VuXML: chromium -- multiple vulnerabilities

VuXML ID	8e986b2b-1baa-11e8-a944-54ee754af08e
Discovery	2017-08-09
Entry	2018-02-27

Google Chrome Releases reports:

Several security fixes in this release, including:

[780450] High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01

[787103] High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-20

[793620] High CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen on 2017-12-09

[784183] Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein (www.trapkit.de) on 2017-11-12

[797500] Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23

[797500] Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23

[753645] Medium CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone of Context Information Security on 2017-08-09

[774174] Medium CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer on 2017-10-12

[775527] Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on 2017-10-17

[778658] Medium CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-26

[760342] Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on 2017-08-29

[773930] Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on 2017-10-12

[785809] Medium CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL on 2017-11-16

[797497] Medium CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23

[798163] Medium CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-31

[799847] Medium CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa on 2018-01-08

[763194] Low CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-09-08

[771848] Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall (@_aaspring_) on 2017-10-05

[774438] Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-13

[774842] Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on 2017-10-15

[441275] Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso (@asanso) on 2014-12-11

[615608] Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek on 2016-05-28

[758169] Low CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov on 2017-08-23

[797511] Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on 2017-12-24

[source]

CVE Name	CVE-2017-15420
CVE Name	CVE-2018-6031
CVE Name	CVE-2018-6032
CVE Name	CVE-2018-6033
CVE Name	CVE-2018-6034
CVE Name	CVE-2018-6035
CVE Name	CVE-2018-6036
CVE Name	CVE-2018-6037
CVE Name	CVE-2018-6038
CVE Name	CVE-2018-6039
CVE Name	CVE-2018-6040
CVE Name	CVE-2018-6041
CVE Name	CVE-2018-6042
CVE Name	CVE-2018-6043
CVE Name	CVE-2018-6045
CVE Name	CVE-2018-6046
CVE Name	CVE-2018-6047
CVE Name	CVE-2018-6048
CVE Name	CVE-2018-6049
CVE Name	CVE-2018-6050
CVE Name	CVE-2018-6051
CVE Name	CVE-2018-6052
CVE Name	CVE-2018-6053
CVE Name	CVE-2018-6054
URL	https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html

chromium -- multiple vulnerabilities

Details

References