8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.028 Low
EPSS
Percentile
90.6%
Severity: Critical
Date : 2017-01-27
CVE-ID : CVE-2017-5006 CVE-2017-5007 CVE-2017-5008 CVE-2017-5009
CVE-2017-5010 CVE-2017-5011 CVE-2017-5012 CVE-2017-5013
CVE-2017-5014 CVE-2017-5015 CVE-2017-5016 CVE-2017-5017
CVE-2017-5018 CVE-2017-5019 CVE-2017-5020 CVE-2017-5021
CVE-2017-5022 CVE-2017-5023 CVE-2017-5024 CVE-2017-5025
CVE-2017-5026
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-156
The package chromium before version 56.0.2924.76-1 is vulnerable to
multiple issues including arbitrary code execution, arbitrary
filesystem access, cross-site scripting, content spoofing, information
disclosure, access restriction bypass and denial of service.
Upgrade to 56.0.2924.76-1.
The problems have been fixed upstream in version 56.0.2924.76.
None.
An universal XSS flaw was found in the Blink component of the Chromium
browser.
An universal XSS flaw was found in the Blink component of the Chromium
browser.
An universal XSS flaw was found in the Blink component of the Chromium
browser.
An out of bounds memory access flaw was found in the WebRTC component
of the Chromium browser.
An universal XSS flaw was found in the Blink component of the Chromium
browser.
An unauthorised file access flaw was found in the Devtools component of
the Chromium browser.
A heap overflow flaw was found in the V8 component of the Chromium
browser.
An address spoofing flaw was found in the Omnibox component of the
Chromium browser
A heap overflow flaw was found in the Skia component of the Chromium
browser.
An address spoofing flaw was found in the Omnibox component of the
Chromium browser.
An UI spoofing flaw was found in the Blink component of the Chromium
browser.
An uninitialised memory access flaw was found in the webm video
component of the Chromium browser.
An universal XSS flaw was found in the chrome://apps component of the
Chromium browser.
An use after free flaw was found in the Renderer component of the
Chromium browser.
An universal XSS flaw was found in the chrome://downloads component of
the Chromium browser.
A use-after-free flaw was found in the Extensions component of the
Chromium browser.
A bypass of content security policy flaw was found in the Blink
component of the Chromium browser.
A type confusion flaw was found in the metrics component of the
Chromium browser.
A heap overflow flaw was found in the FFmpeg component of the Chromium
browser.
A heap overflow flaw was found in the FFmpeg component of the Chromium
browser.
A UI spoofing flaw was found in the Chromium browser.
A remote attacker can access sensitive information and arbitrary files,
bypass security restrictions, spoof content and execute arbitrary code
on the affected host.
https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
https://bugzilla.redhat.com/show_bug.cgi?id=1416658
https://code.google.com/p/chromium/issues/detail?id=673170
https://code.google.com/p/chromium/issues/detail?id=671102
https://bugzilla.redhat.com/show_bug.cgi?id=1416657
https://bugzilla.redhat.com/show_bug.cgi?id=1416659
https://code.google.com/p/chromium/issues/detail?id=668552
https://bugzilla.redhat.com/show_bug.cgi?id=1416662
https://code.google.com/p/chromium/issues/detail?id=667504
https://bugzilla.redhat.com/show_bug.cgi?id=1416660
https://code.google.com/p/chromium/issues/detail?id=663476
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5011
https://code.google.com/p/chromium/issues/detail?id=662859
https://bugzilla.redhat.com/show_bug.cgi?id=1416663
https://code.google.com/p/chromium/issues/detail?id=681843
https://code.google.com/p/chromium/issues/detail?id=677716
https://bugzilla.redhat.com/show_bug.cgi?id=1416664
https://bugzilla.redhat.com/show_bug.cgi?id=1416665
https://code.google.com/p/chromium/issues/detail?id=675332
https://bugzilla.redhat.com/show_bug.cgi?id=1416666
https://code.google.com/p/chromium/issues/detail?id=673971
https://bugzilla.redhat.com/show_bug.cgi?id=1416668
https://code.google.com/p/chromium/issues/detail?id=673163
https://bugzilla.redhat.com/show_bug.cgi?id=1416669
https://code.google.com/p/chromium/issues/detail?id=676975
https://bugzilla.redhat.com/show_bug.cgi?id=1416670
https://code.google.com/p/chromium/issues/detail?id=668665
https://bugzilla.redhat.com/show_bug.cgi?id=1416667
https://code.google.com/p/chromium/issues/detail?id=666714
https://bugzilla.redhat.com/show_bug.cgi?id=1416671
https://code.google.com/p/chromium/issues/detail?id=668653
https://bugzilla.redhat.com/show_bug.cgi?id=1416672
https://code.google.com/p/chromium/issues/detail?id=663726
https://bugzilla.redhat.com/show_bug.cgi?id=1416673
https://code.google.com/p/chromium/issues/detail?id=663620
https://bugzilla.redhat.com/show_bug.cgi?id=1416674
https://code.google.com/p/chromium/issues/detail?id=651443
https://bugzilla.redhat.com/show_bug.cgi?id=1416675
https://code.google.com/p/chromium/issues/detail?id=643951
https://code.google.com/p/chromium/issues/detail?id=643950
https://bugzilla.redhat.com/show_bug.cgi?id=1416676
https://code.google.com/p/chromium/issues/detail?id=634108
https://bugzilla.redhat.com/show_bug.cgi?id=1416677
https://security.archlinux.org/CVE-2017-5006
https://security.archlinux.org/CVE-2017-5007
https://security.archlinux.org/CVE-2017-5008
https://security.archlinux.org/CVE-2017-5009
https://security.archlinux.org/CVE-2017-5010
https://security.archlinux.org/CVE-2017-5011
https://security.archlinux.org/CVE-2017-5012
https://security.archlinux.org/CVE-2017-5013
https://security.archlinux.org/CVE-2017-5014
https://security.archlinux.org/CVE-2017-5015
https://security.archlinux.org/CVE-2017-5016
https://security.archlinux.org/CVE-2017-5017
https://security.archlinux.org/CVE-2017-5018
https://security.archlinux.org/CVE-2017-5019
https://security.archlinux.org/CVE-2017-5020
https://security.archlinux.org/CVE-2017-5021
https://security.archlinux.org/CVE-2017-5022
https://security.archlinux.org/CVE-2017-5023
https://security.archlinux.org/CVE-2017-5024
https://security.archlinux.org/CVE-2017-5025
https://security.archlinux.org/CVE-2017-5026
bugzilla.redhat.com/show_bug.cgi?id=1416657
bugzilla.redhat.com/show_bug.cgi?id=1416658
bugzilla.redhat.com/show_bug.cgi?id=1416659
bugzilla.redhat.com/show_bug.cgi?id=1416660
bugzilla.redhat.com/show_bug.cgi?id=1416662
bugzilla.redhat.com/show_bug.cgi?id=1416663
bugzilla.redhat.com/show_bug.cgi?id=1416664
bugzilla.redhat.com/show_bug.cgi?id=1416665
bugzilla.redhat.com/show_bug.cgi?id=1416666
bugzilla.redhat.com/show_bug.cgi?id=1416667
bugzilla.redhat.com/show_bug.cgi?id=1416668
bugzilla.redhat.com/show_bug.cgi?id=1416669
bugzilla.redhat.com/show_bug.cgi?id=1416670
bugzilla.redhat.com/show_bug.cgi?id=1416671
bugzilla.redhat.com/show_bug.cgi?id=1416672
bugzilla.redhat.com/show_bug.cgi?id=1416673
bugzilla.redhat.com/show_bug.cgi?id=1416674
bugzilla.redhat.com/show_bug.cgi?id=1416675
bugzilla.redhat.com/show_bug.cgi?id=1416676
bugzilla.redhat.com/show_bug.cgi?id=1416677
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5011
chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
code.google.com/p/chromium/issues/detail?id=634108
code.google.com/p/chromium/issues/detail?id=643950
code.google.com/p/chromium/issues/detail?id=643951
code.google.com/p/chromium/issues/detail?id=651443
code.google.com/p/chromium/issues/detail?id=662859
code.google.com/p/chromium/issues/detail?id=663476
code.google.com/p/chromium/issues/detail?id=663620
code.google.com/p/chromium/issues/detail?id=663726
code.google.com/p/chromium/issues/detail?id=666714
code.google.com/p/chromium/issues/detail?id=667504
code.google.com/p/chromium/issues/detail?id=668552
code.google.com/p/chromium/issues/detail?id=668653
code.google.com/p/chromium/issues/detail?id=668665
code.google.com/p/chromium/issues/detail?id=671102
code.google.com/p/chromium/issues/detail?id=673163
code.google.com/p/chromium/issues/detail?id=673170
code.google.com/p/chromium/issues/detail?id=673971
code.google.com/p/chromium/issues/detail?id=675332
code.google.com/p/chromium/issues/detail?id=676975
code.google.com/p/chromium/issues/detail?id=677716
code.google.com/p/chromium/issues/detail?id=681843
security.archlinux.org/AVG-156
security.archlinux.org/CVE-2017-5006
security.archlinux.org/CVE-2017-5007
security.archlinux.org/CVE-2017-5008
security.archlinux.org/CVE-2017-5009
security.archlinux.org/CVE-2017-5010
security.archlinux.org/CVE-2017-5011
security.archlinux.org/CVE-2017-5012
security.archlinux.org/CVE-2017-5013
security.archlinux.org/CVE-2017-5014
security.archlinux.org/CVE-2017-5015
security.archlinux.org/CVE-2017-5016
security.archlinux.org/CVE-2017-5017
security.archlinux.org/CVE-2017-5018
security.archlinux.org/CVE-2017-5019
security.archlinux.org/CVE-2017-5020
security.archlinux.org/CVE-2017-5021
security.archlinux.org/CVE-2017-5022
security.archlinux.org/CVE-2017-5023
security.archlinux.org/CVE-2017-5024
security.archlinux.org/CVE-2017-5025
security.archlinux.org/CVE-2017-5026
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.028 Low
EPSS
Percentile
90.6%