Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 658040 (CVE-2018-6149) - <www-client/{chromium,google-chrome}-67.0.3396.87: Out of bounds write in V8
Summary: <www-client/{chromium,google-chrome}-67.0.3396.87: Out of bounds write in V8
Status: RESOLVED FIXED
Alias: CVE-2018-6149
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-13 13:27 UTC by Florian Schuhmacher
Modified: 2018-06-20 00:24 UTC (History)
1 user (show)

See Also:
Package list:
www-client/chromium-67.0.3396.87
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Schuhmacher 2018-06-13 13:27:48 UTC 
An out of bounds write flaw was found in the V8 component of the Chromium browser.

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

See URL for release notes.


Gentoo Security Scout
Florian Schuhmacher
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-06-13 14:32:26 UTC 
@Maintainers please after the bump call for stabilization when ready.

Thank you,
Comment 2 Agostino Sarubbo gentoo-dev 2018-06-18 15:27:57 UTC 
amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-06-18 15:53:20 UTC 
GLSA Request filed.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2018-06-20 00:24:07 UTC 
This issue was resolved and addressed in
 GLSA 201806-06 at https://security.gentoo.org/glsa/201806-06
by GLSA coordinator Aaron Bauman (b-man).