-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2791
                     chromium-browser security update
                             19 September 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           chromium-browser
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
                   Linux variants
                   Windows
                   Mac OS
Impact/Access:     Provide Misleading Information -- Remote with User Interaction
                   Reduced Security               -- Unknown/Unspecified         
Resolution:        Patch/Upgrade

Original Bulletin: 
   http://www.debian.org/security/2018/dsa-4297

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running chromium-browser check for an updated version of the 
         software for their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4297-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
September 19, 2018                    https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : chromium-browser

Two vulnerabilities have been discovered in the chromium web browser.
Kevin Cheung discovered an error in the WebAssembly implementation and
evil1m0 discovered a URL spoofing issue.

For the stable distribution (stretch), this problem has been fixed in
version 69.0.3497.92-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium-browser

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAluh2gQACgkQuNayzQLW
9HPdHR/7BN5RFf2Z1pB+we2Xaxz3TSzVKT1iSjAM1Hh3npM8Bgiy5um6lzHnddP9
vUYuaO9HXuWgYKoRO2i73RjCisxdf5OsgexFPQAUHFe/ocCGIqxVZpQRHkDhWxdK
EUfr331ibgUfDXzOxQSJ6tBfAW66rhixrARR1g/b3eQN4SdOZo0W/VpT7PaG0L3/
Ljpo+ifxQ0Kgh31LeAKuFCnkyfMGOjy7ZWzdTc2OHK0Yqr9gi4/boErercyFrIGb
Y4EhVxIVpePxfzUfNuCc21YKcnyeXcD4ocd61OdcrXMTswrCLJ/euvp8w4f85Irg
bxdpAeb7KRZn3OnH5nA4jF2zRYjuPkb46+SJieCkfB+JYCF59Krpgyd4JqJ1vEWX
bAPcd0RR/6JzLTofEcY+/qkX6sYPoFSctTlexzLLzoFK336rFYRrGk02VM6vtK11
depXtFqt3aGQb+gBv78rkmncRGFLYGYgrUJWuC311uuYFHNPhCR7syKFqtNQOro/
7v0hr0CcExqVIBSRzHEhr3lYELjUr+xFOYc6Ca8qPK/2yodHClGjPB1l7xD4OtNa
TSe0xmQMVqZLLXDpdmkY3jH+3bS8fHcUHc5dDmsCz5R0850HRUAqNp0Qkyb8cyME
4Oy33m0GzgYvG/1rd8KajKJjBRg45vz+68Ax9UIz1DU7q2guCy1tZGnsr4vZZyOR
24NgYUVZj882hjIcQjzQ/KweBdN+pZGv+otdh2dyusyLbFKeptO8UXgEeRigYYP2
J/lgIuC/AvV3vdHqfSV+KmXYRtI9BV3TcPjG6SSUuV6sdtXq1BPfAU6dmemhQqac
CtEFsWmtfNjC5SkS6fV1q5cpKQrQFlhdrFlizl4nKqvBMupiG1RODOC7Dbqw8U68
tR1Z8KqfsoNgowREfdiPysQSmCySYMDTXwIKpFpoWRjG+HQ0BNi14167POEygk3z
KwIBjq3CeuqnnkXLpkiZiTdkQv883FNFTuz96YXHnMYZ2oxUJOyt1UvDpPUExopA
G1U4uAxFnU6mvGj88m83QW9EOLCoTYTBpobJoMO+RAXW8rGR3/oso+bIdsJe/8lJ
lBf3AtU8wROielWPjF6WSBQt81iQyS33xy6XnV89RhLIVGg9fJ4etZcVud0tmVgs
Nv1AGlhAc9lepQkelNP7b0lweKSpCgqhwp6Pdshp9QnTS86iyL5VSmtW3FjKge90
11C/n5adTSaPSRMqS7x/UQX9hpYhr0i2Pf6lnLqrZObCVs21gqMfxKqY2Q73MWU7
173oMqjH/AOweQ7sm0NyV4fCodXTVeA2pkv++rBplN0ENeClY+RxY+mvP51mfkG/
MqWrr3fyREQljdoBx1PA3UpTdFI7uQ==
=oXdP
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW6HkS2aOgq3Tt24GAQjC+w/7BPrB9dv9lNnLhknFstBOzf6oR5gwf0tt
BiXeLewi1UeqAhFATw3di8bOHp4J86c3oZzXNAzmPqlpNpubpic8WdyVSzVy/eXs
icQ843k4NlRjc3KsJ6u0WwGDKbr49mhzTc5EpmcZVmH4KhIJE5b3NxJhtz3nO50h
X8gx6SPksOEZamZmK5EOQwRnRxwFKCk+oahi5HFF/JtLafQdVx2SPv/K12Muuav0
2vpXGM08lv8X2ui4duMgg7nMnpso7M0mpk2PZnuD4DoYFViboMcxryqzVwr5J1Bw
FnF5HQKJo+MVKd7AD7gNYjEIeOhnL05r2U8z3EOqI1kA7S4yaYMmW6o6KdHq/HCd
KZ1+nK/9i+SWtJx3TkwfyZ77Ryl3R4CyMZWZcurCRNq8CBC/Vfx3Aski1QkzKm0Q
JRrrckCtciraV0qdlJ9fqjlIvj6GQKGAWtoEcYuOIMEtKQAjJVMJqXOc6IAX+koJ
NI3D32vyZ7q77z56meEIrmFlYKzR7wHObJS0lLp0gxi6AqlsvaJe7aUQLbEpO1TA
x9MPp35pGTFquxq53Vc0O4Ba2/+cI4xnf70Nlvrkj6aaLZpUAq6b1A4jdiPgcVLW
+sF0+MQHgCrDyhVO463Bk2JLKcCwn6FhhA5tE/y7df2XZ6vNPH+a6PLl9FD0qXwJ
Xs1YJqyyYqk=
=DpU8
-----END PGP SIGNATURE-----