Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0185
Chrome Stable Channel Update for Desktop 68.0.3440.75
25 July 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Google Chrome
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-6179 CVE-2018-6178 CVE-2018-6177
CVE-2018-6176 CVE-2018-6175 CVE-2018-6174
CVE-2018-6173 CVE-2018-6172 CVE-2018-6171
CVE-2018-6170 CVE-2018-6169 CVE-2018-6168
CVE-2018-6167 CVE-2018-6166 CVE-2018-6165
CVE-2018-6164 CVE-2018-6163 CVE-2018-6162
CVE-2018-6161 CVE-2018-6160 CVE-2018-6159
CVE-2018-6158 CVE-2018-6157 CVE-2018-6156
CVE-2018-6155 CVE-2018-6154 CVE-2018-6153
CVE-2018-6044 CVE-2018-4117
Member content until: Friday, August 24 2018
Reference: ESB-2018.1327
ESB-2018.0970
ESB-2018.0964
ESB-2018.0963
OVERVIEW
Multiple vulnerabilities have been addressed in Google Chrome for
Windows, Mac and Linux version 68.0.3440.75 [1]
IMPACT
The vendor has provided the following summary:
"[$5000][850350] High CVE-2018-6153: Stack buffer overflow in Skia.
Reported by Zhen Zhou of NSFOCUS Security Team on 2018-06-07
[$3000][848914] High CVE-2018-6154: Heap buffer overflow in WebGL.
Reported by Omair on 2018-06-01
[$N/A][842265] High CVE-2018-6155: Use after free in WebRTC.
Reported by Natalie Silvanovich of Google Project Zero on 2018-05-11
[$N/A][841962] High CVE-2018-6156: Heap buffer overflow in WebRTC.
Reported by Natalie Silvanovich of Google Project Zero on 2018-05-10
[$N/A][840536] High CVE-2018-6157: Type confusion in WebRTC.
Reported by Natalie Silvanovich of Google Project Zero on 2018-05-07
[$2000][841280] Medium CVE-2018-6158: Use after free in Blink.
Reported by Zhe Jin & Luyao Liu from Chengdu Security Response
Center of Qihoo 360 Technology Co. Ltd on 2018-05-09
[$2000][837275] Medium CVE-2018-6159: Same origin policy bypass in
ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-04-26
[$1000][839822] Medium CVE-2018-6160: URL spoof in Chrome on iOS.
Reported by evi1m0 of Bilibili Security Team on 2018-05-04
[$1000][826552] Medium CVE-2018-6161: Same origin policy bypass in
WebAudio. Reported by Jun Kokatsu (@shhnjk) on 2018-03-27
[$1000][804123] Medium CVE-2018-6162: Heap buffer overflow in WebGL.
Reported by Omair on 2018-01-21
[$500][849398] Medium CVE-2018-6163: URL spoof in Omnibox. Reported
by Khalil Zhani on 2018-06-04
[$500][848786] Medium CVE-2018-6164: Same origin policy bypass in
ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-06-01
[$500][847718] Medium CVE-2018-6165: URL spoof in Omnibox. Reported
by evi1m0 of Bilibili Security Team on 2018-05-30
[$500][835554] Medium CVE-2018-6166: URL spoof in Omnibox. Reported
by Lnyas Zhang on 2018-04-21
[$500][833143] Medium CVE-2018-6167: URL spoof in Omnibox. Reported
by Lnyas Zhang on 2018-04-15
[$500][828265] Medium CVE-2018-6168: CORS bypass in Blink. Reported
by Gunes Acar and Danny Y. Huang of Princeton University, Frank Li
of UC Berkeley on 2018-04-03
[$500][394518] Medium CVE-2018-6169: Permissions bypass in extension
installation . Reported by Sam P on 2014-07-16
[$TBD][862059] Medium CVE-2018-6170: Type confusion in PDFium.
Reported by Anonymous on 2018-07-10
[$TBD][851799] Medium CVE-2018-6171: Use after free in WebBluetooth.
Reported by amazon@mimetics.ca on 2018-06-12
[$TBD][847242] Medium CVE-2018-6172: URL spoof in Omnibox. Reported
by Khalil Zhani on 2018-05-28
[$TBD][836885] Medium CVE-2018-6173: URL spoof in Omnibox. Reported
by Khalil Zhani on 2018-04-25
[$N/A][835299] Medium CVE-2018-6174: Integer overflow in
SwiftShader. Reported by Mark Brand of Google Project Zero on
2018-04-20
[$TBD][826019] Medium CVE-2018-6175: URL spoof in Omnibox. Reported
by Khalil Zhani on 2018-03-26
[$N/A][666824] Medium CVE-2018-6176: Local user privilege escalation
in Extensions. Reported by Jann Horn of Google Project Zero on
2016-11-18
[$500][826187] Low CVE-2018-6177: Cross origin information leak in
Blink. Reported by Ron Masas (Imperva) on 2018-03-27
[$500][823194] Low CVE-2018-6178: UI spoof in Extensions. Reported
by Khalil Zhani on 2018-03-19
[$500][816685] Low CVE-2018-6179: Local file information leak in
Extensions. Reported by Anonymous on 2018-02-26
[$500][797461] Low CVE-2018-6044: Request privilege escalation in
Extensions . Reported by Rob Wu on 2017-12-23
[$500][791324] Low CVE-2018-4117: Cross origin information leak in
Blink. Reported by AhsanEjaz - @AhsanEjazA on 2017-12-03" [1]
MITIGATION
The vendor advises updating to Chrome 68.0.3440.75 to address these
issues. [1]
REFERENCES
[1] Chrome Releases: Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW1f542aOgq3Tt24GAQgwVw//ejgDkibHPQ7DMn+XKY9qvfMQhWyV+aia
444IE82Ke1BkpegCxO8wBBxMthxCIkACzW3uiJUkURVAXc7/kzhd/UJ2QI5n6pvP
FFsO+Q0T+yfOYGYqalfQnBEV5rWRLi11QQkXjZfhftGXr7e6R+I0V1JShWQROzXA
JGguhvBETkbTZeErRAMxPZpeG4sEyp+imSHOzlV3JHlEs7LHUqaZDtnvGGJCMC9+
65bdLm9S/T8mcG5wMr5N1Ry3rI7rvWp4/JO+ljcBRnFe7Cu4/GsZIov1/xU+y34r
UozkhEb9t0hMsuN4bRShN/VBYay9a5mup5r9VP+eEi4sC2C6Bdahuotz8K1cslGm
RQD6NVBnQOme4qwVMbsmw/qXIQB0XkZTMmZdTo5VORMg9U7dua66XxOVAWgpObI5
RMhQBIbeH8rI+Shu1AnTg9J5fwsMVDSUkvSlqj+g8LdhhueHJN17iz4pQ1jtq4Nb
Ljp1W/tqmUSJnLaUsE8/92qpEZUVqNz2P0vPqDN5dcbh4mvXcWFR20LpZCzXutaU
sFupM2nN6TD8+Szo/AqQ93bnqOYTvK9nTj3eZxPHLQlY4++MwAvnedNQjnAT8trH
ge8anHm6638XcMym1YG1/Xkk1hSK1fj4s4LX8XRxdmcHPdHKyo/vawIF2RY69vHr
TjuteWZrEss=
=Qg4k
-----END PGP SIGNATURE-----