ID

VAR-201804-1177

CVE

CVE-2018-4117

TITLE

plural Apple Used in products WebKit Component fetch API Vulnerabilities that bypass the same origin policy

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2018-0003 ------------------------------------------------------------------------ Date reported : April 04, 2018 Advisory ID : WSA-2018-0003 Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165. Several vulnerabilities were discovered in WebKitGTK+. Credit to Yuan Deng of Ant-financial Light-Year Security Lab. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to OSS-Fuzz. Impact: Unexpected interaction with indexing types causing an ASSERT failure. Description: An array indexing issue existed in the handling of a function in JavaScriptCore. This issue was addressed through improved checks. Credit to OSS-Fuzz. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher. Impact: A malicious website may exfiltrate data cross-origin. This was addressed through improved input validation. Credit to Jun Kokatsu (@shhnjk). Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher working with Trend Microys Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher working with Trend Microys Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Zach Markley. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to likemeng of Baidu Security Lab working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Anton Lopanitsyn of Wallarm, Linus Sarud of Detectify (detectify.com), Yuji Tounai of NTT Communications Corporation. Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack. Description: A cross-site scripting issue existed in WebKit. This issue was addressed with improved URL validation. Credit to OSS-Fuzz. Impact: Processing maliciously crafted web content may lead to a denial of service. Description: A memory corruption issue was addressed through improved input validation. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to WanderingGlitch of Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Hanming Zhang (@4shitak4) of Qihoo 360 Vulcan Team. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, April 04, 2018 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4256-1 security@debian.org https://www.debian.org/security/ Michael Gilbert July 26, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151 CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164 CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168 CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172 CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176 CVE-2018-6177 CVE-2018-6178 CVE-2018-6179 Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-6044 Rob Wu discovered a way to escalate privileges using extensions. CVE-2018-6150 Rob Wu discovered an information disclosure issue (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time). CVE-2018-6151 Rob Wu discovered an issue in the developer tools (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time). CVE-2018-6152 Rob Wu discovered an issue in the developer tools (this problem was fixed in a previous release but was mistakenly omitted from upstream's announcement at the time). CVE-2018-6153 Zhen Zhou discovered a buffer overflow issue in the skia library. CVE-2018-6158 Zhe Jin discovered a use-after-free issue. CVE-2018-6159 Jun Kokatsu discovered a way to bypass the same origin policy. CVE-2018-6161 Jun Kokatsu discovered a way to bypass the same origin policy. CVE-2018-6164 Jun Kokatsu discovered a way to bypass the same origin policy. CVE-2018-6168 Gunes Acar and Danny Y. Huang discovered a way to bypass the Cross Origin Resource Sharing policy. CVE-2018-6169 Sam P discovered a way to bypass permissions when installing extensions. CVE-2018-6174 Mark Brand discovered an integer overflow issue in the swiftshader library. CVE-2018-6176 Jann Horn discovered a way to escalate privileges using extensions. CVE-2018-6177 Ron Masas discovered an information leak. CVE-2018-6178 Khalil Zhani discovered a user interface spoofing issue. CVE-2018-6179 It was discovered that information about files local to the system could be leaked to extensions. This version also fixes a regression introduced in the previous security update that could prevent decoding of particular audio/video codecs. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAltaqvAACgkQuNayzQLW 9HN1Tx//TF/lR0JT7+g9ZV4C8b9QUjd8RziW1x3Dr1c6FdO01qRzRTmuolgGkd16 irPIel0bnvM7Q707UaX3YlfP9teWThneAXl69wPxg4l/cD6KQy6TYyxY3VzvUiYO 7q1cEixQDqnB2w7sdT2vpg0xc9a8NR5Bgraf+GPUm72R7HHlRHL9G0hVYozjERz/ s09oGrou9neITKMEu7KBPONpWXR8UTJuaCDRW39TeafRVJHDhXUg4wZQihStBMN3 vSNOIhS4TbpFCZqpJRijGh2W2wIz72zq9Fk+FgwDF9cm2Z6aeh/HwGUNFo9IGfc1 e6FnCDTVp3SxJmYdKZSmnqM87+uKBx135G7Y3nVFXZbsUlGuifa4YGNQkkSgr0Be K2B2dkPDwrFJpJuO2E43q66su2/bAoD/pUC/51Rb+WQBMBfmjZ3vQN9cUybH6Ove VLRRkv9ADFpHgZ2JcRdKcVFMQRoBZ9gPr7oWeC/f4CjYSJl0ZCrq+0zCO0LUl0/H QE2Wf0kDDJggsftQfwLwi2LokXNB7VtO3y57RsGB5Mrx/vfy8lB/7p5WAW9c0OJq C/XUmowWn7PP0s5RyWU0m0w5ioIgDVy+OH5pNsO68L1RZUwaFwRvmaiEbipBr00a CO7XCQkokcaHm4iXx2aPIwj9ndbtYOu7ve/6BxZhbCgzeVlJiUCcLARHNpagyBOv WQ43ymkLPYc/RurSQbrn/JVEoCXRpOvTUrPPt7S2shBJfsU9kN5k34s8oN7ytFll cU6DwGY7n4EDd3sbB3oRwSdu8WGEKK6hDqTo9dPEy8x6owiyUqLFs1+aBjUeoQxQ 80PM0g2Qqdqk/aYgJU243UH3Wx63cCubowDkRnXxGlIxbTl1Wfi5GlmXIrKXQBl9 os4xcpEXTYkghQHzAwi6++cbVLTS4/MNV2S9SfriTEr39jPt0hscFhldg9cnJcGC nHBt6QDrr/GzObSxhxOl82viimrmt6N8AZpfu6xGtf+XIwk/Kz8wI15MJN5TOnR7 l+2U0I3vzW4BBTR9qfFpaXr4WCelsVstJMmdMspTQLeea83rCdX2IzH7mIgg3pRl 6tWqesRJGUa/JgsTMMz26o9GM+hlpSsm1qsFuGLI3pOC+nBZYaFlQAORx+kgOdvf hnXPVcYLQBNkFForr92CikMziCYlxPUiUSNDRNRAJ7ksDxsknkuaLx1tV/WY6tvv ELlY4nH9DD7fqhtecCCvsor9A3F+pswb661m0uYyTlmOx4b2SJizybgud+SZ09O1 v5XJQX795NDf0Mvsn0hM/judmojCRfw8M6tkhUfIP6YIlKYJ7TWhRBBNudyMSbjZ 3/DBJTGBplvJm/5iIODSqHWu1ZQS7A== =tUJt -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-3-29-6 Safari 11.1 Safari 11.1 is now available and addresses the following: Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4102: Kai Zhao of 3H security team CVE-2018-4116: @littlelailo, xisigr of Tencent's Xuanwu Lab (tencent.com) Safari Login AutoFill Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may be able to exfiltrate autofilled data in Safari without explicit user interaction. Description: Safari autofill did not require explicit user interaction before taking place. CVE-2018-4133: Anton Lopanitsyn of Wallarm, Linus SA$?rud of Detectify (detectify.com), Yuji Tounai of NTT Communications Corporation WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to a denial of service Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4146: found by OSS-Fuzz WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may exfiltrate data cross-origin Description: A cross-origin issue existed with the fetch API. CVE-2018-4117: an anonymous researcher, an anonymous researcher Additional recognition WebKit We would like to acknowledge Johnny Nipper of Tinder Security Team for their assistance. Installation note: Safari 11.1 may be obtained from the Mac App Store. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201808-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium, Google Chrome: Multiple vulnerabilities Date: August 22, 2018 Bugs: #657376, #662436 ID: 201808-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which allows remote attackers to escalate privileges. Background ========== Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 68.0.3440.75 >= 68.0.3440.75 2 www-client/google-chrome < 68.0.3440.75 >= 68.0.3440.75 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-68.0.3440.75" All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/google-chrome-68.0.3440.75" References ========== [ 1 ] CVE-2018-4117 https://nvd.nist.gov/vuln/detail/CVE-2018-4117 [ 2 ] CVE-2018-6044 https://nvd.nist.gov/vuln/detail/CVE-2018-6044 [ 3 ] CVE-2018-6150 https://nvd.nist.gov/vuln/detail/CVE-2018-6150 [ 4 ] CVE-2018-6151 https://nvd.nist.gov/vuln/detail/CVE-2018-6151 [ 5 ] CVE-2018-6152 https://nvd.nist.gov/vuln/detail/CVE-2018-6152 [ 6 ] CVE-2018-6153 https://nvd.nist.gov/vuln/detail/CVE-2018-6153 [ 7 ] CVE-2018-6154 https://nvd.nist.gov/vuln/detail/CVE-2018-6154 [ 8 ] CVE-2018-6155 https://nvd.nist.gov/vuln/detail/CVE-2018-6155 [ 9 ] CVE-2018-6156 https://nvd.nist.gov/vuln/detail/CVE-2018-6156 [ 10 ] CVE-2018-6157 https://nvd.nist.gov/vuln/detail/CVE-2018-6157 [ 11 ] CVE-2018-6158 https://nvd.nist.gov/vuln/detail/CVE-2018-6158 [ 12 ] CVE-2018-6159 https://nvd.nist.gov/vuln/detail/CVE-2018-6159 [ 13 ] CVE-2018-6160 https://nvd.nist.gov/vuln/detail/CVE-2018-6160 [ 14 ] CVE-2018-6161 https://nvd.nist.gov/vuln/detail/CVE-2018-6161 [ 15 ] CVE-2018-6162 https://nvd.nist.gov/vuln/detail/CVE-2018-6162 [ 16 ] CVE-2018-6163 https://nvd.nist.gov/vuln/detail/CVE-2018-6163 [ 17 ] CVE-2018-6164 https://nvd.nist.gov/vuln/detail/CVE-2018-6164 [ 18 ] CVE-2018-6165 https://nvd.nist.gov/vuln/detail/CVE-2018-6165 [ 19 ] CVE-2018-6166 https://nvd.nist.gov/vuln/detail/CVE-2018-6166 [ 20 ] CVE-2018-6167 https://nvd.nist.gov/vuln/detail/CVE-2018-6167 [ 21 ] CVE-2018-6168 https://nvd.nist.gov/vuln/detail/CVE-2018-6168 [ 22 ] CVE-2018-6169 https://nvd.nist.gov/vuln/detail/CVE-2018-6169 [ 23 ] CVE-2018-6170 https://nvd.nist.gov/vuln/detail/CVE-2018-6170 [ 24 ] CVE-2018-6171 https://nvd.nist.gov/vuln/detail/CVE-2018-6171 [ 25 ] CVE-2018-6172 https://nvd.nist.gov/vuln/detail/CVE-2018-6172 [ 26 ] CVE-2018-6173 https://nvd.nist.gov/vuln/detail/CVE-2018-6173 [ 27 ] CVE-2018-6174 https://nvd.nist.gov/vuln/detail/CVE-2018-6174 [ 28 ] CVE-2018-6175 https://nvd.nist.gov/vuln/detail/CVE-2018-6175 [ 29 ] CVE-2018-6176 https://nvd.nist.gov/vuln/detail/CVE-2018-6176 [ 30 ] CVE-2018-6177 https://nvd.nist.gov/vuln/detail/CVE-2018-6177 [ 31 ] CVE-2018-6178 https://nvd.nist.gov/vuln/detail/CVE-2018-6178 [ 32 ] CVE-2018-6179 https://nvd.nist.gov/vuln/detail/CVE-2018-6179 [ 33 ] CVE-2108-6150 https://nvd.nist.gov/vuln/detail/CVE-2108-6150 [ 34 ] Google Chrome 68.0.3440.75 release announcement https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201808-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

information disclosure

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Apple

SOURCES

LAST UPDATE DATE

2026-03-29T22:54:45.259000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE