Bug 8161

Summary: [UPDATE REQUEST 2016.1] chromium-browser-stable CVE-2018-6037
Product: [ROSA-based products] ROSA Fresh Reporter: Алексей-З <a.zimin>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: andrey.bondrov, v.potapov, zombie.ryushu
Version: FreshFlags: v.potapov: qa_verified-
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Алексей-З 2017-07-21 19:59:57 MSK 
Обновился Хромиум.
Comment 1 Алексей-З 2017-07-21 21:21:24 MSK 
harfbuzz 1.4.7
https://abf.io/build_lists/2883310
https://abf.io/build_lists/2883311

chromium-browser-stable 59.0.3071.115
https://abf.io/build_lists/2883313
https://abf.io/build_lists/2883314
Comment 2 Алексей-З 2017-07-29 23:17:58 MSK 
Add Remove chromium-browser-install package

chromium-browser-stable 59.0.3071.115-2
https://abf.io/build_lists/2884552
https://abf.io/build_lists/2884553
Comment 3 Vladimir Potapov 2017-08-04 12:36:08 MSK 
The update is sent to expanded testing
*****************************************
Comment 4 Vladimir Potapov 2017-08-07 18:59:29 MSK 
harfbuzz-1.4.7-1
https://abf.io/build_lists/2883310
https://abf.io/build_lists/2883311

chromium-browser-stable-59.0.3071.115-2
https://abf.io/build_lists/2884552
https://abf.io/build_lists/2884553
************************** Advisory *********************
Add Remove chromium-browser-install package
up to 59.0.3071.115-2 with new harfbuzz
**********************************************************
QA Verified
Comment 5 Алексей-З 2017-08-10 03:32:55 MSK 
chromium-browser-stable 60.0.3112.90
https://abf.io/build_lists/2885808
https://abf.io/build_lists/2885809
Comment 6 Vladimir Potapov 2017-08-11 12:50:31 MSK 
The update is sent to expanded testing
**************************************
Comment 7 Vladimir Potapov 2017-08-16 08:20:48 MSK 
chromium-browser-stable-60.0.3112.90-1
https://abf.io/build_lists/2885808
https://abf.io/build_lists/2885809
***************************** Advisory **************************
Updated to 60.0.3112.90
*****************************************************************
QA Verified
Comment 8 Алексей-З 2017-08-26 19:58:27 MSK 
Updated 60.0.3112.101
https://abf.io/build_lists/2888552
https://abf.io/build_lists/2888554
Comment 9 Алексей-З 2017-08-29 01:56:47 MSK 
Updated Bookmarks
https://abf.io/build_lists/2889082
https://abf.io/build_lists/2889083
Comment 10 Vladimir Potapov 2017-09-07 18:44:58 MSK 
1) Не работает установка браузера по-умолчанию кнопкой, хотя спрашивает
2) Стартовая страница - не стандартная росная. Т.к. хромиум у нас бывает в образах, это неправильно
Comment 11 Алексей-З 2017-09-23 09:46:21 MSK 
Updated to 61.0.3163.91
https://abf.io/build_lists/2894932
https://abf.io/build_lists/2894933
Comment 12 Алексей-З 2017-09-25 15:31:46 MSK 
Updated to 61.0.3163.100
https://abf.io/build_lists/2895128
https://abf.io/build_lists/2895125
Comment 13 Vladimir Potapov 2017-09-29 16:32:37 MSK 
************************
QA Denied
Comment 14 Zombie Ryushu 2018-02-03 16:37:02 MSK 
Several vulnerabilities have been discovered in the chromium web browser.

    CVE-2017-15420

    Drew Springall discovered a URL spoofing issue.
    CVE-2017-15429

    A cross-site scripting issue was discovered in the v8 javascript library.
    CVE-2018-6031

    A use-after-free issue was discovered in the pdfium library.
    CVE-2018-6032

    Jun Kokatsu discovered a way to bypass the same origin policy.
    CVE-2018-6033

    Juho Nurminen discovered a race condition when opening downloaded files.
    CVE-2018-6034

    Tobias Klein discovered an integer overflow issue.
    CVE-2018-6035

    Rob Wu discovered a way for extensions to access devtools.
    CVE-2018-6036

    UK's National Cyber Security Centre discovered an integer overflow issue.
    CVE-2018-6037

    Paul Stone discovered an issue in the autofill feature.
    CVE-2018-6038

    cloudfuzzer discovered a buffer overflow issue.
    CVE-2018-6039

    Juho Nurminen discovered a cross-site scripting issue in the developer tools.
    CVE-2018-6040

    WenXu Wu discovered a way to bypass the content security policy.
    CVE-2018-6041

    Luan Herrera discovered a URL spoofing issue.
    CVE-2018-6042

    Khalil Zhani discovered a URL spoofing issue.
    CVE-2018-6043

    A character escaping issue was discovered.
    CVE-2018-6045

    Rob Wu discovered a way for extensions to access devtools.
    CVE-2018-6046

    Rob Wu discovered a way for extensions to access devtools.
    CVE-2018-6047

    Masato Kinugawa discovered an information leak issue.
    CVE-2018-6048

    Jun Kokatsu discovered a way to bypass the referrer policy.
    CVE-2018-6049

    WenXu Wu discovered a user interface spoofing issue.
    CVE-2018-6050

    Jonathan Kew discovered a URL spoofing issue.
    CVE-2018-6051

    Antonio Sanso discovered an information leak issue.
    CVE-2018-6052

    Tanner Emek discovered that the referrer policy implementation was incomplete.
    CVE-2018-6053

    Asset Kabdenov discovered an information leak issue.
    CVE-2018-6054

    Rob Wu discovered a use-after-free issue.
Comment 15 Zombie Ryushu 2018-02-27 03:54:14 MSK 
Presumed Fixed by Chromium 64. Will open another bug if more CVEs appear.