{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"71.0.3578.98-80.1","chromium":"71.0.3578.98-80.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP2","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"71.0.3578.98-80.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update to Chromium 71.0.3578.98 fixes the following issues:\n\nSecurity issues fixed (boo#1118529):\n\n- CVE-2018-17480: Out of bounds write in V8\n- CVE-2018-17481: Use after frees in PDFium\n- CVE-2018-18335: Heap buffer overflow in Skia\n- CVE-2018-18336: Use after free in PDFium\n- CVE-2018-18337: Use after free in Blink\n- CVE-2018-18338: Heap buffer overflow in Canvas\n- CVE-2018-18339: Use after free in WebAudio\n- CVE-2018-18340: Use after free in MediaRecorder\n- CVE-2018-18341: Heap buffer overflow in Blink\n- CVE-2018-18342: Out of bounds write in V8\n- CVE-2018-18343: Use after free in Skia\n- CVE-2018-18344: Inappropriate implementation in Extensions\n- Multiple issues in SQLite via WebSQL\n- CVE-2018-18345: Inappropriate implementation in Site Isolation\n- CVE-2018-18346: Incorrect security UI in Blink\n- CVE-2018-18347: Inappropriate implementation in Navigation\n- CVE-2018-18348: Inappropriate implementation in Omnibox\n- CVE-2018-18349: Insufficient policy enforcement in Blink\n- CVE-2018-18350: Insufficient policy enforcement in Blink\n- CVE-2018-18351: Insufficient policy enforcement in Navigation\n- CVE-2018-18352: Inappropriate implementation in Media\n- CVE-2018-18353: Inappropriate implementation in Network Authentication\n- CVE-2018-18354: Insufficient data validation in Shell Integration\n- CVE-2018-18355: Insufficient policy enforcement in URL Formatter\n- CVE-2018-18356: Use after free in Skia\n- CVE-2018-18357: Insufficient policy enforcement in URL Formatter\n- CVE-2018-18358: Insufficient policy enforcement in Proxy\n- CVE-2018-18359: Out of bounds read in V8\n- Inappropriate implementation in PDFium\n- Use after free in Extensions\n- Inappropriate implementation in Navigation\n- Insufficient policy enforcement in Navigation\n- Insufficient policy enforcement in URL Formatter\n- Various fixes from internal audits, fuzzing and other initiatives\n- CVE-2018-17481: Use after free in PDFium (boo#1119364)\n\nThe following changes are included:\n\n- advertisements posing as error messages are now blocked\n- Automatic playing of content at page load mostly disabled\n- New JavaScript API for relative time display\n","id":"openSUSE-SU-2018:4143-1","modified":"2018-12-15T09:27:33Z","published":"2018-12-15T09:27:33Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46/#PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118529"},{"type":"REPORT","url":"https://bugzilla.suse.com/1119364"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17480"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17481"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18335"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18336"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18337"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18338"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18339"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18340"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18341"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18342"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18343"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18344"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18345"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18346"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18347"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18348"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18349"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18350"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18351"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18352"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18353"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18354"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18355"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18356"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18357"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18358"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18359"}],"related":["CVE-2018-17480","CVE-2018-17481","CVE-2018-18335","CVE-2018-18336","CVE-2018-18337","CVE-2018-18338","CVE-2018-18339","CVE-2018-18340","CVE-2018-18341","CVE-2018-18342","CVE-2018-18343","CVE-2018-18344","CVE-2018-18345","CVE-2018-18346","CVE-2018-18347","CVE-2018-18348","CVE-2018-18349","CVE-2018-18350","CVE-2018-18351","CVE-2018-18352","CVE-2018-18353","CVE-2018-18354","CVE-2018-18355","CVE-2018-18356","CVE-2018-18357","CVE-2018-18358","CVE-2018-18359"],"summary":"Security update for Chromium","upstream":["CVE-2018-17480","CVE-2018-17481","CVE-2018-18335","CVE-2018-18336","CVE-2018-18337","CVE-2018-18338","CVE-2018-18339","CVE-2018-18340","CVE-2018-18341","CVE-2018-18342","CVE-2018-18343","CVE-2018-18344","CVE-2018-18345","CVE-2018-18346","CVE-2018-18347","CVE-2018-18348","CVE-2018-18349","CVE-2018-18350","CVE-2018-18351","CVE-2018-18352","CVE-2018-18353","CVE-2018-18354","CVE-2018-18355","CVE-2018-18356","CVE-2018-18357","CVE-2018-18358","CVE-2018-18359"]}