0.3578.80-1) trixie: r

CVE-2018-18359 [HIGH] CVE-2018-18359: chromium - Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.357... Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: resolved (fixed in 71.0.3578.80-1) trixie

CVE-2018-20346 [HIGH] CVE-2018-20346: chromium - SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer ... SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. Scope: loc

CVE-2018-20072 [HIGH] CVE-2018-20072: chromium - Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allow... Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in

CVE-2018-18352 [MEDIUM] CVE-2018-18352: chromium - Service works could inappropriately gain access to cross origin audio in Media i... Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page. Scope: local bookworm: resolved (fixed in 71.0.3578.80-1) bullseye: resolved (fixed in 71.0.3578.80-1) forky: resolved (fixed in 71.0.3578.80-1) sid: