UBUNTU-CVE-2018-4117
- Source
- https://ubuntu.com/security/CVE-2018-4117
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-4117.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2018-4117
- Related
- Published
- 2018-04-03T00:00:00Z
- Modified
- 2025-06-03T17:32:13Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
- References
-
- https://ubuntu.com/security/CVE-2018-4117
- https://support.apple.com/HT208693
- https://support.apple.com/HT208694
- https://support.apple.com/HT208695
- https://support.apple.com/HT208696
- https://support.apple.com/HT208697
- https://webkitgtk.org/security/WSA-2018-0003.html
- https://ubuntu.com/security/notices/USN-3635-1
- https://www.cve.org/CVERecord?id=CVE-2018-4117
Affected packages
Ubuntu:16.04:LTS / chromium-browser
Package
- Name
- chromium-browser
- Purl
- pkg:deb/ubuntu/chromium-browser@68.0.3440.75-0ubuntu0.16.04.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed68.0.3440.75-0ubuntu0.16.04.1
Affected versions
45.*
45.0.2454.101-0ubuntu1.1201
47.*
47.0.2526.73-0ubuntu1.1218
47.0.2526.106-0ubuntu1.1221
48.*
48.0.2564.82-0ubuntu1.1222
48.0.2564.116-0ubuntu1.1229
49.*
49.0.2623.87-0ubuntu1.1232
49.0.2623.108-0ubuntu1.1233
50.*
50.0.2661.102-0ubuntu0.16.04.1.1237
51.*
51.0.2704.79-0ubuntu0.16.04.1.1242
52.*
52.0.2743.116-0ubuntu0.16.04.1.1250
53.*
53.0.2785.143-0ubuntu0.16.04.1.1254
53.0.2785.143-0ubuntu0.16.04.1.1257
55.*
55.0.2883.87-0ubuntu0.16.04.1263
56.*
56.0.2924.76-0ubuntu0.16.04.1268
57.*
57.0.2987.98-0ubuntu0.16.04.1276
58.*
58.0.3029.81-0ubuntu0.16.04.1277
58.0.3029.96-0ubuntu0.16.04.1279
58.0.3029.110-0ubuntu0.16.04.1281
59.*
59.0.3071.109-0ubuntu0.16.04.1289
59.0.3071.109-0ubuntu0.16.04.1291
60.*
60.0.3112.78-0ubuntu0.16.04.1293
60.0.3112.113-0ubuntu0.16.04.1298
61.*
61.0.3163.79-0ubuntu0.16.04.1300
61.0.3163.100-0ubuntu0.16.04.1306
62.*
62.0.3202.62-0ubuntu0.16.04.1308
62.0.3202.75-0ubuntu0.16.04.1313
62.0.3202.89-0ubuntu0.16.04.1315
62.0.3202.94-0ubuntu0.16.04.1317
63.*
63.0.3239.84-0ubuntu0.16.04.1
63.0.3239.132-0ubuntu0.16.04.1
64.*
64.0.3282.119-0ubuntu0.16.04.1
64.0.3282.140-0ubuntu0.16.04.1
64.0.3282.167-0ubuntu0.16.04.1
65.*
65.0.3325.181-0ubuntu0.16.04.1
66.*
66.0.3359.139-0ubuntu0.16.04.3
66.0.3359.181-0ubuntu0.16.04.1
67.*
67.0.3396.99-0ubuntu0.16.04.2
Ecosystem specific
{
"binaries": [
{
"binary_name": "chromium-browser",
"binary_version": "68.0.3440.75-0ubuntu0.16.04.1"
},
{
"binary_name": "chromium-browser-dbgsym",
"binary_version": "68.0.3440.75-0ubuntu0.16.04.1"
},
{
"binary_name": "chromium-browser-l10n",
"binary_version": "68.0.3440.75-0ubuntu0.16.04.1"
},
{
"binary_name": "chromium-chromedriver",
"binary_version": "68.0.3440.75-0ubuntu0.16.04.1"
},
{
"binary_name": "chromium-chromedriver-dbgsym",
"binary_version": "68.0.3440.75-0ubuntu0.16.04.1"
},
{
"binary_name": "chromium-codecs-ffmpeg",
"binary_version": "68.0.3440.75-0ubuntu0.16.04.1"
},
{
"binary_name": "chromium-codecs-ffmpeg-dbgsym",
"binary_version": "68.0.3440.75-0ubuntu0.16.04.1"
},
{
"binary_name": "chromium-codecs-ffmpeg-extra",
"binary_version": "68.0.3440.75-0ubuntu0.16.04.1"
},
{
"binary_name": "chromium-codecs-ffmpeg-extra-dbgsym",
"binary_version": "68.0.3440.75-0ubuntu0.16.04.1"
}
],
"ubuntu_priority": "medium",
"availability": "No subscription required"
}
Ubuntu:16.04:LTS / webkit2gtk
Package
- Name
- webkit2gtk
- Purl
- pkg:deb/ubuntu/webkit2gtk@2.20.1-0ubuntu0.16.04.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.20.1-0ubuntu0.16.04.1
Affected versions
2.*
2.8.5+dfsg1-3
2.10.3+dfsg1-1
2.10.4+dfsg1-1
2.10.5-1
2.10.6-1
2.10.6-1ubuntu1
2.10.8-1ubuntu1
2.10.9-1ubuntu1
2.12.5-0ubuntu0.16.04.1
2.14.2-0ubuntu0.16.04.1
2.14.3-0ubuntu0.16.04.1
2.14.5-0ubuntu0.16.04.1
2.16.1-0ubuntu0.16.04.1
2.16.1-0ubuntu0.16.04.2
2.16.2-0ubuntu0.16.04.1
2.16.3-0ubuntu0.16.04.1
2.16.6-0ubuntu0.16.04.1
2.18.0-0ubuntu0.16.04.2
2.18.3-0ubuntu0.16.04.1
2.18.4-0ubuntu0.16.04.1
2.18.5-0ubuntu0.16.04.1
2.18.6-0ubuntu0.16.04.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-javascriptcoregtk-4.0",
"binary_version": "2.20.1-0ubuntu0.16.04.1"
},
{
"binary_name": "gir1.2-webkit2-4.0",
"binary_version": "2.20.1-0ubuntu0.16.04.1"
},
{
"binary_name": "libjavascriptcoregtk-4.0-18",
"binary_version": "2.20.1-0ubuntu0.16.04.1"
},
{
"binary_name": "libjavascriptcoregtk-4.0-18-dbgsym",
"binary_version": "2.20.1-0ubuntu0.16.04.1"
},
{
"binary_name": "libjavascriptcoregtk-4.0-bin",
"binary_version": "2.20.1-0ubuntu0.16.04.1"
},
{
"binary_name": "libjavascriptcoregtk-4.0-bin-dbgsym",
"binary_version": "2.20.1-0ubuntu0.16.04.1"
},
{
"binary_name": "libjavascriptcoregtk-4.0-dev",
"binary_version": "2.20.1-0ubuntu0.16.04.1"
},
{
"binary_name": "libwebkit2gtk-4.0-37",
"binary_version": "2.20.1-0ubuntu0.16.04.1"
},
{
"binary_name": "libwebkit2gtk-4.0-37-dbgsym",
"binary_version": "2.20.1-0ubuntu0.16.04.1"
},
{
"binary_name": "libwebkit2gtk-4.0-37-gtk2",
"binary_version": "2.20.1-0ubuntu0.16.04.1"
},
{
"binary_name": "libwebkit2gtk-4.0-37-gtk2-dbgsym",
"binary_version": "2.20.1-0ubuntu0.16.04.1"
},
{
"binary_name": "libwebkit2gtk-4.0-dev",
"binary_version": "2.20.1-0ubuntu0.16.04.1"
},
{
"binary_name": "libwebkit2gtk-4.0-doc",
"binary_version": "2.20.1-0ubuntu0.16.04.1"
}
],
"ubuntu_priority": "medium",
"availability": "No subscription required"
}
Ubuntu:Pro:16.04:LTS / qtwebkit-opensource-src
Package
- Name
- qtwebkit-opensource-src
- Purl
- pkg:deb/ubuntu/qtwebkit-opensource-src@5.5.1+dfsg-2ubuntu1?arch=source&distro=esm-infra/xenial
Ubuntu:Pro:16.04:LTS / qtwebkit-source
Package
- Name
- qtwebkit-source
- Purl
- pkg:deb/ubuntu/qtwebkit-source@2.3.2-0ubuntu11?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:16.04:LTS / webkitgtk
Package
- Name
- webkitgtk
- Purl
- pkg:deb/ubuntu/webkitgtk@2.4.11-0ubuntu0.1?arch=source&distro=esm-apps/xenial
Ubuntu:18.04:LTS / chromium-browser
Package
- Name
- chromium-browser
- Purl
- pkg:deb/ubuntu/chromium-browser@68.0.3440.75-0ubuntu0.18.04.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed68.0.3440.75-0ubuntu0.18.04.1
Affected versions
61.*
61.0.3163.100-0ubuntu1.1378
62.*
62.0.3202.62-0ubuntu0.17.10.1380
62.0.3202.89-0ubuntu1.1386
62.0.3202.94-0ubuntu1.1388
63.*
63.0.3239.84-0ubuntu1
63.0.3239.108-0ubuntu1
64.*
64.0.3282.119-0ubuntu1
64.0.3282.140-0ubuntu1
64.0.3282.167-0ubuntu1
65.*
65.0.3325.146-0ubuntu1
65.0.3325.181-0ubuntu1
66.*
66.0.3359.139-0ubuntu0.18.04.3
66.0.3359.181-0ubuntu0.18.04.1
67.*
67.0.3396.99-0ubuntu0.18.04.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "chromium-browser",
"binary_version": "68.0.3440.75-0ubuntu0.18.04.1"
},
{
"binary_name": "chromium-browser-dbgsym",
"binary_version": "68.0.3440.75-0ubuntu0.18.04.1"
},
{
"binary_name": "chromium-browser-l10n",
"binary_version": "68.0.3440.75-0ubuntu0.18.04.1"
},
{
"binary_name": "chromium-chromedriver",
"binary_version": "68.0.3440.75-0ubuntu0.18.04.1"
},
{
"binary_name": "chromium-chromedriver-dbgsym",
"binary_version": "68.0.3440.75-0ubuntu0.18.04.1"
},
{
"binary_name": "chromium-codecs-ffmpeg",
"binary_version": "68.0.3440.75-0ubuntu0.18.04.1"
},
{
"binary_name": "chromium-codecs-ffmpeg-dbgsym",
"binary_version": "68.0.3440.75-0ubuntu0.18.04.1"
},
{
"binary_name": "chromium-codecs-ffmpeg-extra",
"binary_version": "68.0.3440.75-0ubuntu0.18.04.1"
},
{
"binary_name": "chromium-codecs-ffmpeg-extra-dbgsym",
"binary_version": "68.0.3440.75-0ubuntu0.18.04.1"
}
],
"ubuntu_priority": "medium",
"availability": "No subscription required"
}
Ubuntu:18.04:LTS / webkit2gtk
Package
- Name
- webkit2gtk
- Purl
- pkg:deb/ubuntu/webkit2gtk@2.20.0-2?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.20.0-2
Affected versions
2.*
2.18.0-2
2.18.0-2build1
2.18.2-1
2.18.3-1
2.18.4-1
2.18.6-1
2.19.91-1ubuntu1
2.19.92-1
2.20.0-1
Ecosystem specific
{
"binaries": [
{
"binary_name": "gir1.2-javascriptcoregtk-4.0",
"binary_version": "2.20.0-2"
},
{
"binary_name": "gir1.2-webkit2-4.0",
"binary_version": "2.20.0-2"
},
{
"binary_name": "libjavascriptcoregtk-4.0-18",
"binary_version": "2.20.0-2"
},
{
"binary_name": "libjavascriptcoregtk-4.0-18-dbgsym",
"binary_version": "2.20.0-2"
},
{
"binary_name": "libjavascriptcoregtk-4.0-bin",
"binary_version": "2.20.0-2"
},
{
"binary_name": "libjavascriptcoregtk-4.0-bin-dbgsym",
"binary_version": "2.20.0-2"
},
{
"binary_name": "libjavascriptcoregtk-4.0-dev",
"binary_version": "2.20.0-2"
},
{
"binary_name": "libwebkit2gtk-4.0-37",
"binary_version": "2.20.0-2"
},
{
"binary_name": "libwebkit2gtk-4.0-37-dbgsym",
"binary_version": "2.20.0-2"
},
{
"binary_name": "libwebkit2gtk-4.0-37-gtk2",
"binary_version": "2.20.0-2"
},
{
"binary_name": "libwebkit2gtk-4.0-37-gtk2-dbgsym",
"binary_version": "2.20.0-2"
},
{
"binary_name": "libwebkit2gtk-4.0-dev",
"binary_version": "2.20.0-2"
},
{
"binary_name": "libwebkit2gtk-4.0-doc",
"binary_version": "2.20.0-2"
},
{
"binary_name": "webkit2gtk-driver",
"binary_version": "2.20.0-2"
},
{
"binary_name": "webkit2gtk-driver-dbgsym",
"binary_version": "2.20.0-2"
}
],
"ubuntu_priority": "medium",
"availability": "No subscription required"
}
Ubuntu:Pro:18.04:LTS / qtwebkit-opensource-src
Package
- Name
- qtwebkit-opensource-src
- Purl
- pkg:deb/ubuntu/qtwebkit-opensource-src@5.212.0~alpha2-7ubuntu1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:18.04:LTS / qtwebkit-source
Package
- Name
- qtwebkit-source
- Purl
- pkg:deb/ubuntu/qtwebkit-source@2.3.2-0ubuntu13?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:18.04:LTS / webkitgtk
Package
- Name
- webkitgtk
- Purl
- pkg:deb/ubuntu/webkitgtk@2.4.11-3ubuntu3?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:20.04:LTS / qtwebkit-opensource-src
Package
- Name
- qtwebkit-opensource-src
- Purl
- pkg:deb/ubuntu/qtwebkit-opensource-src@5.212.0~alpha4-1ubuntu2.1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:22.04:LTS / qtwebkit-opensource-src
Package
- Name
- qtwebkit-opensource-src
- Purl
- pkg:deb/ubuntu/qtwebkit-opensource-src@5.212.0~alpha4-15ubuntu1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:24.04:LTS / qtwebkit-opensource-src
Package
- Name
- qtwebkit-opensource-src
- Purl
- pkg:deb/ubuntu/qtwebkit-opensource-src@5.212.0~alpha4-36?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected