Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-201711-12
HistoryNov 07, 2017 - 12:00 a.m.

[ASA-201711-12] chromium: arbitrary code execution

2017-11-0700:00:00
security.archlinux.org
22

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.116 Low

EPSS

Percentile

95.2%

JSON

Arch Linux Security Advisory ASA-201711-12

Severity: Critical
Date : 2017-11-07
CVE-ID : CVE-2017-15398 CVE-2017-15399
Package : chromium
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-482

Summary

The package chromium before version 62.0.3202.89-1 is vulnerable to
arbitrary code execution.

Resolution

Upgrade to 62.0.3202.89-1.

pacman -Syu “chromium>=62.0.3202.89-1”

The problems have been fixed upstream in version 62.0.3202.89.

Workaround

None.

Description

  • CVE-2017-15398 (arbitrary code execution)

A stack-based buffer overflow has been found in the QUIC component of
the Chromium browser before 62.0.3202.89.

  • CVE-2017-15399 (arbitrary code execution)

A use-after-free has been found in the V8 component of the Chromium
browser before 62.0.3202.89.

Impact

A remote attacker can execute arbitrary code on the affected host.

References

https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html
https://bugs.chromium.org/p/chromium/issues/detail?id=777728
https://bugs.chromium.org/p/chromium/issues/detail?id=776677
https://security.archlinux.org/CVE-2017-15398
https://security.archlinux.org/CVE-2017-15399

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanychromium< 62.0.3202.89-1UNKNOWN

Related

nessus 13
osv 1
chrome 1
debian 2
openvas 10
kaspersky 1
freebsd 1
suse 2
redhat 1
gentoo 1
cve 2
ubuntucve 2
prion 2
redhatcve 2
debiancve 2
fedora 2
mageia 1
nessus
nessus
RHEL 6 : chromium-browser (RHSA-2017:3151)
2017-11-08 00:00:00
openSUSE Security Update : chromium (openSUSE-2017-1252)
2017-11-09 00:00:00
Google Chrome < 62.0.3202.89 Multiple Vulnerabilities
2018-08-23 00:00:00
osv
osv
chromium-browser - security update
2017-11-08 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2017-11-06 00:00:00
debian
debian
[SECURITY] [DSA 4024-1] chromium-browser security update
2017-11-08 12:20:45
[SECURITY] [DSA 4024-1] chromium-browser security update
2017-11-08 12:20:45
openvas
openvas
Debian Security Advisory DSA 4024-1 (chromium-browser - security update)
2017-11-08 00:00:00
Google Chrome Security Updates(stable-channel-update-for-desktop-2017-11)-Windows
2017-11-07 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2017:2953-1)
2017-11-09 00:00:00
kaspersky
kaspersky
KLA11132 Multiple vulnerabilities in Google Chrome
2017-11-07 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2017-11-06 00:00:00
suse
suse
Security update for chromium (important)
2017-11-08 15:07:55
Security update for chromium (important)
2017-12-08 12:15:59
redhat
redhat
(RHSA-2017:3151) Critical: chromium-browser security update
2017-11-07 20:49:03
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2017-11-10 00:00:00
cve
cve
CVE-2017-15399
2018-08-28 20:29:00
CVE-2017-15398
2018-08-28 20:29:00
ubuntucve
ubuntucve
CVE-2017-15398
2018-08-28 00:00:00
CVE-2017-15399
2018-08-28 00:00:00
prion
prion
Design/Logic Flaw
2018-08-28 20:29:00
Stack overflow
2018-08-28 20:29:00
redhatcve
redhatcve
CVE-2017-15398
2017-11-07 12:19:31
CVE-2017-15399
2017-11-07 12:20:22
debiancve
debiancve
CVE-2017-15398
2018-08-28 20:29:00
CVE-2017-15399
2018-08-28 20:29:00
fedora
fedora
[SECURITY] Fedora 27 Update: chromium-62.0.3202.89-1.fc27
2017-11-15 18:00:09
[SECURITY] Fedora 26 Update: chromium-63.0.3239.108-1.fc26
2018-01-01 22:22:45
mageia
mageia
Updated chromium-browser-stable packages fix security issues
2017-11-27 00:18:31

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.116 Low

EPSS

Percentile

95.2%

JSON
Related for ASA-201711-12
nessus13osv1chrome1debian2openvas10kaspersky1freebsd1suse2redhat1gentoo1cve2ubuntucve2prion2redhatcve2debiancve2fedora2mageia1