opensuse-su-2018:1175-1
Vulnerability from csaf_opensuse
Published
2018-05-27 11:26
Modified
2018-05-27 11:26
Summary
Security update for Chromium
Notes
Title of the patch
Security update for Chromium
Description of the patch
This update for Chromium to version 66.0.3359.181 fixes the following issues:
- CVE-2018-6118: Use after free in Media Cache (bsc#1091288)
- CVE-2018-6085: Use after free in Disk Cache
- CVE-2018-6086: Use after free in Disk Cache
- CVE-2018-6087: Use after free in WebAssembly
- CVE-2018-6088: Use after free in PDFium
- CVE-2018-6089: Same origin policy bypass in Service Worker
- CVE-2018-6090: Heap buffer overflow in Skia
- CVE-2018-6091: Incorrect handling of plug-ins by Service Worker
- CVE-2018-6092: Integer overflow in WebAssembly
- CVE-2018-6093: Same origin bypass in Service Worker
- CVE-2018-6094: Exploit hardening regression in Oilpan
- CVE-2018-6095: Lack of meaningful user interaction requirement before file upload
- CVE-2018-6096: Fullscreen UI spoof
- CVE-2018-6097: Fullscreen UI spoof
- CVE-2018-6098: URL spoof in Omnibox
- CVE-2018-6099: CORS bypass in ServiceWorker
- CVE-2018-6100: URL spoof in Omnibox
- CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools
- CVE-2018-6102: URL spoof in Omnibox
- CVE-2018-6103: UI spoof in Permissions
- CVE-2018-6104: URL spoof in Omnibox
- CVE-2018-6105: URL spoof in Omnibox
- CVE-2018-6106: Incorrect handling of promises in V8
- CVE-2018-6107: URL spoof in Omnibox
- CVE-2018-6108: URL spoof in Omnibox
- CVE-2018-6109: Incorrect handling of files by FileAPI
- CVE-2018-6110: Incorrect handling of plaintext files via file://
- CVE-2018-6111: Heap-use-after-free in DevTools
- CVE-2018-6112: Incorrect URL handling in DevTools
- CVE-2018-6113: URL spoof in Navigation
- CVE-2018-6114: CSP bypass
- CVE-2018-6115: SmartScreen bypass in downloads
- CVE-2018-6116: Incorrect low memory handling in WebAssembly
- CVE-2018-6117: Confusing autofill settings
- CVE-2017-11215: Use after free in Flash
- CVE-2017-11225: Use after free in Flash
- CVE-2018-6060: Use after free in Blink
- CVE-2018-6061: Race condition in V8
- CVE-2018-6062: Heap buffer overflow in Skia
- CVE-2018-6057: Incorrect permissions on shared memory
- CVE-2018-6063: Incorrect permissions on shared memory
- CVE-2018-6064: Type confusion in V8
- CVE-2018-6065: Integer overflow in V8
- CVE-2018-6066: Same Origin Bypass via canvas
- CVE-2018-6067: Buffer overflow in Skia
- CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- CVE-2018-6069: Stack buffer overflow in Skia
- CVE-2018-6070: CSP bypass through extensions
- CVE-2018-6071: Heap bufffer overflow in Skia
- CVE-2018-6072: Integer overflow in PDFium
- CVE-2018-6073: Heap bufffer overflow in WebGL
- CVE-2018-6074: Mark-of-the-Web bypass
- CVE-2018-6075: Overly permissive cross origin downloads
- CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- CVE-2018-6077: Timing attack using SVG filters
- CVE-2018-6078: URL Spoof in OmniBox
- CVE-2018-6079: Information disclosure via texture data in WebGL
- CVE-2018-6080: Information disclosure in IPC call
- CVE-2018-6081: XSS in interstitials
- CVE-2018-6082: Circumvention of port blocking
- CVE-2018-6083: Incorrect processing of AppManifests
- CVE-2018-6121: Privilege Escalation in extensions
- CVE-2018-6122: Type confusion in V8
- CVE-2018-6120: Heap buffer overflow in PDFium
- bsc#1086124: Various fixes from internal audits, fuzzing and other initiatives
This update also supports mitigation against the Spectre vulnerabilities:
'Strict site isolation' is disabled for most users and can be turned on via:
chrome://flags/#enable-site-per-process
This feature is undergoing a small percentage trial. Out out of the trial is possible via:
chrome://flags/#site-isolation-trial-opt-out
The following tracked packaging bug were fixed:
- Chromium could not be installed from SUSE PackageHub 12 without having the SDK enabled (bsc#1070421)
- Chromium could not be installed when libminizip1 was not available (bsc#1093031)
Patchnames
openSUSE-2018-436
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for Chromium to version 66.0.3359.181 fixes the following issues:\n\n- CVE-2018-6118: Use after free in Media Cache (bsc#1091288)\n- CVE-2018-6085: Use after free in Disk Cache\n- CVE-2018-6086: Use after free in Disk Cache\n- CVE-2018-6087: Use after free in WebAssembly\n- CVE-2018-6088: Use after free in PDFium\n- CVE-2018-6089: Same origin policy bypass in Service Worker\n- CVE-2018-6090: Heap buffer overflow in Skia\n- CVE-2018-6091: Incorrect handling of plug-ins by Service Worker\n- CVE-2018-6092: Integer overflow in WebAssembly\n- CVE-2018-6093: Same origin bypass in Service Worker\n- CVE-2018-6094: Exploit hardening regression in Oilpan\n- CVE-2018-6095: Lack of meaningful user interaction requirement before file upload\n- CVE-2018-6096: Fullscreen UI spoof\n- CVE-2018-6097: Fullscreen UI spoof\n- CVE-2018-6098: URL spoof in Omnibox\n- CVE-2018-6099: CORS bypass in ServiceWorker\n- CVE-2018-6100: URL spoof in Omnibox\n- CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools \n- CVE-2018-6102: URL spoof in Omnibox\n- CVE-2018-6103: UI spoof in Permissions\n- CVE-2018-6104: URL spoof in Omnibox\n- CVE-2018-6105: URL spoof in Omnibox\n- CVE-2018-6106: Incorrect handling of promises in V8\n- CVE-2018-6107: URL spoof in Omnibox\n- CVE-2018-6108: URL spoof in Omnibox\n- CVE-2018-6109: Incorrect handling of files by FileAPI\n- CVE-2018-6110: Incorrect handling of plaintext files via file:// \n- CVE-2018-6111: Heap-use-after-free in DevTools\n- CVE-2018-6112: Incorrect URL handling in DevTools\n- CVE-2018-6113: URL spoof in Navigation\n- CVE-2018-6114: CSP bypass\n- CVE-2018-6115: SmartScreen bypass in downloads\n- CVE-2018-6116: Incorrect low memory handling in WebAssembly\n- CVE-2018-6117: Confusing autofill settings\n- CVE-2017-11215: Use after free in Flash\n- CVE-2017-11225: Use after free in Flash\n- CVE-2018-6060: Use after free in Blink\n- CVE-2018-6061: Race condition in V8\n- CVE-2018-6062: Heap buffer overflow in Skia\n- CVE-2018-6057: Incorrect permissions on shared memory\n- CVE-2018-6063: Incorrect permissions on shared memory\n- CVE-2018-6064: Type confusion in V8\n- CVE-2018-6065: Integer overflow in V8\n- CVE-2018-6066: Same Origin Bypass via canvas\n- CVE-2018-6067: Buffer overflow in Skia\n- CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab\n- CVE-2018-6069: Stack buffer overflow in Skia\n- CVE-2018-6070: CSP bypass through extensions\n- CVE-2018-6071: Heap bufffer overflow in Skia\n- CVE-2018-6072: Integer overflow in PDFium\n- CVE-2018-6073: Heap bufffer overflow in WebGL\n- CVE-2018-6074: Mark-of-the-Web bypass\n- CVE-2018-6075: Overly permissive cross origin downloads\n- CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink\n- CVE-2018-6077: Timing attack using SVG filters\n- CVE-2018-6078: URL Spoof in OmniBox\n- CVE-2018-6079: Information disclosure via texture data in WebGL\n- CVE-2018-6080: Information disclosure in IPC call\n- CVE-2018-6081: XSS in interstitials\n- CVE-2018-6082: Circumvention of port blocking\n- CVE-2018-6083: Incorrect processing of AppManifests\n- CVE-2018-6121: Privilege Escalation in extensions\n- CVE-2018-6122: Type confusion in V8\n- CVE-2018-6120: Heap buffer overflow in PDFium \n- bsc#1086124: Various fixes from internal audits, fuzzing and other initiatives\n\nThis update also supports mitigation against the Spectre vulnerabilities:\n\n\u0027Strict site isolation\u0027 is disabled for most users and can be turned on via:\nchrome://flags/#enable-site-per-process\n\nThis feature is undergoing a small percentage trial. Out out of the trial is possible via:\nchrome://flags/#site-isolation-trial-opt-out\n\n \nThe following tracked packaging bug were fixed:\n\n- Chromium could not be installed from SUSE PackageHub 12 without having the SDK enabled (bsc#1070421)\n- Chromium could not be installed when libminizip1 was not available (bsc#1093031)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2018-436",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_1175-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2018:1175-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IDH7ZAFKSWX2J7H7ULZFAVM7KUQXQHZZ/#IDH7ZAFKSWX2J7H7ULZFAVM7KUQXQHZZ"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2018:1175-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IDH7ZAFKSWX2J7H7ULZFAVM7KUQXQHZZ/#IDH7ZAFKSWX2J7H7ULZFAVM7KUQXQHZZ"
},
{
"category": "self",
"summary": "SUSE Bug 1084296",
"url": "https://bugzilla.suse.com/1084296"
},
{
"category": "self",
"summary": "SUSE Bug 1086124",
"url": "https://bugzilla.suse.com/1086124"
},
{
"category": "self",
"summary": "SUSE Bug 1090000",
"url": "https://bugzilla.suse.com/1090000"
},
{
"category": "self",
"summary": "SUSE Bug 1091288",
"url": "https://bugzilla.suse.com/1091288"
},
{
"category": "self",
"summary": "SUSE Bug 1092272",
"url": "https://bugzilla.suse.com/1092272"
},
{
"category": "self",
"summary": "SUSE Bug 1092923",
"url": "https://bugzilla.suse.com/1092923"
},
{
"category": "self",
"summary": "SUSE Bug 1093031",
"url": "https://bugzilla.suse.com/1093031"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11215 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11225 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6057 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6060 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6061 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6062 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6063 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6064 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6065 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6066 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6067 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6068 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6069 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6070 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6070/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6071 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6072 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6073 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6074 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6075 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6075/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6076 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6077 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6078 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6079 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6080 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6081 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6081/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6082 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6083 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6085 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6086 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6087 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6088 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6089 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6090 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6091 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6092 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6093 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6094 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6095 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6096 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6097 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6098 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6099 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6100 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6101 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6102 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6103 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6104 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6105 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6106 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6107 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6108 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6109 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6110 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6111 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6112 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6113 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6114 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6115 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6116 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6117 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6118 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6120 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6121 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6122 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6122/"
}
],
"title": "Security update for Chromium",
"tracking": {
"current_release_date": "2018-05-27T11:26:33Z",
"generator": {
"date": "2018-05-27T11:26:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2018:1175-1",
"initial_release_date": "2018-05-27T11:26:33Z",
"revision_history": [
{
"date": "2018-05-27T11:26:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-66.0.3359.181-55.1.aarch64",
"product": {
"name": "chromedriver-66.0.3359.181-55.1.aarch64",
"product_id": "chromedriver-66.0.3359.181-55.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-66.0.3359.181-55.1.aarch64",
"product": {
"name": "chromium-66.0.3359.181-55.1.aarch64",
"product_id": "chromium-66.0.3359.181-55.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-66.0.3359.181-55.1.x86_64",
"product": {
"name": "chromedriver-66.0.3359.181-55.1.x86_64",
"product_id": "chromedriver-66.0.3359.181-55.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-66.0.3359.181-55.1.x86_64",
"product": {
"name": "chromium-66.0.3359.181-55.1.x86_64",
"product_id": "chromium-66.0.3359.181-55.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12 SP2",
"product": {
"name": "SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-66.0.3359.181-55.1.aarch64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64"
},
"product_reference": "chromedriver-66.0.3359.181-55.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-66.0.3359.181-55.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64"
},
"product_reference": "chromedriver-66.0.3359.181-55.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-66.0.3359.181-55.1.aarch64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64"
},
"product_reference": "chromium-66.0.3359.181-55.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-66.0.3359.181-55.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
},
"product_reference": "chromium-66.0.3359.181-55.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11215"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11215",
"url": "https://www.suse.com/security/cve/CVE-2017-11215"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2017-11215",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "critical"
}
],
"title": "CVE-2017-11215"
},
{
"cve": "CVE-2017-11225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11225"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11225",
"url": "https://www.suse.com/security/cve/CVE-2017-11225"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2017-11225",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "critical"
}
],
"title": "CVE-2017-11225"
},
{
"cve": "CVE-2018-6057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6057"
}
],
"notes": [
{
"category": "general",
"text": "Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6057",
"url": "https://www.suse.com/security/cve/CVE-2018-6057"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6057",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6057"
},
{
"cve": "CVE-2018-6060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6060"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6060",
"url": "https://www.suse.com/security/cve/CVE-2018-6060"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6060",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6060"
},
{
"cve": "CVE-2018-6061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6061"
}
],
"notes": [
{
"category": "general",
"text": "A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6061",
"url": "https://www.suse.com/security/cve/CVE-2018-6061"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6061",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6061"
},
{
"cve": "CVE-2018-6062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6062"
}
],
"notes": [
{
"category": "general",
"text": "Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6062",
"url": "https://www.suse.com/security/cve/CVE-2018-6062"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6062",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6062"
},
{
"cve": "CVE-2018-6063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6063"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6063",
"url": "https://www.suse.com/security/cve/CVE-2018-6063"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6063",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6063"
},
{
"cve": "CVE-2018-6064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6064"
}
],
"notes": [
{
"category": "general",
"text": "Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6064",
"url": "https://www.suse.com/security/cve/CVE-2018-6064"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6064",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6064"
},
{
"cve": "CVE-2018-6065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6065"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6065",
"url": "https://www.suse.com/security/cve/CVE-2018-6065"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6065",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6065"
},
{
"cve": "CVE-2018-6066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6066"
}
],
"notes": [
{
"category": "general",
"text": "Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6066",
"url": "https://www.suse.com/security/cve/CVE-2018-6066"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6066",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6066"
},
{
"cve": "CVE-2018-6067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6067"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6067",
"url": "https://www.suse.com/security/cve/CVE-2018-6067"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6067",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6067"
},
{
"cve": "CVE-2018-6068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6068"
}
],
"notes": [
{
"category": "general",
"text": "Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6068",
"url": "https://www.suse.com/security/cve/CVE-2018-6068"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6068",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6068"
},
{
"cve": "CVE-2018-6069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6069"
}
],
"notes": [
{
"category": "general",
"text": "Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6069",
"url": "https://www.suse.com/security/cve/CVE-2018-6069"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6069",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6069"
},
{
"cve": "CVE-2018-6070",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6070"
}
],
"notes": [
{
"category": "general",
"text": "Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6070",
"url": "https://www.suse.com/security/cve/CVE-2018-6070"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6070",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6070"
},
{
"cve": "CVE-2018-6071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6071"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6071",
"url": "https://www.suse.com/security/cve/CVE-2018-6071"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6071",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6071"
},
{
"cve": "CVE-2018-6072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6072"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6072",
"url": "https://www.suse.com/security/cve/CVE-2018-6072"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6072",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6072"
},
{
"cve": "CVE-2018-6073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6073"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6073",
"url": "https://www.suse.com/security/cve/CVE-2018-6073"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6073",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6073"
},
{
"cve": "CVE-2018-6074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6074"
}
],
"notes": [
{
"category": "general",
"text": "Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6074",
"url": "https://www.suse.com/security/cve/CVE-2018-6074"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6074",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6074"
},
{
"cve": "CVE-2018-6075",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6075"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6075",
"url": "https://www.suse.com/security/cve/CVE-2018-6075"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6075",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6075"
},
{
"cve": "CVE-2018-6076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6076"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6076",
"url": "https://www.suse.com/security/cve/CVE-2018-6076"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6076",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6076"
},
{
"cve": "CVE-2018-6077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6077"
}
],
"notes": [
{
"category": "general",
"text": "Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6077",
"url": "https://www.suse.com/security/cve/CVE-2018-6077"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6077",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6077"
},
{
"cve": "CVE-2018-6078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6078"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6078",
"url": "https://www.suse.com/security/cve/CVE-2018-6078"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6078",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6078"
},
{
"cve": "CVE-2018-6079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6079"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6079",
"url": "https://www.suse.com/security/cve/CVE-2018-6079"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6079",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6079"
},
{
"cve": "CVE-2018-6080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6080"
}
],
"notes": [
{
"category": "general",
"text": "Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6080",
"url": "https://www.suse.com/security/cve/CVE-2018-6080"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6080",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6080"
},
{
"cve": "CVE-2018-6081",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6081"
}
],
"notes": [
{
"category": "general",
"text": "XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6081",
"url": "https://www.suse.com/security/cve/CVE-2018-6081"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6081",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6081"
},
{
"cve": "CVE-2018-6082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6082"
}
],
"notes": [
{
"category": "general",
"text": "Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6082",
"url": "https://www.suse.com/security/cve/CVE-2018-6082"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6082",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6082"
},
{
"cve": "CVE-2018-6083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6083"
}
],
"notes": [
{
"category": "general",
"text": "Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6083",
"url": "https://www.suse.com/security/cve/CVE-2018-6083"
},
{
"category": "external",
"summary": "SUSE Bug 1084296 for CVE-2018-6083",
"url": "https://bugzilla.suse.com/1084296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6083"
},
{
"cve": "CVE-2018-6085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6085"
}
],
"notes": [
{
"category": "general",
"text": "Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6085",
"url": "https://www.suse.com/security/cve/CVE-2018-6085"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6085",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6085"
},
{
"cve": "CVE-2018-6086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6086"
}
],
"notes": [
{
"category": "general",
"text": "A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6086",
"url": "https://www.suse.com/security/cve/CVE-2018-6086"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6086",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6086"
},
{
"cve": "CVE-2018-6087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6087"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6087",
"url": "https://www.suse.com/security/cve/CVE-2018-6087"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6087",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6087"
},
{
"cve": "CVE-2018-6088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6088"
}
],
"notes": [
{
"category": "general",
"text": "An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6088",
"url": "https://www.suse.com/security/cve/CVE-2018-6088"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6088",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6088"
},
{
"cve": "CVE-2018-6089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6089"
}
],
"notes": [
{
"category": "general",
"text": "A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6089",
"url": "https://www.suse.com/security/cve/CVE-2018-6089"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6089",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6089"
},
{
"cve": "CVE-2018-6090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6090"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6090",
"url": "https://www.suse.com/security/cve/CVE-2018-6090"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6090",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6090"
},
{
"cve": "CVE-2018-6091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6091"
}
],
"notes": [
{
"category": "general",
"text": "Service Workers can intercept any request made by an \u003cembed\u003e or \u003cobject\u003e tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6091",
"url": "https://www.suse.com/security/cve/CVE-2018-6091"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6091",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6091"
},
{
"cve": "CVE-2018-6092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6092"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6092",
"url": "https://www.suse.com/security/cve/CVE-2018-6092"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6092",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6092"
},
{
"cve": "CVE-2018-6093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6093"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6093",
"url": "https://www.suse.com/security/cve/CVE-2018-6093"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6093",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6093"
},
{
"cve": "CVE-2018-6094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6094"
}
],
"notes": [
{
"category": "general",
"text": "Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6094",
"url": "https://www.suse.com/security/cve/CVE-2018-6094"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6094",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6094"
},
{
"cve": "CVE-2018-6095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6095"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6095",
"url": "https://www.suse.com/security/cve/CVE-2018-6095"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6095",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6095"
},
{
"cve": "CVE-2018-6096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6096"
}
],
"notes": [
{
"category": "general",
"text": "A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6096",
"url": "https://www.suse.com/security/cve/CVE-2018-6096"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6096",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6096"
},
{
"cve": "CVE-2018-6097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6097"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6097",
"url": "https://www.suse.com/security/cve/CVE-2018-6097"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6097",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6097"
},
{
"cve": "CVE-2018-6098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6098"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6098",
"url": "https://www.suse.com/security/cve/CVE-2018-6098"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6098",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6098"
},
{
"cve": "CVE-2018-6099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6099"
}
],
"notes": [
{
"category": "general",
"text": "A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6099",
"url": "https://www.suse.com/security/cve/CVE-2018-6099"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6099",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6099"
},
{
"cve": "CVE-2018-6100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6100"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6100",
"url": "https://www.suse.com/security/cve/CVE-2018-6100"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6100",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6100"
},
{
"cve": "CVE-2018-6101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6101"
}
],
"notes": [
{
"category": "general",
"text": "A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6101",
"url": "https://www.suse.com/security/cve/CVE-2018-6101"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6101",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6101"
},
{
"cve": "CVE-2018-6102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6102"
}
],
"notes": [
{
"category": "general",
"text": "Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6102",
"url": "https://www.suse.com/security/cve/CVE-2018-6102"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6102",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6102"
},
{
"cve": "CVE-2018-6103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6103"
}
],
"notes": [
{
"category": "general",
"text": "A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6103",
"url": "https://www.suse.com/security/cve/CVE-2018-6103"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6103",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6103"
},
{
"cve": "CVE-2018-6104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6104"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6104",
"url": "https://www.suse.com/security/cve/CVE-2018-6104"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6104",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6104"
},
{
"cve": "CVE-2018-6105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6105"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6105",
"url": "https://www.suse.com/security/cve/CVE-2018-6105"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6105",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6105"
},
{
"cve": "CVE-2018-6106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6106"
}
],
"notes": [
{
"category": "general",
"text": "An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6106",
"url": "https://www.suse.com/security/cve/CVE-2018-6106"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6106",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6106"
},
{
"cve": "CVE-2018-6107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6107"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6107",
"url": "https://www.suse.com/security/cve/CVE-2018-6107"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6107",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6107"
},
{
"cve": "CVE-2018-6108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6108"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6108",
"url": "https://www.suse.com/security/cve/CVE-2018-6108"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6108",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6108"
},
{
"cve": "CVE-2018-6109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6109"
}
],
"notes": [
{
"category": "general",
"text": "readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6109",
"url": "https://www.suse.com/security/cve/CVE-2018-6109"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6109",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6109"
},
{
"cve": "CVE-2018-6110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6110"
}
],
"notes": [
{
"category": "general",
"text": "Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6110",
"url": "https://www.suse.com/security/cve/CVE-2018-6110"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6110",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6110"
},
{
"cve": "CVE-2018-6111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6111"
}
],
"notes": [
{
"category": "general",
"text": "An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6111",
"url": "https://www.suse.com/security/cve/CVE-2018-6111"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6111",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6111"
},
{
"cve": "CVE-2018-6112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6112"
}
],
"notes": [
{
"category": "general",
"text": "Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6112",
"url": "https://www.suse.com/security/cve/CVE-2018-6112"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6112",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6112"
},
{
"cve": "CVE-2018-6113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6113"
}
],
"notes": [
{
"category": "general",
"text": "Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6113",
"url": "https://www.suse.com/security/cve/CVE-2018-6113"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6113",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6113"
},
{
"cve": "CVE-2018-6114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6114"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect enforcement of CSP for \u003cobject\u003e tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6114",
"url": "https://www.suse.com/security/cve/CVE-2018-6114"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6114",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6114"
},
{
"cve": "CVE-2018-6115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6115"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6115",
"url": "https://www.suse.com/security/cve/CVE-2018-6115"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6115",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6115"
},
{
"cve": "CVE-2018-6116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6116"
}
],
"notes": [
{
"category": "general",
"text": "A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6116",
"url": "https://www.suse.com/security/cve/CVE-2018-6116"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6116",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6116"
},
{
"cve": "CVE-2018-6117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6117"
}
],
"notes": [
{
"category": "general",
"text": "Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6117",
"url": "https://www.suse.com/security/cve/CVE-2018-6117"
},
{
"category": "external",
"summary": "SUSE Bug 1090000 for CVE-2018-6117",
"url": "https://bugzilla.suse.com/1090000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6117"
},
{
"cve": "CVE-2018-6118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6118"
}
],
"notes": [
{
"category": "general",
"text": "A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6118",
"url": "https://www.suse.com/security/cve/CVE-2018-6118"
},
{
"category": "external",
"summary": "SUSE Bug 1091288 for CVE-2018-6118",
"url": "https://bugzilla.suse.com/1091288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "important"
}
],
"title": "CVE-2018-6118"
},
{
"cve": "CVE-2018-6120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6120"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6120",
"url": "https://www.suse.com/security/cve/CVE-2018-6120"
},
{
"category": "external",
"summary": "SUSE Bug 1092923 for CVE-2018-6120",
"url": "https://bugzilla.suse.com/1092923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6120"
},
{
"cve": "CVE-2018-6121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6121"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6121",
"url": "https://www.suse.com/security/cve/CVE-2018-6121"
},
{
"category": "external",
"summary": "SUSE Bug 1092923 for CVE-2018-6121",
"url": "https://bugzilla.suse.com/1092923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6121"
},
{
"cve": "CVE-2018-6122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6122"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6122",
"url": "https://www.suse.com/security/cve/CVE-2018-6122"
},
{
"category": "external",
"summary": "SUSE Bug 1092923 for CVE-2018-6122",
"url": "https://bugzilla.suse.com/1092923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromedriver-66.0.3359.181-55.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.aarch64",
"SUSE Package Hub 12 SP2:chromium-66.0.3359.181-55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-27T11:26:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-6122"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…