Lucene search

K
archlinuxArchLinuxASA-201712-5
HistoryDec 07, 2017 - 12:00 a.m.

[ASA-201712-5] chromium: multiple issues

2017-12-0700:00:00
security.archlinux.org
14

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.6%

Arch Linux Security Advisory ASA-201712-5

Severity: Critical
Date : 2017-12-07
CVE-ID : CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410
CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415
CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419
CVE-2017-15420 CVE-2017-15422 CVE-2017-15423 CVE-2017-15424
CVE-2017-15425 CVE-2017-15426 CVE-2017-15427
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-544

Summary

The package chromium before version 63.0.3239.84-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing,
information disclosure and access restriction bypass.

Resolution

Upgrade to 63.0.3239.84-1.

pacman -Syu β€œchromium>=63.0.3239.84-1”

The problems have been fixed upstream in version 63.0.3239.84.

Workaround

None.

Description

  • CVE-2017-15407 (arbitrary code execution)

An out of bounds write has been found in the QUIC component of the
Chromium browser before 63.0.3239.84.

  • CVE-2017-15408 (arbitrary code execution)

A heap-based buffer overflow has been found in the PDFium component of
the Chromium browser before 63.0.3239.84.

  • CVE-2017-15409 (arbitrary code execution)

An out of bounds write has been found in the Skia component of the
Chromium browser before 63.0.3239.84.

  • CVE-2017-15410 (arbitrary code execution)

A use after free has been found in the PDFium component of the Chromium
browser before 63.0.3239.84.

  • CVE-2017-15411 (arbitrary code execution)

A use after free has been found in the PDFium component of the Chromium
browser before 63.0.3239.84.

  • CVE-2017-15412 (arbitrary code execution)

A use after free has been found in the libxml component of the Chromium
browser before 63.0.3239.84.

  • CVE-2017-15413 (arbitrary code execution)

A type confusion has been found in the WebAssembly component of the
Chromium browser before 63.0.3239.84.

  • CVE-2017-15415 (information disclosure)

A pointer information disclosure has been found in the IPC call
component of the Chromium browser before 63.0.3239.84.

  • CVE-2017-15416 (information disclosure)

An out of bounds read has been found in the Blink component of the
Chromium browser before 63.0.3239.84.

  • CVE-2017-15417 (information disclosure)

A cross-origin information disclosure has been found in the Skia
component of the Chromium browser before 63.0.3239.84.

  • CVE-2017-15418 (information disclosure)

A use of uninitialized value has been found in the Skia component of
the Chromium browser before 63.0.3239.84.

  • CVE-2017-15419 (information disclosure)

A cross-origin leak of redirect URL has been found in the Blink
component of the Chromium browser before 63.0.3239.84.

  • CVE-2017-15420 (content spoofing)

A URL spoofing issue has been found in the Omnibox component of the
Chromium browser before 63.0.3239.84.

  • CVE-2017-15422 (arbitrary code execution)

An integer overflow has been found in the ICU component of the Chromium
browser before 63.0.3239.84.

  • CVE-2017-15423 (information disclosure)

An information disclosure issue has been found in the SPAKE
implementation of the BoringSSL component of the Chromium browser
before 63.0.3239.84.

  • CVE-2017-15424 (content spoofing)

A URL spoofing issue has been found in the Omnibox component of the
Chromium browser before 63.0.3239.84.

  • CVE-2017-15425 (content spoofing)

A URL spoofing issue has been found in the Omnibox component of the
Chromium browser before 63.0.3239.84.

  • CVE-2017-15426 (content spoofing)

A URL spoofing issue has been found in the Omnibox component of the
Chromium browser before 63.0.3239.84.

  • CVE-2017-15427 (access restriction bypass)

An insufficient blocking of Javascript issue has been found in the
Omnibox component of the Chromium browser before 63.0.3239.84.

Impact

A remote attacker can execute arbitrary code on the affected host,
spoof the URL, access sensitive information and bypass security
measures.

References

https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
https://crbug.com/778505
https://crbug.com/762374
https://crbug.com/763972
https://crbug.com/765921
https://crbug.com/770148
https://crbug.com/727039
https://crbug.com/766666
https://crbug.com/765512
https://crbug.com/779314
https://crbug.com/699028
https://crbug.com/765858
https://crbug.com/780312
https://crbug.com/777419
https://crbug.com/774382
https://github.com/google/boringssl/commit/696c13bd6ab78011adfe7b775519c8b7cc82b604
https://crbug.com/778101
https://crbug.com/756226
https://crbug.com/756456
https://crbug.com/756735
https://crbug.com/768910
https://security.archlinux.org/CVE-2017-15407
https://security.archlinux.org/CVE-2017-15408
https://security.archlinux.org/CVE-2017-15409
https://security.archlinux.org/CVE-2017-15410
https://security.archlinux.org/CVE-2017-15411
https://security.archlinux.org/CVE-2017-15412
https://security.archlinux.org/CVE-2017-15413
https://security.archlinux.org/CVE-2017-15415
https://security.archlinux.org/CVE-2017-15416
https://security.archlinux.org/CVE-2017-15417
https://security.archlinux.org/CVE-2017-15418
https://security.archlinux.org/CVE-2017-15419
https://security.archlinux.org/CVE-2017-15420
https://security.archlinux.org/CVE-2017-15422
https://security.archlinux.org/CVE-2017-15423
https://security.archlinux.org/CVE-2017-15424
https://security.archlinux.org/CVE-2017-15425
https://security.archlinux.org/CVE-2017-15426
https://security.archlinux.org/CVE-2017-15427

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanychromium<Β 63.0.3239.84-1UNKNOWN

References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.6%