Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-201704-5
HistoryApr 20, 2017 - 12:00 a.m.

[ASA-201704-5] chromium: multiple issues

2017-04-2000:00:00
security.archlinux.org
11

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.168 Low

EPSS

Percentile

96.0%

JSON

Arch Linux Security Advisory ASA-201704-5

Severity: Critical
Date : 2017-04-20
CVE-ID : CVE-2017-5057 CVE-2017-5058 CVE-2017-5059 CVE-2017-5060
CVE-2017-5061 CVE-2017-5062 CVE-2017-5063 CVE-2017-5064
CVE-2017-5065 CVE-2017-5066 CVE-2017-5067 CVE-2017-5069
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-250

Summary

The package chromium before version 58.0.3029.81-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing,
incorrect calculation and same-origin policy bypass.

Resolution

Upgrade to 58.0.3029.81-1.

pacman -Syu “chromium>=58.0.3029.81-1”

The problems have been fixed upstream in version 58.0.3029.81.

Workaround

None.

Description

  • CVE-2017-5057 (arbitrary code execution)

A type confusion issue has been found in the PDFium component of the
Chromium browser.

  • CVE-2017-5058 (arbitrary code execution)

A heap use after free issue has been found in the Print Preview
component of the Chromium browser.

  • CVE-2017-5059 (arbitrary code execution)

A type confusion issue has been found in the Blink component of the
Chromium browser.

  • CVE-2017-5060 (content spoofing)

A URL spoofing issue has been found in the Omnibox component of the
Chromium browser.

  • CVE-2017-5061 (content spoofing)

A URL spoofing issue has been found in the Omnibox component of the
Chromium browser.

  • CVE-2017-5062 (arbitrary code execution)

A use after free issue has been found in the Chrome Apps component of
the Chromium browser.

  • CVE-2017-5063 (arbitrary code execution)

A heap overflow issue has been found in the Skia component of the
Chromium browser.

  • CVE-2017-5064 (arbitrary code execution)

A use after free flaw has been found in the Blink component of the
Chromium browser.

  • CVE-2017-5065 (content spoofing)

An incorrect UI issue has been found in the Blink component of the
Chromium browser.

  • CVE-2017-5066 (incorrect calculation)

An incorrect signature handing issue has been found in the Networking
component of the Chromium browser.

  • CVE-2017-5067 (content spoofing)

A URL spoofing issue has been found in the Omnibox component of the
Chromium browser.

  • CVE-2017-5069 (same-origin policy bypass)

A cross-origin bypass issue has been found in the Blink component of
the Chromium browser.

Impact

A remote attacker can spoof URL, bypass security checks and execute
arbitrary code on the affected host.

References

https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html
https://crbug.com/695826
https://crbug.com/694382
https://crbug.com/684684
https://crbug.com/683314
https://crbug.com/672847
https://crbug.com/702896
https://crbug.com/700836
https://crbug.com/693974
https://crbug.com/704560
https://crbug.com/690821
https://crbug.com/648117
https://crbug.com/691726
https://security.archlinux.org/CVE-2017-5057
https://security.archlinux.org/CVE-2017-5058
https://security.archlinux.org/CVE-2017-5059
https://security.archlinux.org/CVE-2017-5060
https://security.archlinux.org/CVE-2017-5061
https://security.archlinux.org/CVE-2017-5062
https://security.archlinux.org/CVE-2017-5063
https://security.archlinux.org/CVE-2017-5064
https://security.archlinux.org/CVE-2017-5065
https://security.archlinux.org/CVE-2017-5066
https://security.archlinux.org/CVE-2017-5067
https://security.archlinux.org/CVE-2017-5069

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanychromium< 58.0.3029.81-1UNKNOWN

Related

suse 2
nessus 13
redhat 1
openvas 10
freebsd 1
gentoo 1
chrome 1
fedora 9
kaspersky 1
debiancve 12
prion 12
redhatcve 12
cve 12
ubuntucve 12
zdi 1
seebug 1
mageia 1
suse
suse
Security update for chromium (important)
2017-04-25 00:09:06
Security update for chromium (important)
2017-04-25 00:08:31
nessus
nessus
FreeBSD : chromium -- multiple vulnerabilities (95a74a48-2691-11e7-9e2d-e8e0b747a45a)
2017-04-24 00:00:00
Google Chrome < 58.0.3029.81 Multiple Vulnerabilities
2017-04-25 00:00:00
RHEL 6 : chromium-browser (RHSA-2017:1124)
2017-04-26 00:00:00
redhat
redhat
(RHSA-2017:1124) Important: chromium-browser security update
2017-04-25 07:53:23
openvas
openvas
Google Chrome Security Updates(stable-channel-update-for-desktop-2017-04)-Linux
2017-04-20 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2017:1098-1)
2017-04-25 00:00:00
Google Chrome Security Updates(stable-channel-update-for-desktop-2017-04)-MAC OS X
2017-04-20 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2017-04-19 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2017-05-07 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2017-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: chromium-58.0.3029.110-2.fc26
2017-06-09 19:46:26
[SECURITY] Fedora 26 Update: chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc26
2017-06-09 19:46:27
[SECURITY] Fedora 25 Update: chromium-58.0.3029.110-2.fc25
2017-05-23 00:42:50
kaspersky
kaspersky
KLA11000 Multiple vulnerabilities in Google Chrome
2017-04-19 00:00:00
debiancve
debiancve
CVE-2017-5067
2017-10-27 05:29:00
CVE-2017-5066
2017-10-27 05:29:00
CVE-2017-5061
2017-10-27 05:29:00
prion
prion
Design/Logic Flaw
2017-10-27 05:29:00
Design/Logic Flaw
2017-10-27 05:29:00
Design/Logic Flaw
2017-10-27 05:29:00
redhatcve
redhatcve
CVE-2017-5061
2017-04-20 06:48:49
CVE-2017-5059
2017-04-20 06:49:39
CVE-2017-5065
2017-04-20 06:49:10
cve
cve
CVE-2017-5066
2017-10-27 05:29:00
CVE-2017-5058
2017-10-27 05:29:00
CVE-2017-5061
2017-10-27 05:29:00
ubuntucve
ubuntucve
CVE-2017-5061
2017-10-27 00:00:00
CVE-2017-5058
2017-10-27 00:00:00
CVE-2017-5065
2017-10-27 00:00:00
zdi
zdi
Google Chrome List Item Marker Type Confusion Remote Code Execution Vulnerability
2017-05-02 00:00:00
seebug
seebug
Chrome Type confusion in PDFium (CVE-2017-5057)
2017-04-21 00:00:00
mageia
mageia
Chromium-browser 60.0.3112.101 fixes security issues
2017-08-29 01:48:03

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.168 Low

EPSS

Percentile

96.0%

JSON
Related for ASA-201704-5
suse2nessus13redhat1openvas10freebsd1gentoo1chrome1fedora9kaspersky1debiancve12prion12redhatcve12cve12ubuntucve12zdi1seebug1mageia1