VuXML: chromium -- multiple vulnerabilities

VuXML ID	546d4dd4-10ea-11e9-b407-080027ef1a23
Discovery	2018-12-04
Entry	2019-01-05

Google Chrome Releases reports:

43 security fixes in this release, including:

High CVE-2018-17480: Out of bounds write in V8

High CVE-2018-17481: Use after free in PDFium

High CVE-2018-18335: Heap buffer overflow in Skia

High CVE-2018-18336: Use after free in PDFium

High CVE-2018-18337: Use after free in Blink

High CVE-2018-18338: Heap buffer overflow in Canvas

High CVE-2018-18339: Use after free in WebAudio

High CVE-2018-18340: Use after free in MediaRecorder

High CVE-2018-18341: Heap buffer overflow in Blink

High CVE-2018-18342: Out of bounds write in V8

High CVE-2018-18343: Use after free in Skia

High CVE-2018-18344: Inappropriate implementation in Extensions

High To be allocated: Multiple issues in SQLite via WebSQL

Medium CVE-2018-18345: Inappropriate implementation in Site Isolation

Medium CVE-2018-18346: Incorrect security UI in Blink

Medium CVE-2018-18347: Inappropriate implementation in Navigation

Medium CVE-2018-18348: Inappropriate implementation in Omnibox

Medium CVE-2018-18349: Insufficient policy enforcement in Blink

Medium CVE-2018-18350: Insufficient policy enforcement in Blink

Medium CVE-2018-18351: Insufficient policy enforcement in Navigation

Medium CVE-2018-18352: Inappropriate implementation in Media

Medium CVE-2018-18353: Inappropriate implementation in Network Authentication

Medium CVE-2018-18354: Insufficient data validation in Shell Integration

Medium CVE-2018-18355: Insufficient policy enforcement in URL Formatter

Medium CVE-2018-18356: Use after free in Skia

Medium CVE-2018-18357: Insufficient policy enforcement in URL Formatter

Medium CVE-2018-18358: Insufficient policy enforcement in Proxy

Medium CVE-2018-18359: Out of bounds read in V8

Low To be allocated: Inappropriate implementation in PDFium

Low To be allocated: Use after free in Extensions

Low To be allocated: Inappropriate implementation in Navigation

Low To be allocated: Inappropriate implementation in Navigation

Low To be allocated: Insufficient policy enforcement in Navigation

Low To be allocated: Insufficient policy enforcement in URL Formatter

Medium To be allocated: Insufficient policy enforcement in Payments

Various fixes from internal audits, fuzzing and other initiatives

[source]

chromium -- multiple vulnerabilities

Details

References

CVE Name	CVE-2018-17480
CVE Name	CVE-2018-17481
CVE Name	CVE-2018-18335
CVE Name	CVE-2018-18336
CVE Name	CVE-2018-18337
CVE Name	CVE-2018-18338
CVE Name	CVE-2018-18339
CVE Name	CVE-2018-18340
CVE Name	CVE-2018-18341
CVE Name	CVE-2018-18342
CVE Name	CVE-2018-18343
CVE Name	CVE-2018-18344
CVE Name	CVE-2018-18345
CVE Name	CVE-2018-18346
CVE Name	CVE-2018-18347
CVE Name	CVE-2018-18348
CVE Name	CVE-2018-18349
CVE Name	CVE-2018-18350
CVE Name	CVE-2018-18351
CVE Name	CVE-2018-18352
CVE Name	CVE-2018-18353
CVE Name	CVE-2018-18354
CVE Name	CVE-2018-18355
CVE Name	CVE-2018-18356
CVE Name	CVE-2018-18357
CVE Name	CVE-2018-18358
CVE Name	CVE-2018-18359
URL	https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html