opensuse-su-2018:4143-1
Vulnerability from csaf_opensuse
Published
2018-12-15 09:27
Modified
2018-12-15 09:27
Summary
Security update for Chromium
Notes
Title of the patch
Security update for Chromium
Description of the patch
This update to Chromium 71.0.3578.98 fixes the following issues:
Security issues fixed (boo#1118529):
- CVE-2018-17480: Out of bounds write in V8
- CVE-2018-17481: Use after frees in PDFium
- CVE-2018-18335: Heap buffer overflow in Skia
- CVE-2018-18336: Use after free in PDFium
- CVE-2018-18337: Use after free in Blink
- CVE-2018-18338: Heap buffer overflow in Canvas
- CVE-2018-18339: Use after free in WebAudio
- CVE-2018-18340: Use after free in MediaRecorder
- CVE-2018-18341: Heap buffer overflow in Blink
- CVE-2018-18342: Out of bounds write in V8
- CVE-2018-18343: Use after free in Skia
- CVE-2018-18344: Inappropriate implementation in Extensions
- Multiple issues in SQLite via WebSQL
- CVE-2018-18345: Inappropriate implementation in Site Isolation
- CVE-2018-18346: Incorrect security UI in Blink
- CVE-2018-18347: Inappropriate implementation in Navigation
- CVE-2018-18348: Inappropriate implementation in Omnibox
- CVE-2018-18349: Insufficient policy enforcement in Blink
- CVE-2018-18350: Insufficient policy enforcement in Blink
- CVE-2018-18351: Insufficient policy enforcement in Navigation
- CVE-2018-18352: Inappropriate implementation in Media
- CVE-2018-18353: Inappropriate implementation in Network Authentication
- CVE-2018-18354: Insufficient data validation in Shell Integration
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter
- CVE-2018-18356: Use after free in Skia
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter
- CVE-2018-18358: Insufficient policy enforcement in Proxy
- CVE-2018-18359: Out of bounds read in V8
- Inappropriate implementation in PDFium
- Use after free in Extensions
- Inappropriate implementation in Navigation
- Insufficient policy enforcement in Navigation
- Insufficient policy enforcement in URL Formatter
- Various fixes from internal audits, fuzzing and other initiatives
- CVE-2018-17481: Use after free in PDFium (boo#1119364)
The following changes are included:
- advertisements posing as error messages are now blocked
- Automatic playing of content at page load mostly disabled
- New JavaScript API for relative time display
Patchnames
openSUSE-2018-1558
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update to Chromium 71.0.3578.98 fixes the following issues:\n\nSecurity issues fixed (boo#1118529):\n\n- CVE-2018-17480: Out of bounds write in V8\n- CVE-2018-17481: Use after frees in PDFium\n- CVE-2018-18335: Heap buffer overflow in Skia\n- CVE-2018-18336: Use after free in PDFium\n- CVE-2018-18337: Use after free in Blink\n- CVE-2018-18338: Heap buffer overflow in Canvas\n- CVE-2018-18339: Use after free in WebAudio\n- CVE-2018-18340: Use after free in MediaRecorder\n- CVE-2018-18341: Heap buffer overflow in Blink\n- CVE-2018-18342: Out of bounds write in V8\n- CVE-2018-18343: Use after free in Skia\n- CVE-2018-18344: Inappropriate implementation in Extensions\n- Multiple issues in SQLite via WebSQL\n- CVE-2018-18345: Inappropriate implementation in Site Isolation\n- CVE-2018-18346: Incorrect security UI in Blink\n- CVE-2018-18347: Inappropriate implementation in Navigation\n- CVE-2018-18348: Inappropriate implementation in Omnibox\n- CVE-2018-18349: Insufficient policy enforcement in Blink\n- CVE-2018-18350: Insufficient policy enforcement in Blink\n- CVE-2018-18351: Insufficient policy enforcement in Navigation\n- CVE-2018-18352: Inappropriate implementation in Media\n- CVE-2018-18353: Inappropriate implementation in Network Authentication\n- CVE-2018-18354: Insufficient data validation in Shell Integration\n- CVE-2018-18355: Insufficient policy enforcement in URL Formatter\n- CVE-2018-18356: Use after free in Skia\n- CVE-2018-18357: Insufficient policy enforcement in URL Formatter\n- CVE-2018-18358: Insufficient policy enforcement in Proxy\n- CVE-2018-18359: Out of bounds read in V8\n- Inappropriate implementation in PDFium\n- Use after free in Extensions\n- Inappropriate implementation in Navigation\n- Insufficient policy enforcement in Navigation\n- Insufficient policy enforcement in URL Formatter\n- Various fixes from internal audits, fuzzing and other initiatives\n- CVE-2018-17481: Use after free in PDFium (boo#1119364)\n\nThe following changes are included:\n\n- advertisements posing as error messages are now blocked\n- Automatic playing of content at page load mostly disabled\n- New JavaScript API for relative time display\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2018-1558",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_4143-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2018:4143-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46/#PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2018:4143-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46/#PWE5NUKJ4YIN5BIHKKSD55F2QU6JUG46"
},
{
"category": "self",
"summary": "SUSE Bug 1118529",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "self",
"summary": "SUSE Bug 1119364",
"url": "https://bugzilla.suse.com/1119364"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17480 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17481 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18335 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18336 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18337 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18338 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18339 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18340 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18341 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18342 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18343 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18344 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18345 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18346 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18347 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18348 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18349 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18350 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18351 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18352 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18353 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18354 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18355 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18356 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18357 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18358 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18359/"
}
],
"title": "Security update for Chromium",
"tracking": {
"current_release_date": "2018-12-15T09:27:33Z",
"generator": {
"date": "2018-12-15T09:27:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2018:4143-1",
"initial_release_date": "2018-12-15T09:27:33Z",
"revision_history": [
{
"date": "2018-12-15T09:27:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-71.0.3578.98-80.1.x86_64",
"product": {
"name": "chromedriver-71.0.3578.98-80.1.x86_64",
"product_id": "chromedriver-71.0.3578.98-80.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-71.0.3578.98-80.1.x86_64",
"product": {
"name": "chromium-71.0.3578.98-80.1.x86_64",
"product_id": "chromium-71.0.3578.98-80.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12 SP2",
"product": {
"name": "SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-71.0.3578.98-80.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64"
},
"product_reference": "chromedriver-71.0.3578.98-80.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-71.0.3578.98-80.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
},
"product_reference": "chromium-71.0.3578.98-80.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-17480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17480"
}
],
"notes": [
{
"category": "general",
"text": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17480",
"url": "https://www.suse.com/security/cve/CVE-2018-17480"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-17480",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-17480",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-17480"
},
{
"cve": "CVE-2018-17481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17481"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17481",
"url": "https://www.suse.com/security/cve/CVE-2018-17481"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-17481",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1119364 for CVE-2018-17481",
"url": "https://bugzilla.suse.com/1119364"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-17481",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-17481"
},
{
"cve": "CVE-2018-18335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18335"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18335",
"url": "https://www.suse.com/security/cve/CVE-2018-18335"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18335"
},
{
"cve": "CVE-2018-18336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18336"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18336",
"url": "https://www.suse.com/security/cve/CVE-2018-18336"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18336",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18336",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18336"
},
{
"cve": "CVE-2018-18337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18337"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18337",
"url": "https://www.suse.com/security/cve/CVE-2018-18337"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18337",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18337",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18337"
},
{
"cve": "CVE-2018-18338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18338"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18338",
"url": "https://www.suse.com/security/cve/CVE-2018-18338"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18338",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18338",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18338"
},
{
"cve": "CVE-2018-18339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18339"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18339",
"url": "https://www.suse.com/security/cve/CVE-2018-18339"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18339",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18339",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18339"
},
{
"cve": "CVE-2018-18340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18340"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18340",
"url": "https://www.suse.com/security/cve/CVE-2018-18340"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18340",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18340",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18340"
},
{
"cve": "CVE-2018-18341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18341"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18341",
"url": "https://www.suse.com/security/cve/CVE-2018-18341"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18341",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18341",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18341"
},
{
"cve": "CVE-2018-18342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18342"
}
],
"notes": [
{
"category": "general",
"text": "Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18342",
"url": "https://www.suse.com/security/cve/CVE-2018-18342"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18342",
"url": "https://bugzilla.suse.com/1118529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18342"
},
{
"cve": "CVE-2018-18343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18343"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18343",
"url": "https://www.suse.com/security/cve/CVE-2018-18343"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18343",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18343",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18343"
},
{
"cve": "CVE-2018-18344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18344"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18344",
"url": "https://www.suse.com/security/cve/CVE-2018-18344"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18344",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18344",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18344"
},
{
"cve": "CVE-2018-18345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18345"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18345",
"url": "https://www.suse.com/security/cve/CVE-2018-18345"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18345",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18345",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18345"
},
{
"cve": "CVE-2018-18346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18346"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18346",
"url": "https://www.suse.com/security/cve/CVE-2018-18346"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18346",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18346",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18346"
},
{
"cve": "CVE-2018-18347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18347"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18347",
"url": "https://www.suse.com/security/cve/CVE-2018-18347"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18347",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18347",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18347"
},
{
"cve": "CVE-2018-18348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18348"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18348",
"url": "https://www.suse.com/security/cve/CVE-2018-18348"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18348",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18348",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18348"
},
{
"cve": "CVE-2018-18349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18349"
}
],
"notes": [
{
"category": "general",
"text": "Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18349",
"url": "https://www.suse.com/security/cve/CVE-2018-18349"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18349",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18349",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18349"
},
{
"cve": "CVE-2018-18350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18350"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18350",
"url": "https://www.suse.com/security/cve/CVE-2018-18350"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18350",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18350",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18350"
},
{
"cve": "CVE-2018-18351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18351"
}
],
"notes": [
{
"category": "general",
"text": "Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18351",
"url": "https://www.suse.com/security/cve/CVE-2018-18351"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18351",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18351",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18351"
},
{
"cve": "CVE-2018-18352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18352"
}
],
"notes": [
{
"category": "general",
"text": "Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18352",
"url": "https://www.suse.com/security/cve/CVE-2018-18352"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18352",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18352",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18352"
},
{
"cve": "CVE-2018-18353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18353"
}
],
"notes": [
{
"category": "general",
"text": "Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18353",
"url": "https://www.suse.com/security/cve/CVE-2018-18353"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18353",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18353",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18353"
},
{
"cve": "CVE-2018-18354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18354"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18354",
"url": "https://www.suse.com/security/cve/CVE-2018-18354"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18354",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18354",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18354"
},
{
"cve": "CVE-2018-18355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18355"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18355",
"url": "https://www.suse.com/security/cve/CVE-2018-18355"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18355",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18355",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18355"
},
{
"cve": "CVE-2018-18356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18356"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18356",
"url": "https://www.suse.com/security/cve/CVE-2018-18356"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18356"
},
{
"cve": "CVE-2018-18357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18357"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18357",
"url": "https://www.suse.com/security/cve/CVE-2018-18357"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18357",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18357",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18357"
},
{
"cve": "CVE-2018-18358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18358"
}
],
"notes": [
{
"category": "general",
"text": "Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18358",
"url": "https://www.suse.com/security/cve/CVE-2018-18358"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18358",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18358",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18358"
},
{
"cve": "CVE-2018-18359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18359"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18359",
"url": "https://www.suse.com/security/cve/CVE-2018-18359"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18359",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18359",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-71.0.3578.98-80.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-71.0.3578.98-80.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-15T09:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-18359"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…