ID CVE-2016-1613 Type cve Reporter NVD Modified 2016-12-07T13:32:56
Description
Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.
{"references": ["http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html", "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html", "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html", "https://codereview.chromium.org/1564773003", "https://security.gentoo.org/glsa/201603-09", "https://pdfium.googlesource.com/pdfium/+/dcac57bc8b64fdc870d79d11a498ae7021cf8ae7", "https://code.google.com/p/chromium/issues/detail?id=572871", "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html", "http://www.securityfocus.com/bid/81430", "http://rhn.redhat.com/errata/RHSA-2016-0072.html", "http://www.debian.org/security/2016/dsa-3456", "http://www.securitytracker.com/id/1034801"], "modified": "2016-12-07T13:32:56", "assessment": {"href": "", "system": "", "name": ""}, "cvelist": ["CVE-2016-1613"], "objectVersion": "1.2", "history": [], "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "id": "CVE-2016-1613", "viewCount": 5, "edition": 1, "scanner": [], "reporter": "NVD", "published": "2016-01-25T06:59:01", "lastseen": "2016-12-08T10:01:24", "hashmap": [{"key": "assessment", "hash": "65d5a89e1c9e4fd39cccde5dde742638"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "8e6fb0fbcc9e71f6fd4fb8f4b7efce22"}, {"key": "cvelist", "hash": "845fef42ea440021864fb64486dc6bab"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "0d4c66b7f0acbed5380cccdf0474c468"}, {"key": "href", "hash": "abf8a3554ee4c5cc64fd7eb1521dddd0"}, {"key": "modified", "hash": "ebb61f885552c0012d5e1d98d9fc2c1b"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "959cbdbcbdcf92e2d42d5cf069c67348"}, {"key": "references", "hash": "e9b65e724a66d9bb178e35ac69d91c46"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "370f9cc9ce4ad75bc84a7b4d3c35741e"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "cpe": ["cpe:/a:google:chrome:47.0.2526.106"], "hash": "e9a75c2f8bddad658776a539a912efff541561b7811c4b1f6dd660e17a9c7218", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1613", "bulletinFamily": "NVD", "description": "Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.", "title": "CVE-2016-1613", "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2016-12-08T10:01:24"}, "vulnersScore": 6.8}}
{"freebsd": [{"lastseen": "2018-08-31T01:14:25", "references": ["http://googlechromereleases.blogspot.de/2016/01/stable-channel-update_20.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "48.0.2564.82", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "chromium-pulse", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "48.0.2564.82", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "chromium-npapi", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "48.0.2564.82", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "chromium", "operator": "lt"}], "description": "\nGoogle Chrome Releases reports:\n\nThis update includes 37 security fixes, including:\n\n[497632] High CVE-2016-1612: Bad cast in V8.\n[572871] High CVE-2016-1613: Use-after-free in PDFium.\n[544691] Medium CVE-2016-1614: Information leak in Blink.\n[468179] Medium CVE-2016-1615: Origin confusion in Omnibox.\n[541415] Medium CVE-2016-1616: URL Spoofing.\n[544765] Medium CVE-2016-1617: History sniffing with HSTS and\n\t CSP.\n[552749] Medium CVE-2016-1618: Weak random number generator in\n\t Blink.\n[557223] Medium CVE-2016-1619: Out-of-bounds read in\n\t PDFium.\n[579625] CVE-2016-1620: Various fixes from internal audits,\n\t fuzzing and other initiatives.\nMultiple vulnerabilities in V8 fixed at the tip of the 4.8\n\t branch.\n\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2016-01-20T00:00:00", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2016-01-20T00:00:00", "id": "371BBEA9-3836-4832-9E70-E8E928727F8C", "href": "https://vuxml.freebsd.org/freebsd/371bbea9-3836-4832-9e70-e8e928727f8c.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:40:22", "references": ["http://www.nessus.org/u?7f4ae8d4"], "pluginID": "88089", "description": "The version of Google Chrome installed on the remote Mac OS X host is prior to 48.0.2564.82. It is, therefore, affected by multiple vulnerabilities :\n\n - A unspecified vulnerability exists in Google V8 when handling compatible receiver checks hidden behind receptors. An attacker can exploit this to have an unspecified impact. No other details are available.\n (CVE-2016-1612)\n\n - A user-after-free error exists in PDFium due to improper invalidation of IPWL_FocusHandler and IPWL_Provider upon destruction. An attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-1613)\n\n - An unspecified vulnerability exists in Blink that is related to the handling of bitmaps. An attacker can exploit this to access sensitive information. No other details are available. (CVE-2016-1614)\n\n - An unspecified vulnerability exists in omnibox that is related to origin confusion. An attacker can exploit this to have an unspecified impact. No other details are available. (CVE-2016-1615)\n\n - An unspecified vulnerability exists that allows an attacker to spoof a displayed URL. No other details are available. (CVE-2016-1616)\n\n - An unspecified vulnerability exists that is related to history sniffing with HSTS and CSP. No other details are available. (CVE-2016-1617)\n\n - A flaw exists in Blink due to the weak generation of random numbers by the ARC4-based random number generator. An attacker can exploit this to gain access to sensitive information. No other details are available. (CVE-2016-1618)\n\n - A out-of-bounds read error exists in PDFium in file fx_codec_jpx_opj.cpp in the sycc4{22,44}_to_rgb() functions. An attacker can exploit this to cause a denial of service by crashing the application linked using the library. (CVE-2016-1619)\n\n - Multiple vulnerabilities exist, the most serious of which allow an attacker to execute arbitrary code via a crafted web page. (CVE-2016-1620)", "edition": 5, "reporter": "Tenable", "published": "2016-01-22T00:00:00", "title": "Google Chrome < 48.0.2564.82 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_48_0_2564_82.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88089", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88089);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2016-1612\",\n \"CVE-2016-1613\",\n \"CVE-2016-1614\",\n \"CVE-2016-1615\",\n \"CVE-2016-1616\",\n \"CVE-2016-1617\",\n \"CVE-2016-1618\",\n \"CVE-2016-1619\",\n \"CVE-2016-1620\"\n );\n\n script_name(english:\"Google Chrome < 48.0.2564.82 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 48.0.2564.82. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A unspecified vulnerability exists in Google V8 when\n handling compatible receiver checks hidden behind\n receptors. An attacker can exploit this to have an\n unspecified impact. No other details are available.\n (CVE-2016-1612)\n\n - A user-after-free error exists in PDFium due to improper\n invalidation of IPWL_FocusHandler and IPWL_Provider upon\n destruction. An attacker can exploit this to deference\n already freed memory, resulting in the execution of\n arbitrary code. (CVE-2016-1613)\n\n - An unspecified vulnerability exists in Blink that is\n related to the handling of bitmaps. An attacker can\n exploit this to access sensitive information. No other\n details are available. (CVE-2016-1614)\n\n - An unspecified vulnerability exists in omnibox that is\n related to origin confusion. An attacker can exploit\n this to have an unspecified impact. No other details are\n available. (CVE-2016-1615)\n\n - An unspecified vulnerability exists that allows an\n attacker to spoof a displayed URL. No other details are\n available. (CVE-2016-1616)\n\n - An unspecified vulnerability exists that is related to\n history sniffing with HSTS and CSP. No other details\n are available. (CVE-2016-1617)\n\n - A flaw exists in Blink due to the weak generation of\n random numbers by the ARC4-based random number\n generator. An attacker can exploit this to gain\n access to sensitive information. No other details are\n available. (CVE-2016-1618)\n\n - A out-of-bounds read error exists in PDFium in file\n fx_codec_jpx_opj.cpp in the sycc4{22,44}_to_rgb()\n functions. An attacker can exploit this to cause a\n denial of service by crashing the application linked\n using the library. (CVE-2016-1619)\n\n - Multiple vulnerabilities exist, the most serious of\n which allow an attacker to execute arbitrary code via a\n crafted web page. (CVE-2016-1620)\");\n # http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html\n script_set_attribute(attribute:\"see_also\",value:\"http://www.nessus.org/u?7f4ae8d4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 48.0.2564.82 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'48.0.2564.82', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:41:28", "references": ["http://www.nessus.org/u?be197a18", "http://www.nessus.org/u?5e8b52d0"], "pluginID": "88067", "description": "Google Chrome Releases reports :\n\nThis update includes 37 security fixes, including :\n\n- [497632] High CVE-2016-1612: Bad cast in V8.\n\n- [572871] High CVE-2016-1613: Use-after-free in PDFium.\n\n- [544691] Medium CVE-2016-1614: Information leak in Blink.\n\n- [468179] Medium CVE-2016-1615: Origin confusion in Omnibox.\n\n- [541415] Medium CVE-2016-1616: URL Spoofing.\n\n- [544765] Medium CVE-2016-1617: History sniffing with HSTS and CSP.\n\n- [552749] Medium CVE-2016-1618: Weak random number generator in Blink.\n\n- [557223] Medium CVE-2016-1619: Out-of-bounds read in PDFium.\n\n- [579625] CVE-2016-1620: Various fixes from internal audits, fuzzing and other initiatives.\n\n- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch.", "edition": 5, "reporter": "Tenable", "published": "2016-01-22T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (371bbea9-3836-4832-9e70-e8e928727f8c)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2016-10-19T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium-npapi", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium-pulse", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_371BBEA9383648329E70E8E928727F8C.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88067", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2016 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88067);\n script_version(\"$Revision: 2.6 $\");\n script_cvs_date(\"$Date: 2016/10/19 14:02:54 $\");\n\n script_cve_id(\"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\", \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\", \"CVE-2016-1620\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (371bbea9-3836-4832-9e70-e8e928727f8c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\nThis update includes 37 security fixes, including :\n\n- [497632] High CVE-2016-1612: Bad cast in V8.\n\n- [572871] High CVE-2016-1613: Use-after-free in PDFium.\n\n- [544691] Medium CVE-2016-1614: Information leak in Blink.\n\n- [468179] Medium CVE-2016-1615: Origin confusion in Omnibox.\n\n- [541415] Medium CVE-2016-1616: URL Spoofing.\n\n- [544765] Medium CVE-2016-1617: History sniffing with HSTS and CSP.\n\n- [552749] Medium CVE-2016-1618: Weak random number generator in\nBlink.\n\n- [557223] Medium CVE-2016-1619: Out-of-bounds read in PDFium.\n\n- [579625] CVE-2016-1620: Various fixes from internal audits, fuzzing\nand other initiatives.\n\n- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch.\"\n );\n # http://googlechromereleases.blogspot.de/2016/01/stable-channel-update_20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be197a18\"\n );\n # http://www.freebsd.org/ports/portaudit/371bbea9-3836-4832-9e70-e8e928727f8c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e8b52d0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<48.0.2564.82\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<48.0.2564.82\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<48.0.2564.82\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:41:58", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=963186", "https://bugzilla.opensuse.org/show_bug.cgi?id=963185", "https://bugzilla.opensuse.org/show_bug.cgi?id=963188", "https://bugzilla.opensuse.org/show_bug.cgi?id=963187", "https://bugzilla.opensuse.org/show_bug.cgi?id=963189", "https://bugzilla.opensuse.org/show_bug.cgi?id=963191", "https://bugzilla.opensuse.org/show_bug.cgi?id=963192", "https://bugzilla.opensuse.org/show_bug.cgi?id=963190", "https://bugzilla.opensuse.org/show_bug.cgi?id=963184"], "pluginID": "88539", "description": "Chromium was updated to 48.0.2564.82 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2016-1612: Bad cast in V8 (boo#963184)\n\n - CVE-2016-1613: Use-after-free in PDFium (boo#963185)\n\n - CVE-2016-1614: Information leak in Blink (boo#963186)\n\n - CVE-2016-1615: Origin confusion in Omnibox (boo#963187)\n\n - CVE-2016-1616: URL Spoofing (boo#963188)\n\n - CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189)\n\n - CVE-2016-1618: Weak random number generator in Blink (boo#963190)\n\n - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)\n\n - CVE-2016-1620 chromium-browser: various fixes (boo#963192)\n\nThis update also enables SSE2 support on x86_64, VA-API hardware acceleration and fixes a crash when trying to enable the Chromecast extension.", "edition": 5, "reporter": "Tenable", "published": "2016-02-03T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2016-109)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2016-10-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2016-109.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88539", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-109.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88539);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:27 $\");\n\n script_cve_id(\"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\", \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\", \"CVE-2016-1620\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-109)\");\n script_summary(english:\"Check for the openSUSE-2016-109 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 48.0.2564.82 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2016-1612: Bad cast in V8 (boo#963184)\n\n - CVE-2016-1613: Use-after-free in PDFium (boo#963185)\n\n - CVE-2016-1614: Information leak in Blink (boo#963186)\n\n - CVE-2016-1615: Origin confusion in Omnibox (boo#963187)\n\n - CVE-2016-1616: URL Spoofing (boo#963188)\n\n - CVE-2016-1617: History sniffing with HSTS and CSP\n (boo#963189)\n\n - CVE-2016-1618: Weak random number generator in Blink\n (boo#963190)\n\n - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)\n\n - CVE-2016-1620 chromium-browser: various fixes\n (boo#963192)\n\nThis update also enables SSE2 support on x86_64, VA-API hardware\nacceleration and fixes a crash when trying to enable the Chromecast\nextension.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963192\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-48.0.2564.82-122.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-48.0.2564.82-122.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-48.0.2564.82-122.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-48.0.2564.82-122.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-48.0.2564.82-122.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-48.0.2564.82-122.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-48.0.2564.82-122.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-48.0.2564.82-122.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-48.0.2564.82-122.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:23", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=963186", "https://bugzilla.opensuse.org/show_bug.cgi?id=963185", "https://bugzilla.opensuse.org/show_bug.cgi?id=963188", "https://bugzilla.opensuse.org/show_bug.cgi?id=963187", "https://bugzilla.opensuse.org/show_bug.cgi?id=963189", "https://bugzilla.opensuse.org/show_bug.cgi?id=963191", "https://bugzilla.opensuse.org/show_bug.cgi?id=963192", "https://bugzilla.opensuse.org/show_bug.cgi?id=963190", "https://bugzilla.opensuse.org/show_bug.cgi?id=963184"], "pluginID": "88402", "description": "Chromium was updated to 48.0.2564.82 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2016-1612: Bad cast in V8 (boo#963184)\n\n - CVE-2016-1613: Use-after-free in PDFium (boo#963185)\n\n - CVE-2016-1614: Information leak in Blink (boo#963186)\n\n - CVE-2016-1615: Origin confusion in Omnibox (boo#963187)\n\n - CVE-2016-1616: URL Spoofing (boo#963188)\n\n - CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189)\n\n - CVE-2016-1618: Weak random number generator in Blink (boo#963190)\n\n - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)\n\n - CVE-2016-1620 chromium-browser: various fixes (boo#963192)\n\nThis update also enables SSE2 support on x86_64, VA-API hardware acceleration and fixes a crash when trying to enable the Chromecast extension.", "edition": 5, "reporter": "Tenable", "published": "2016-01-27T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2016-99)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2016-10-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2016-99.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88402", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-99.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88402);\n script_version(\"$Revision: 2.7 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:37:13 $\");\n\n script_cve_id(\"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\", \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\", \"CVE-2016-1620\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-99)\");\n script_summary(english:\"Check for the openSUSE-2016-99 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 48.0.2564.82 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2016-1612: Bad cast in V8 (boo#963184)\n\n - CVE-2016-1613: Use-after-free in PDFium (boo#963185)\n\n - CVE-2016-1614: Information leak in Blink (boo#963186)\n\n - CVE-2016-1615: Origin confusion in Omnibox (boo#963187)\n\n - CVE-2016-1616: URL Spoofing (boo#963188)\n\n - CVE-2016-1617: History sniffing with HSTS and CSP\n (boo#963189)\n\n - CVE-2016-1618: Weak random number generator in Blink\n (boo#963190)\n\n - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)\n\n - CVE-2016-1620 chromium-browser: various fixes\n (boo#963192)\n\nThis update also enables SSE2 support on x86_64, VA-API hardware\nacceleration and fixes a crash when trying to enable the Chromecast\nextension.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963192\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-48.0.2564.82-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-48.0.2564.82-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-48.0.2564.82-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-48.0.2564.82-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-48.0.2564.82-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-48.0.2564.82-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-48.0.2564.82-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-48.0.2564.82-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-48.0.2564.82-67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-48.0.2564.82-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-debuginfo-48.0.2564.82-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-48.0.2564.82-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-debuginfo-48.0.2564.82-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-debugsource-48.0.2564.82-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-gnome-48.0.2564.82-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-kde-48.0.2564.82-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-ffmpegsumo-48.0.2564.82-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-ffmpegsumo-debuginfo-48.0.2564.82-13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:09:57", "references": ["http://www.nessus.org/u?7f4ae8d4"], "pluginID": "88088", "description": "The version of Google Chrome installed on the remote Windows host is prior to 48.0.2564.82. It is, therefore, affected by multiple vulnerabilities :\n\n - A unspecified vulnerability exists in Google V8 when handling compatible receiver checks hidden behind receptors. An attacker can exploit this to have an unspecified impact. No other details are available.\n (CVE-2016-1612)\n\n - A user-after-free error exists in PDFium due to improper invalidation of IPWL_FocusHandler and IPWL_Provider upon destruction. An attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-1613)\n\n - An unspecified vulnerability exists in Blink that is related to the handling of bitmaps. An attacker can exploit this to access sensitive information. No other details are available. (CVE-2016-1614)\n\n - An unspecified vulnerability exists in omnibox that is related to origin confusion. An attacker can exploit this to have an unspecified impact. No other details are available. (CVE-2016-1615)\n\n - An unspecified vulnerability exists that allows an attacker to spoof a displayed URL. No other details are available. (CVE-2016-1616)\n\n - An unspecified vulnerability exists that is related to history sniffing with HSTS and CSP. No other details are available. (CVE-2016-1617)\n\n - A flaw exists in Blink due to the weak generation of random numbers by the ARC4-based random number generator. An attacker can exploit this to gain access to sensitive information. No other details are available. (CVE-2016-1618)\n\n - A out-of-bounds read error exists in PDFium in file fx_codec_jpx_opj.cpp in the sycc4{22,44}_to_rgb() functions. An attacker can exploit this to cause a denial of service by crashing the application linked using the library. (CVE-2016-1619)\n\n - Multiple vulnerabilities exist, the most serious of which allow an attacker to execute arbitrary code via a crafted web page. (CVE-2016-1620)", "edition": 5, "reporter": "Tenable", "published": "2016-01-22T00:00:00", "title": "Google Chrome < 48.0.2564.82 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_48_0_2564_82.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88088", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88088);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\n \"CVE-2016-1612\",\n \"CVE-2016-1613\",\n \"CVE-2016-1614\",\n \"CVE-2016-1615\",\n \"CVE-2016-1616\",\n \"CVE-2016-1617\",\n \"CVE-2016-1618\",\n \"CVE-2016-1619\",\n \"CVE-2016-1620\"\n );\n\n script_name(english:\"Google Chrome < 48.0.2564.82 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 48.0.2564.82. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A unspecified vulnerability exists in Google V8 when\n handling compatible receiver checks hidden behind\n receptors. An attacker can exploit this to have an\n unspecified impact. No other details are available.\n (CVE-2016-1612)\n\n - A user-after-free error exists in PDFium due to improper\n invalidation of IPWL_FocusHandler and IPWL_Provider upon\n destruction. An attacker can exploit this to deference\n already freed memory, resulting in the execution of\n arbitrary code. (CVE-2016-1613)\n\n - An unspecified vulnerability exists in Blink that is\n related to the handling of bitmaps. An attacker can\n exploit this to access sensitive information. No other\n details are available. (CVE-2016-1614)\n\n - An unspecified vulnerability exists in omnibox that is\n related to origin confusion. An attacker can exploit\n this to have an unspecified impact. No other details are\n available. (CVE-2016-1615)\n\n - An unspecified vulnerability exists that allows an\n attacker to spoof a displayed URL. No other details are\n available. (CVE-2016-1616)\n\n - An unspecified vulnerability exists that is related to\n history sniffing with HSTS and CSP. No other details\n are available. (CVE-2016-1617)\n\n - A flaw exists in Blink due to the weak generation of\n random numbers by the ARC4-based random number\n generator. An attacker can exploit this to gain\n access to sensitive information. No other details are\n available. (CVE-2016-1618)\n\n - A out-of-bounds read error exists in PDFium in file\n fx_codec_jpx_opj.cpp in the sycc4{22,44}_to_rgb()\n functions. An attacker can exploit this to cause a\n denial of service by crashing the application linked\n using the library. (CVE-2016-1619)\n\n - Multiple vulnerabilities exist, the most serious of\n which allow an attacker to execute arbitrary code via a\n crafted web page. (CVE-2016-1620)\");\n # http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html\n script_set_attribute(attribute:\"see_also\",value:\"http://www.nessus.org/u?7f4ae8d4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 48.0.2564.82 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'48.0.2564.82', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:42:56", "references": ["https://security-tracker.debian.org/tracker/CVE-2016-1616", "https://security-tracker.debian.org/tracker/CVE-2016-1612", "https://security-tracker.debian.org/tracker/CVE-2016-1614", "https://security-tracker.debian.org/tracker/CVE-2016-1613", "https://security-tracker.debian.org/tracker/CVE-2016-1619", "https://security-tracker.debian.org/tracker/CVE-2016-1617", "https://security-tracker.debian.org/tracker/CVE-2016-1615", "https://security-tracker.debian.org/tracker/CVE-2016-1618", "https://security-tracker.debian.org/tracker/CVE-2016-1620", "http://www.debian.org/security/2016/dsa-3456", "https://packages.debian.org/source/jessie/chromium-browser", "https://security-tracker.debian.org/tracker/CVE-2015-6792"], "pluginID": "88425", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2015-6792 An issue was found in the handling of MIDI files.\n\n - CVE-2016-1612 cloudfuzzer discovered a logic error related to receiver compatibility in the v8 JavaScript library.\n\n - CVE-2016-1613 A use-after-free issue was discovered in the pdfium library.\n\n - CVE-2016-1614 Christoph Diehl discovered an information leak in Webkit/Blink.\n\n - CVE-2016-1615 Ron Masas discovered a way to spoof URLs.\n\n - CVE-2016-1616 Luan Herrera discovered a way to spoof URLs.\n\n - CVE-2016-1617 jenuis discovered a way to discover whether an HSTS website had been visited.\n\n - CVE-2016-1618 Aaron Toponce discovered the use of weak random number generator.\n\n - CVE-2016-1619 Keve Nagy discovered an out-of-bounds-read issue in the pdfium library.\n\n - CVE-2016-1620 The chrome 48 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 JavaScript library, version 4.7.271.17.", "edition": 7, "reporter": "Tenable", "published": "2016-01-28T00:00:00", "title": "Debian DSA-3456-1 : chromium-browser - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2015-6792", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2018-07-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:chromium-browser"], "id": "DEBIAN_DSA-3456.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88425", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3456. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88425);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/10 14:27:31\");\n\n script_cve_id(\"CVE-2015-6792\", \"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\", \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\", \"CVE-2016-1620\");\n script_xref(name:\"DSA\", value:\"3456\");\n\n script_name(english:\"Debian DSA-3456-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2015-6792\n An issue was found in the handling of MIDI files.\n\n - CVE-2016-1612\n cloudfuzzer discovered a logic error related to receiver\n compatibility in the v8 JavaScript library.\n\n - CVE-2016-1613\n A use-after-free issue was discovered in the pdfium\n library.\n\n - CVE-2016-1614\n Christoph Diehl discovered an information leak in\n Webkit/Blink.\n\n - CVE-2016-1615\n Ron Masas discovered a way to spoof URLs.\n\n - CVE-2016-1616\n Luan Herrera discovered a way to spoof URLs.\n\n - CVE-2016-1617\n jenuis discovered a way to discover whether an HSTS\n website had been visited.\n\n - CVE-2016-1618\n Aaron Toponce discovered the use of weak random number\n generator.\n\n - CVE-2016-1619\n Keve Nagy discovered an out-of-bounds-read issue in the\n pdfium library.\n\n - CVE-2016-1620\n The chrome 48 development team found and fixed various\n issues during internal auditing. Also multiple issues\n were fixed in the v8 JavaScript library, version\n 4.7.271.17.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-6792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2016/dsa-3456\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 48.0.2564.82-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"chromedriver\", reference:\"48.0.2564.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium\", reference:\"48.0.2564.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-dbg\", reference:\"48.0.2564.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-inspector\", reference:\"48.0.2564.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-l10n\", reference:\"48.0.2564.82-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-07T05:40:04", "references": ["https://www.redhat.com/security/data/cve/CVE-2016-1616.html", "https://www.redhat.com/security/data/cve/CVE-2016-2052.html", "https://www.redhat.com/security/data/cve/CVE-2016-1619.html", "https://www.redhat.com/security/data/cve/CVE-2016-1615.html", "https://www.redhat.com/security/data/cve/CVE-2016-1612.html", "https://www.redhat.com/security/data/cve/CVE-2015-8947.html", "https://www.redhat.com/security/data/cve/CVE-2016-1620.html", "https://www.redhat.com/security/data/cve/CVE-2016-1614.html", "https://www.redhat.com/security/data/cve/CVE-2016-1613.html", "https://www.redhat.com/security/data/cve/CVE-2016-1617.html", "https://www.redhat.com/security/data/cve/CVE-2016-1618.html", "http://googlechromereleases.blogspot.com/2016/01/", "http://rhn.redhat.com/errata/RHSA-2016-0072.html", "https://www.redhat.com/security/data/cve/CVE-2016-2051.html"], "pluginID": "88447", "description": "Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615, CVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620, CVE-2016-2051, CVE-2016-2052)\n\nAll Chromium users should upgrade to these updated packages, which contain Chromium version 48.0.2564.82, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "edition": 9, "reporter": "Tenable", "published": "2016-01-28T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2016:0072)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-2051", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-2052", "CVE-2015-8947", "CVE-2016-1614"], "modified": "2018-09-06T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "cpe:/o:redhat:enterprise_linux:6.7", "p-cpe:/a:redhat:enterprise_linux:chromium-browser", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-0072.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88447", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0072. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88447);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/09/06 11:58:20\");\n\n script_cve_id(\"CVE-2015-8947\", \"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\", \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\", \"CVE-2016-1620\", \"CVE-2016-2051\", \"CVE-2016-2052\");\n script_xref(name:\"RHSA\", value:\"2016:0072\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2016:0072)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash,\nexecute arbitrary code, or disclose sensitive information when visited\nby the victim. (CVE-2016-1612, CVE-2016-1613, CVE-2016-1614,\nCVE-2016-1615, CVE-2016-1616, CVE-2016-1617, CVE-2016-1618,\nCVE-2016-1619, CVE-2016-1620, CVE-2016-2051, CVE-2016-2052)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 48.0.2564.82, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://googlechromereleases.blogspot.com/2016/01/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2016-0072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-8947.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-1612.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-1613.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-1614.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-1615.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-1616.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-1617.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-1618.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-1619.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-1620.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-2051.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-2052.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0072\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-48.0.2564.82-1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-48.0.2564.82-1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-48.0.2564.82-1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-48.0.2564.82-1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:46:26", "references": ["https://security.gentoo.org/glsa/201603-09"], "pluginID": "89902", "description": "The remote host is affected by the vulnerability described in GLSA-201603-09 (Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "reporter": "Tenable", "published": "2016-03-14T00:00:00", "title": "GLSA-201603-09 : Chromium: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6776", "CVE-2016-1628", "CVE-2016-1634", "CVE-2015-6775", "CVE-2016-1638", "CVE-2015-6789", "CVE-2015-6766", "CVE-2015-6762", "CVE-2015-8126", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-6764", "CVE-2016-1612", "CVE-2015-6770", "CVE-2015-6760", "CVE-2015-6781", "CVE-2015-1291", "CVE-2016-1615", "CVE-2015-1275", "CVE-2016-1626", "CVE-2016-1618", "CVE-2015-1297", "CVE-2015-1286", "CVE-2016-1613", "CVE-2015-1298", "CVE-2015-1295", "CVE-2015-6771", "CVE-2015-1289", "CVE-2015-1296", "CVE-2015-1270", "CVE-2015-6784", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1300", "CVE-2015-1287", "CVE-2016-1621", "CVE-2016-1631", "CVE-2015-6774", "CVE-2015-6778", "CVE-2016-1640", "CVE-2016-1632", "CVE-2015-1282", "CVE-2016-1622", "CVE-2015-6772", "CVE-2015-1285", "CVE-2016-1639", "CVE-2016-1616", "CVE-2015-1302", "CVE-2015-1293", "CVE-2015-6758", "CVE-2015-1303", "CVE-2015-1294", "CVE-2016-1635", "CVE-2015-1276", "CVE-2015-1278", "CVE-2016-1620", "CVE-2015-6767", "CVE-2015-6783", "CVE-2016-1636", "CVE-2015-6787", "CVE-2015-6792", "CVE-2015-1277", "CVE-2016-1627", "CVE-2015-6786", "CVE-2016-1641", "CVE-2016-1633", "CVE-2016-1624", "CVE-2016-1617", "CVE-2015-6791", "CVE-2016-1629", "CVE-2015-6780", "CVE-2015-6785", "CVE-2015-6790", "CVE-2016-1619", "CVE-2015-1271", "CVE-2015-1292", "CVE-2015-6779", "CVE-2015-6788", "CVE-2015-6759", "CVE-2015-1273", "CVE-2015-6756", "CVE-2015-6768", "CVE-2015-6763", "CVE-2016-1630", "CVE-2016-1637", "CVE-2015-6765", "CVE-2015-6755", "CVE-2015-6769", "CVE-2015-6773", "CVE-2015-1304", "CVE-2015-6777", "CVE-2015-1280", "CVE-2015-1299", "CVE-2015-6757", "CVE-2016-1623", "CVE-2015-6782", "CVE-2016-1625", "CVE-2015-1284", "CVE-2016-1614", "CVE-2015-6761"], "modified": "2016-10-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-201603-09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89902", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201603-09.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89902);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2016/10/10 14:25:16 $\");\n\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1275\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-1291\", \"CVE-2015-1292\", \"CVE-2015-1293\", \"CVE-2015-1294\", \"CVE-2015-1295\", \"CVE-2015-1296\", \"CVE-2015-1297\", \"CVE-2015-1298\", \"CVE-2015-1299\", \"CVE-2015-1300\", \"CVE-2015-1302\", \"CVE-2015-1303\", \"CVE-2015-1304\", \"CVE-2015-6755\", \"CVE-2015-6756\", \"CVE-2015-6757\", \"CVE-2015-6758\", \"CVE-2015-6759\", \"CVE-2015-6760\", \"CVE-2015-6761\", \"CVE-2015-6762\", \"CVE-2015-6763\", \"CVE-2015-6764\", \"CVE-2015-6765\", \"CVE-2015-6766\", \"CVE-2015-6767\", \"CVE-2015-6768\", \"CVE-2015-6769\", \"CVE-2015-6770\", \"CVE-2015-6771\", \"CVE-2015-6772\", \"CVE-2015-6773\", \"CVE-2015-6774\", \"CVE-2015-6775\", \"CVE-2015-6776\", \"CVE-2015-6777\", \"CVE-2015-6778\", \"CVE-2015-6779\", \"CVE-2015-6780\", \"CVE-2015-6781\", \"CVE-2015-6782\", \"CVE-2015-6783\", \"CVE-2015-6784\", \"CVE-2015-6785\", \"CVE-2015-6786\", \"CVE-2015-6787\", \"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\", \"CVE-2015-6792\", \"CVE-2015-8126\", \"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\", \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\", \"CVE-2016-1620\", \"CVE-2016-1621\", \"CVE-2016-1622\", \"CVE-2016-1623\", \"CVE-2016-1624\", \"CVE-2016-1625\", \"CVE-2016-1626\", \"CVE-2016-1627\", \"CVE-2016-1628\", \"CVE-2016-1629\", \"CVE-2016-1630\", \"CVE-2016-1631\", \"CVE-2016-1632\", \"CVE-2016-1633\", \"CVE-2016-1634\", \"CVE-2016-1635\", \"CVE-2016-1636\", \"CVE-2016-1637\", \"CVE-2016-1638\", \"CVE-2016-1639\", \"CVE-2016-1640\", \"CVE-2016-1641\");\n script_xref(name:\"GLSA\", value:\"201603-09\");\n\n script_name(english:\"GLSA-201603-09 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201603-09\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201603-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-49.0.2623.87'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 49.0.2623.87\"), vulnerable:make_list(\"lt 49.0.2623.87\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:35", "references": ["https://access.redhat.com/security/cve/CVE-2016-1615", "https://access.redhat.com/security/cve/CVE-2016-1618", "http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html", "https://access.redhat.com/security/cve/CVE-2016-1613", "https://access.redhat.com/security/cve/CVE-2016-1614", "https://access.redhat.com/security/cve/CVE-2016-1612", "https://access.redhat.com/security/cve/CVE-2016-1617", "https://access.redhat.com/security/cve/CVE-2016-1616", "https://access.redhat.com/security/cve/CVE-2016-1620", "https://access.redhat.com/security/cve/CVE-2016-1619"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "48.0.2564.82-1", "packageFilename": "UNKNOWN", "packageName": "chromium", "arch": "any", "operator": "lt"}], "edition": 1, "description": "- CVE-2016-1612:\n\nThe LoadIC::UpdateCaches function in ic/ic.cc in Google V8 does not\nensure receiver compatibility before performing a cast of an unspecified\nvariable, which allows remote attackers to cause a denial of service or\npossibly have unknown other impact via crafted JavaScript code. Credit\nto cloudfuzzer.\n\n- CVE-2016-1613:\n\nMultiple use-after-free vulnerabilities in the formfiller implementation\nin PDFium allow remote attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted PDF document,\nrelated to improper tracking of the destruction of (1) IPWL_FocusHandler\nand (2) IPWL_Provider objects.\n\n- CVE-2016-1614:\n\nThe UnacceleratedImageBufferSurface class in\nWebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in\nBlink mishandles the initialization mode, which allows remote attackers\nto obtain sensitive information from process memory via a crafted web\nsite. Credit to Christoph Diehl.\n\n- CVE-2016-1615:\n\nThe Omnibox implementation allows remote attackers to spoof a document's\norigin via unspecified vectors. Credit to Ron Masas.\n\n- CVE-2016-1616:\n\nThe CustomButton::AcceleratorPressed function in\nui/views/controls/button/custom_button.cc allows remote attackers to\nspoof URLs via vectors involving an unfocused custom button. Credit to\nLuan Herrera.\n\n- CVE-2016-1617:\n\nThe CSPSource::schemeMatches function in\nWebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security\nPolicy (CSP) implementation in Blink does not apply http policies to\nhttps URLs and does not apply ws policies to wss URLs, which makes it\neasier for remote attackers to determine whether a specific HSTS web\nsite has been visited by reading a CSP report. Credit to Yan Zhu.\n\n- CVE-2016-1618:\n\nBlink does not ensure that a proper cryptographicallyRandomValues random\nnumber generator is used, which makes it easier for remote attackers to\ndefeat cryptographic protection mechanisms via unspecified vectors.\nCredit to Aaron Toponce.\n\n- CVE-2016-1619:\n\nMultiple integer overflows in the sycc422_to_rgb and sycc444_to_rgb\nfunctions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium allow remote\nattackers to cause a denial of service (out-of-bounds read) or possibly\nhave unspecified other impact via a crafted PDF document. Credit to Keve\nNagy.\n\n- CVE-2016-1620:\n\nVarious fixes from internal audits, fuzzing and other initiatives.", "reporter": "Arch Linux", "published": "2016-01-25T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "chromium: multiple issues", "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2016-01-25T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html", "id": "ASA-201601-28", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:48:02", "references": ["2016:0250_1"], "pluginID": "1361412562310851169", "description": "Check the version of Chromium", "edition": 5, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-01-27T00:00:00", "title": "SuSE Update for Chromium openSUSE-SU-2016:0250-1 (Chromium)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:1361412562310851169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851169", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_0250_1.nasl 8047 2017-12-08 08:56:07Z santu $\n#\n# SuSE Update for Chromium openSUSE-SU-2016:0250-1 (Chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851169\");\n script_version(\"$Revision: 8047 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:56:07 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-27 05:13:13 +0100 (Wed, 27 Jan 2016)\");\n script_cve_id(\"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\",\n \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\",\n \"CVE-2016-1620\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Chromium openSUSE-SU-2016:0250-1 (Chromium)\");\n script_tag(name: \"summary\", value: \"Check the version of Chromium\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n Chromium was updated to 48.0.2564.82 to fix security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-1612: Bad cast in V8 (boo#963184)\n - CVE-2016-1613: Use-after-free in PDFium (boo#963185)\n - CVE-2016-1614: Information leak in Blink (boo#963186)\n - CVE-2016-1615: Origin confusion in Omnibox (boo#963187)\n - CVE-2016-1616: URL Spoofing (boo#963188)\n - CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189)\n - CVE-2016-1618: Weak random number generator in Blink (boo#963190)\n - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)\n - CVE-2016-1620 chromium-browser: various fixes (boo#963192)\n\n This update also enables SSE2 support on x86_64, VA-API hardware\n acceleration and fixes a crash when trying to enable the Chromecast\n extension.\");\n script_tag(name: \"affected\", value: \"Chromium on openSUSE 13.2\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"openSUSE-SU\", value: \"2016:0250_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE13.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~48.0.2564.82~67.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~48.0.2564.82~67.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~48.0.2564.82~67.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~48.0.2564.82~67.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~48.0.2564.82~67.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~48.0.2564.82~67.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~48.0.2564.82~67.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~48.0.2564.82~67.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~48.0.2564.82~67.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:30", "references": ["2016:0271_1"], "pluginID": "1361412562310851172", "description": "Check the version of Chromium", "edition": 5, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-01-28T00:00:00", "title": "SuSE Update for Chromium openSUSE-SU-2016:0271-1 (Chromium)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:1361412562310851172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851172", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_0271_1.nasl 8047 2017-12-08 08:56:07Z santu $\n#\n# SuSE Update for Chromium openSUSE-SU-2016:0271-1 (Chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851172\");\n script_version(\"$Revision: 8047 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:56:07 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-28 06:33:45 +0100 (Thu, 28 Jan 2016)\");\n script_cve_id(\"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\",\n \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\",\n \"CVE-2016-1620\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Chromium openSUSE-SU-2016:0271-1 (Chromium)\");\n script_tag(name: \"summary\", value: \"Check the version of Chromium\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n Chromium was updated to 48.0.2564.82 to fix security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-1612: Bad cast in V8 (boo#963184)\n - CVE-2016-1613: Use-after-free in PDFium (boo#963185)\n - CVE-2016-1614: Information leak in Blink (boo#963186)\n - CVE-2016-1615: Origin confusion in Omnibox (boo#963187)\n - CVE-2016-1616: URL Spoofing (boo#963188)\n - CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189)\n - CVE-2016-1618: Weak random number generator in Blink (boo#963190)\n - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)\n - CVE-2016-1620 chromium-browser: various fixes (boo#963192)\n\n This update also enables SSE2 support on x86_64, VA-API hardware\n acceleration and fixes a crash when trying to enable the Chromecast\n extension.\");\n script_tag(name: \"affected\", value: \"Chromium on openSUSE 13.1\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"openSUSE-SU\", value: \"2016:0271_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~48.0.2564.82~122.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~48.0.2564.82~122.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~48.0.2564.82~122.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~48.0.2564.82~122.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~48.0.2564.82~122.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~48.0.2564.82~122.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~48.0.2564.82~122.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~48.0.2564.82~122.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~48.0.2564.82~122.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:46:05", "references": ["https://advisories.mageia.org/MGASA-2016-0042.html"], "pluginID": "1361412562310131200", "description": "Mageia Linux Local Security Checks mgasa-2016-0042", "edition": 4, "reporter": "Eero Volotinen", "published": "2016-02-02T00:00:00", "title": "Mageia Linux Local Check: mgasa-2016-0042", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Mageia Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310131200", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131200", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Mageia Linux security check \n# $Id: mgasa-2016-0042.nasl 6562 2017-07-06 12:22:42Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.131200\");\nscript_version(\"$Revision: 6562 $\");\nscript_tag(name:\"creation_date\", value:\"2016-02-02 07:44:17 +0200 (Tue, 02 Feb 2016)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 14:22:42 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Mageia Linux Local Check: mgasa-2016-0042\");\nscript_tag(name: \"insight\", value: \"The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code. (CVE-2016-1612) Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects. (CVE-2016-1613) The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. (CVE-2016-1614) The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors. (CVE-2016-1615) The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. (CVE-2016-1616) The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. (CVE-2016-1617) Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. (CVE-2016-1618) Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. (CVE-2016-1619) Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2016-1620) The included V8 version 4.8.271.17 fixes multiple vulnerabilities.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://advisories.mageia.org/MGASA-2016-0042.html\");\nscript_cve_id(\"CVE-2016-1612\",\"CVE-2016-1613\",\"CVE-2016-1614\",\"CVE-2016-1615\",\"CVE-2016-1616\",\"CVE-2016-1617\",\"CVE-2016-1618\",\"CVE-2016-1619\",\"CVE-2016-1620\");\nscript_tag(name:\"cvss_base\", value:\"9.3\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name : \"summary\", value : \"Mageia Linux Local Security Checks mgasa-2016-0042\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Mageia Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"chromium-browser-stable\", rpm:\"chromium-browser-stable~48.0.2564.97~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:45:52", "references": ["http://googlechromereleases.blogspot.in/2016/01/stable-channel-update_20.html"], "pluginID": "1361412562310806666", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-01-22T00:00:00", "title": "Google Chrome Multiple Vulnerabilities-02 Jan16 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-2051", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-2052", "CVE-2016-1614"], "modified": "2018-06-08T00:00:00", "id": "OPENVAS:1361412562310806666", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806666", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln02_jan16_win.nasl 10133 2018-06-08 11:13:34Z asteins $\n#\n# Google Chrome Multiple Vulnerabilities-02 Jan16 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806666\");\n script_version(\"$Revision: 10133 $\");\n script_cve_id(\"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\",\n \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\",\n \"CVE-2016-1620\", \"CVE-2016-2051\", \"CVE-2016-2052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-08 13:13:34 +0200 (Fri, 08 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-22 14:46:18 +0530 (Fri, 22 Jan 2016)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Jan16 (Windows)\");\n\n script_tag(name: \"summary\" , value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws exists due to,\n - Bad cast in V8.\n - Use-after-free error in PDFium.\n - Information leak error in Blink.\n - Origin confusion error in Omnibox.\n - URL Spoofing.\n - History sniffing with HSTS and CSP.\n - Weak random number generator in Blink.\n - Out-of-bounds read in PDFium.\n - Multiple Other Vulnerabilities.\n - Other Unspecified Vulnerabilities.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation would allow a remote\n attacker to conduct URL spoofing attacks, bypass certain security restrictions,\n gain access to sensitive information, cause a denial of service condition or\n possibly have unspecified other impact.\n\n Impact Level: Application\");\n\n script_tag(name: \"affected\" , value:\"Google Chrome versions prior to 48.0.2564.82\n on Windows.\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to Google Chrome version\n 48.0.2564.82 or later, For updates refer to http://www.google.com/chrome\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2016/01/stable-channel-update_20.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"48.0.2564.82\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 48.0.2564.82' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:11", "references": ["http://www.debian.org/security/2016/dsa-3456.html"], "pluginID": "703456", "description": "Several vulnerabilities were\ndiscovered in the chromium web browser.\n\nCVE-2015-6792\nAn issue was found in the handling of MIDI files.\n\nCVE-2016-1612\ncloudfuzzer discovered a logic error related to receiver\ncompatibility in the v8 javascript library.\n\nCVE-2016-1613\nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-1614\nChristoph Diehl discovered an information leak in Webkit/Blink.\n\nCVE-2016-1615\nRon Masas discovered a way to spoof URLs.\n\nCVE-2016-1616\nLuan Herrera discovered a way to spoof URLs.\n\nCVE-2016-1617\njenuis discovered a way to discover whether an HSTS web site had\nbeen visited.\n\nCVE-2016-1618\nAaron Toponce discovered the use of weak random number\ngenerator.\n\nCVE-2016-1619\nKeve Nagy discovered an out-of-bounds-read issue in the pdfium\nlibrary.\n\nCVE-2016-1620\nThe chrome 48 development team found and fixed various issues\nduring internal auditing. Also multiple issues were fixed in\nthe v8 javascript library, version 4.7.271.17.", "edition": 2, "reporter": "Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net", "published": "2016-01-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 3456-1 (chromium-browser - security update)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2015-6792", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703456", "id": "OPENVAS:703456", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3456.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3456-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703456);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-6792\", \"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\",\n \"CVE-2016-1615\", \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\",\n \"CVE-2016-1619\", \"CVE-2016-1620\");\n script_name(\"Debian Security Advisory DSA 3456-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-01-27 00:00:00 +0100 (Wed, 27 Jan 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3456.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 48.0.2564.82-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 48.0.2564.82-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were\ndiscovered in the chromium web browser.\n\nCVE-2015-6792\nAn issue was found in the handling of MIDI files.\n\nCVE-2016-1612\ncloudfuzzer discovered a logic error related to receiver\ncompatibility in the v8 javascript library.\n\nCVE-2016-1613\nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-1614\nChristoph Diehl discovered an information leak in Webkit/Blink.\n\nCVE-2016-1615\nRon Masas discovered a way to spoof URLs.\n\nCVE-2016-1616\nLuan Herrera discovered a way to spoof URLs.\n\nCVE-2016-1617\njenuis discovered a way to discover whether an HSTS web site had\nbeen visited.\n\nCVE-2016-1618\nAaron Toponce discovered the use of weak random number\ngenerator.\n\nCVE-2016-1619\nKeve Nagy discovered an out-of-bounds-read issue in the pdfium\nlibrary.\n\nCVE-2016-1620\nThe chrome 48 development team found and fixed various issues\nduring internal auditing. Also multiple issues were fixed in\nthe v8 javascript library, version 4.7.271.17.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"48.0.2564.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"48.0.2564.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"48.0.2564.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"48.0.2564.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"48.0.2564.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:46:16", "references": ["http://googlechromereleases.blogspot.in/2016/01/stable-channel-update_20.html"], "pluginID": "1361412562310806668", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-01-22T00:00:00", "title": "Google Chrome Multiple Vulnerabilities-02 Jan16 (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-2051", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-2052", "CVE-2016-1614"], "modified": "2017-03-29T00:00:00", "id": "OPENVAS:1361412562310806668", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806668", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln02_jan16_lin.nasl 5759 2017-03-29 09:01:08Z teissa $\n#\n# Google Chrome Multiple Vulnerabilities-02 Jan16 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806668\");\n script_version(\"$Revision: 5759 $\");\n script_cve_id(\"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\",\n \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\",\n \"CVE-2016-1620\", \"CVE-2016-2051\", \"CVE-2016-2052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-29 11:01:08 +0200 (Wed, 29 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-22 14:59:52 +0530 (Fri, 22 Jan 2016)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Jan16 (Linux)\");\n\n script_tag(name: \"summary\" , value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws exists due to,\n - Bad cast in V8.\n - Use-after-free error in PDFium.\n - Information leak error in Blink.\n - Origin confusion error in Omnibox.\n - URL Spoofing.\n - History sniffing with HSTS and CSP.\n - Weak random number generator in Blink.\n - Out-of-bounds read in PDFium.\n - Multiple Other Vulnerabilities.\n - Other Unspecified Vulnerabilities.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation would allow a remote\n attacker to conduct URL spoofing attacks, bypass certain security restrictions,\n gain access to sensitive information, cause a denial of service condition or\n possibly have unspecified other impact.\n\n Impact Level: Application\");\n\n script_tag(name: \"affected\" , value:\"Google Chrome versions prior to 48.0.2564.82\n on Linux.\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to Google Chrome version\n 48.0.2564.82 or later, For updates refer to http://www.google.com/chrome\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2016/01/stable-channel-update_20.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get version\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n## Grep for vulnerable version\nif(version_is_less(version:chromeVer, test_version:\"48.0.2564.82\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 48.0.2564.82' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:32", "references": ["http://www.debian.org/security/2016/dsa-3456.html"], "pluginID": "1361412562310703456", "description": "Several vulnerabilities were\ndiscovered in the chromium web browser.\n\nCVE-2015-6792\nAn issue was found in the handling of MIDI files.\n\nCVE-2016-1612\ncloudfuzzer discovered a logic error related to receiver\ncompatibility in the v8 javascript library.\n\nCVE-2016-1613\nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-1614\nChristoph Diehl discovered an information leak in Webkit/Blink.\n\nCVE-2016-1615\nRon Masas discovered a way to spoof URLs.\n\nCVE-2016-1616\nLuan Herrera discovered a way to spoof URLs.\n\nCVE-2016-1617\njenuis discovered a way to discover whether an HSTS web site had\nbeen visited.\n\nCVE-2016-1618\nAaron Toponce discovered the use of weak random number\ngenerator.\n\nCVE-2016-1619\nKeve Nagy discovered an out-of-bounds-read issue in the pdfium\nlibrary.\n\nCVE-2016-1620\nThe chrome 48 development team found and fixed various issues\nduring internal auditing. Also multiple issues were fixed in\nthe v8 javascript library, version 4.7.271.17.", "edition": 3, "reporter": "Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net", "published": "2016-01-27T00:00:00", "title": "Debian Security Advisory DSA 3456-1 (chromium-browser - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2015-6792", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:1361412562310703456", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703456", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3456.nasl 8131 2017-12-15 07:30:28Z teissa $\n# Auto-generated from advisory DSA 3456-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703456\");\n script_version(\"$Revision: 8131 $\");\n script_cve_id(\"CVE-2015-6792\", \"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\",\n \"CVE-2016-1615\", \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\",\n \"CVE-2016-1619\", \"CVE-2016-1620\");\n script_name(\"Debian Security Advisory DSA 3456-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-12-15 08:30:28 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-01-27 00:00:00 +0100 (Wed, 27 Jan 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3456.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 48.0.2564.82-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 48.0.2564.82-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were\ndiscovered in the chromium web browser.\n\nCVE-2015-6792\nAn issue was found in the handling of MIDI files.\n\nCVE-2016-1612\ncloudfuzzer discovered a logic error related to receiver\ncompatibility in the v8 javascript library.\n\nCVE-2016-1613\nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-1614\nChristoph Diehl discovered an information leak in Webkit/Blink.\n\nCVE-2016-1615\nRon Masas discovered a way to spoof URLs.\n\nCVE-2016-1616\nLuan Herrera discovered a way to spoof URLs.\n\nCVE-2016-1617\njenuis discovered a way to discover whether an HSTS web site had\nbeen visited.\n\nCVE-2016-1618\nAaron Toponce discovered the use of weak random number\ngenerator.\n\nCVE-2016-1619\nKeve Nagy discovered an out-of-bounds-read issue in the pdfium\nlibrary.\n\nCVE-2016-1620\nThe chrome 48 development team found and fixed various issues\nduring internal auditing. Also multiple issues were fixed in\nthe v8 javascript library, version 4.7.271.17.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"48.0.2564.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"48.0.2564.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"48.0.2564.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"48.0.2564.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"48.0.2564.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:28", "references": ["http://googlechromereleases.blogspot.in/2016/01/stable-channel-update_20.html"], "pluginID": "1361412562310806667", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-01-22T00:00:00", "title": "Google Chrome Multiple Vulnerabilities-02 Jan16 (Mac OS X)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1612", "CVE-2016-2051", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-2052", "CVE-2016-1614"], "modified": "2017-03-20T00:00:00", "id": "OPENVAS:1361412562310806667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806667", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln02_jan16_macosx.nasl 5612 2017-03-20 10:00:41Z teissa $\n#\n# Google Chrome Multiple Vulnerabilities-02 Jan16 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806667\");\n script_version(\"$Revision: 5612 $\");\n script_cve_id(\"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\",\n \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\",\n \"CVE-2016-1620\", \"CVE-2016-2051\", \"CVE-2016-2052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-20 11:00:41 +0100 (Mon, 20 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-22 14:58:05 +0530 (Fri, 22 Jan 2016)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Jan16 (Mac OS X)\");\n\n script_tag(name: \"summary\" , value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws exists due to,\n - Bad cast in V8.\n - Use-after-free error in PDFium.\n - Information leak error in Blink.\n - Origin confusion error in Omnibox.\n - URL Spoofing.\n - History sniffing with HSTS and CSP.\n - Weak random number generator in Blink.\n - Out-of-bounds read in PDFium.\n - Multiple Other Vulnerabilities.\n - Other Unspecified Vulnerabilities.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation would allow a remote\n attacker to conduct URL spoofing attacks, bypass certain security restrictions,\n gain access to sensitive information, cause a denial of service condition or\n possibly have unspecified other impact.\n\n Impact Level: Application\");\n\n script_tag(name: \"affected\" , value:\"Google Chrome versions prior to 48.0.2564.82\n on Mac OS X.\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to Google Chrome version\n 48.0.2564.82 or later, For updates refer to http://www.google.com/chrome\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2016/01/stable-channel-update_20.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get version\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n## Grep for vulnerable version\nif(version_is_less(version:chromeVer, test_version:\"48.0.2564.82\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 48.0.2564.82' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:56", "references": ["https://security.gentoo.org/glsa/201603-09"], "pluginID": "1361412562310121451", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201603-09", "edition": 5, "reporter": "Eero Volotinen", "published": "2016-03-14T00:00:00", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201603-09", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6776", "CVE-2016-1628", "CVE-2016-1634", "CVE-2015-6775", "CVE-2016-1638", "CVE-2015-6789", "CVE-2015-6766", "CVE-2015-6762", "CVE-2015-8126", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-6764", "CVE-2016-1612", "CVE-2015-6770", "CVE-2015-6760", "CVE-2015-6781", "CVE-2015-1291", "CVE-2016-1615", "CVE-2015-1275", "CVE-2016-1626", "CVE-2016-1618", "CVE-2015-1297", "CVE-2015-1286", "CVE-2016-1613", "CVE-2015-1298", "CVE-2015-1295", "CVE-2015-6771", "CVE-2015-1289", "CVE-2015-1296", "CVE-2015-1270", "CVE-2015-6784", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1300", "CVE-2015-1287", "CVE-2016-1621", "CVE-2016-1631", "CVE-2015-6774", "CVE-2015-6778", "CVE-2016-1640", "CVE-2016-1632", "CVE-2015-1282", "CVE-2016-1622", "CVE-2015-6772", "CVE-2015-1285", "CVE-2016-1639", "CVE-2016-1616", "CVE-2015-1302", "CVE-2015-1293", "CVE-2015-6758", "CVE-2015-1303", "CVE-2015-1294", "CVE-2016-1635", "CVE-2015-1276", "CVE-2015-1278", "CVE-2016-1620", "CVE-2015-6767", "CVE-2015-6783", "CVE-2016-1636", "CVE-2015-6787", "CVE-2015-6792", "CVE-2015-1277", "CVE-2016-1627", "CVE-2015-6786", "CVE-2016-1641", "CVE-2016-1633", "CVE-2016-1624", "CVE-2016-1617", "CVE-2015-6791", "CVE-2016-1629", "CVE-2015-6780", "CVE-2015-6785", "CVE-2015-6790", "CVE-2016-1619", "CVE-2015-1271", "CVE-2015-1292", "CVE-2015-6779", "CVE-2015-6788", "CVE-2015-6759", "CVE-2015-1273", "CVE-2015-6756", "CVE-2015-6768", "CVE-2015-6763", "CVE-2016-1630", "CVE-2016-1637", "CVE-2015-6765", "CVE-2015-6755", "CVE-2015-6769", "CVE-2015-6773", "CVE-2015-1304", "CVE-2015-6777", "CVE-2015-1280", "CVE-2015-1299", "CVE-2015-6757", "CVE-2016-1623", "CVE-2015-6782", "CVE-2016-1625", "CVE-2015-1284", "CVE-2016-1614", "CVE-2015-6761"], "modified": "2017-12-07T00:00:00", "id": "OPENVAS:1361412562310121451", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121451", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Gentoo Linux security check\n# $Id: glsa-201603-09.nasl 8029 2017-12-07 12:38:42Z teissa $\n\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# OpenVAS and security consultance available from openvas@solinor.com\n# see https://solinor.fi/openvas-en/ for more information\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.121451\");\nscript_version(\"$Revision: 8029 $\");\nscript_tag(name:\"creation_date\", value:\"2016-03-14 15:52:45 +0200 (Mon, 14 Mar 2016)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 13:38:42 +0100 (Thu, 07 Dec 2017) $\");\nscript_name(\"Gentoo Linux Local Check: https://security.gentoo.org/glsa/201603-09\");\nscript_tag(name: \"insight\", value: \"Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://security.gentoo.org/glsa/201603-09\");\nscript_cve_id(\"CVE-2015-1270\",\"CVE-2015-1271\",\"CVE-2015-1272\",\"CVE-2015-1273\",\"CVE-2015-1274\",\"CVE-2015-1275\",\"CVE-2015-1276\",\"CVE-2015-1277\",\"CVE-2015-1278\",\"CVE-2015-1279\",\"CVE-2015-1280\",\"CVE-2015-1281\",\"CVE-2015-1282\",\"CVE-2015-1283\",\"CVE-2015-1284\",\"CVE-2015-1285\",\"CVE-2015-1286\",\"CVE-2015-1287\",\"CVE-2015-1288\",\"CVE-2015-1289\",\"CVE-2015-1291\",\"CVE-2015-1292\",\"CVE-2015-1293\",\"CVE-2015-1294\",\"CVE-2015-1295\",\"CVE-2015-1296\",\"CVE-2015-1297\",\"CVE-2015-1298\",\"CVE-2015-1299\",\"CVE-2015-1300\",\"CVE-2015-1302\",\"CVE-2015-1303\",\"CVE-2015-1304\",\"CVE-2015-6755\",\"CVE-2015-6756\",\"CVE-2015-6757\",\"CVE-2015-6758\",\"CVE-2015-6759\",\"CVE-2015-6760\",\"CVE-2015-6761\",\"CVE-2015-6762\",\"CVE-2015-6763\",\"CVE-2015-6764\",\"CVE-2015-6765\",\"CVE-2015-6766\",\"CVE-2015-6767\",\"CVE-2015-6768\",\"CVE-2015-6769\",\"CVE-2015-6770\",\"CVE-2015-6771\",\"CVE-2015-6772\",\"CVE-2015-6773\",\"CVE-2015-6774\",\"CVE-2015-6775\",\"CVE-2015-6776\",\"CVE-2015-6777\",\"CVE-2015-6778\",\"CVE-2015-6779\",\"CVE-2015-6780\",\"CVE-2015-6781\",\"CVE-2015-6782\",\"CVE-2015-6783\",\"CVE-2015-6784\",\"CVE-2015-6785\",\"CVE-2015-6786\",\"CVE-2015-6787\",\"CVE-2015-6788\",\"CVE-2015-6789\",\"CVE-2015-6790\",\"CVE-2015-6791\",\"CVE-2015-6792\",\"CVE-2015-8126\",\"CVE-2016-1612\",\"CVE-2016-1613\",\"CVE-2016-1614\",\"CVE-2016-1615\",\"CVE-2016-1616\",\"CVE-2016-1617\",\"CVE-2016-1618\",\"CVE-2016-1619\",\"CVE-2016-1620\",\"CVE-2016-1621\",\"CVE-2016-1622\",\"CVE-2016-1623\",\"CVE-2016-1624\",\"CVE-2016-1625\",\"CVE-2016-1626\",\"CVE-2016-1627\",\"CVE-2016-1628\",\"CVE-2016-1629\",\"CVE-2016-1630\",\"CVE-2016-1631\",\"CVE-2016-1632\",\"CVE-2016-1633\",\"CVE-2016-1634\",\"CVE-2016-1635\",\"CVE-2016-1636\",\"CVE-2016-1637\",\"CVE-2016-1638\",\"CVE-2016-1639\",\"CVE-2016-1640\",\"CVE-2016-1641\");\nscript_tag(name:\"cvss_base\", value:\"10.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name: \"summary\" , value: \"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201603-09\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Gentoo Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 49.0.2623.87\"), vulnerable: make_list(\"lt 49.0.2623.87\"))) != NULL) {\n\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:22:35", "references": ["https://bugzilla.suse.com/963187", "https://bugzilla.suse.com/963184", "https://bugzilla.suse.com/963185", "https://bugzilla.suse.com/963191", "https://bugzilla.suse.com/963188", "https://bugzilla.suse.com/963192", "https://bugzilla.suse.com/963190", "https://bugzilla.suse.com/963186", "https://bugzilla.suse.com/963189"], "affectedPackage": [{"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "48.0.2564.82-41.1", "packageName": "chromium-debugsource", "packageFilename": "chromium-debugsource-48.0.2564.82-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "48.0.2564.82-41.1", "packageName": "chromium-desktop-gnome", "packageFilename": "chromium-desktop-gnome-48.0.2564.82-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "48.0.2564.82-41.1", "packageName": "chromium-debuginfo", "packageFilename": "chromium-debuginfo-48.0.2564.82-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "48.0.2564.82-41.1", "packageName": "chromium-desktop-kde", "packageFilename": "chromium-desktop-kde-48.0.2564.82-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "48.0.2564.82-41.1", "packageName": "chromium-ffmpegsumo-debuginfo", "packageFilename": "chromium-ffmpegsumo-debuginfo-48.0.2564.82-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "48.0.2564.82-41.1", "packageName": "chromedriver", "packageFilename": "chromedriver-48.0.2564.82-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "48.0.2564.82-41.1", "packageName": "chromium", "packageFilename": "chromium-48.0.2564.82-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "48.0.2564.82-41.1", "packageName": "chromium-ffmpegsumo", "packageFilename": "chromium-ffmpegsumo-48.0.2564.82-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Package Hub for SUSE Linux Enterprise", "OSVersion": "12", "packageVersion": "48.0.2564.82-41.1", "packageName": "chromedriver-debuginfo", "packageFilename": "chromedriver-debuginfo-48.0.2564.82-41.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "Chromium was updated to 48.0.2564.82 to fix security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-1612: Bad cast in V8 (boo#963184)\n - CVE-2016-1613: Use-after-free in PDFium (boo#963185)\n - CVE-2016-1614: Information leak in Blink (boo#963186)\n - CVE-2016-1615: Origin confusion in Omnibox (boo#963187)\n - CVE-2016-1616: URL Spoofing (boo#963188)\n - CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189)\n - CVE-2016-1618: Weak random number generator in Blink (boo#963190)\n - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)\n - CVE-2016-1620 chromium-browser: various fixes (boo#963192)\n\n This update also enables SSE2 support on x86_64, VA-API hardware\n acceleration and fixes a crash when trying to enable the Chromecast\n extension.\n\n", "edition": 1, "reporter": "Suse", "published": "2016-01-26T18:11:38", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for Chromium (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2016-01-26T18:11:38", "id": "OPENSUSE-SU-2016:0249-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:47", "references": ["https://bugzilla.suse.com/963187", "https://bugzilla.suse.com/963184", "https://bugzilla.suse.com/963185", "https://bugzilla.suse.com/963191", "https://bugzilla.suse.com/963188", "https://bugzilla.suse.com/963192", "https://bugzilla.suse.com/963190", "https://bugzilla.suse.com/963186", "https://bugzilla.suse.com/963189"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "i586", "packageFilename": "chromium-debugsource-48.0.2564.82-122.1.i586.rpm", "packageName": "chromium-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "x86_64", "packageFilename": "chromium-debuginfo-48.0.2564.82-122.1.x86_64.rpm", "packageName": "chromium-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "x86_64", "packageFilename": "chromium-48.0.2564.82-122.1.x86_64.rpm", "packageName": "chromium", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "x86_64", "packageFilename": "chromium-ffmpegsumo-debuginfo-48.0.2564.82-122.1.x86_64.rpm", "packageName": "chromium-ffmpegsumo-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "i586", "packageFilename": "chromedriver-48.0.2564.82-122.1.i586.rpm", "packageName": "chromedriver", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "x86_64", "packageFilename": "chromium-debugsource-48.0.2564.82-122.1.x86_64.rpm", "packageName": "chromium-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "i586", "packageFilename": "chromium-desktop-gnome-48.0.2564.82-122.1.i586.rpm", "packageName": "chromium-desktop-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "i586", "packageFilename": "chromium-debuginfo-48.0.2564.82-122.1.i586.rpm", "packageName": "chromium-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "i586", "packageFilename": "chromium-ffmpegsumo-debuginfo-48.0.2564.82-122.1.i586.rpm", "packageName": "chromium-ffmpegsumo-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "x86_64", "packageFilename": "chromedriver-debuginfo-48.0.2564.82-122.1.x86_64.rpm", "packageName": "chromedriver-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "i586", "packageFilename": "chromium-ffmpegsumo-48.0.2564.82-122.1.i586.rpm", "packageName": "chromium-ffmpegsumo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "i586", "packageFilename": "chromium-48.0.2564.82-122.1.i586.rpm", "packageName": "chromium", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "x86_64", "packageFilename": "chromedriver-48.0.2564.82-122.1.x86_64.rpm", "packageName": "chromedriver", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "i586", "packageFilename": "chromedriver-debuginfo-48.0.2564.82-122.1.i586.rpm", "packageName": "chromedriver-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "x86_64", "packageFilename": "chromium-desktop-kde-48.0.2564.82-122.1.x86_64.rpm", "packageName": "chromium-desktop-kde", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "x86_64", "packageFilename": "chromium-ffmpegsumo-48.0.2564.82-122.1.x86_64.rpm", "packageName": "chromium-ffmpegsumo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "x86_64", "packageFilename": "chromium-desktop-gnome-48.0.2564.82-122.1.x86_64.rpm", "packageName": "chromium-desktop-gnome", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.1", "packageVersion": "48.0.2564.82-122.1", "arch": "i586", "packageFilename": "chromium-desktop-kde-48.0.2564.82-122.1.i586.rpm", "packageName": "chromium-desktop-kde", "operator": "lt"}], "description": "Chromium was updated to 48.0.2564.82 to fix security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-1612: Bad cast in V8 (boo#963184)\n - CVE-2016-1613: Use-after-free in PDFium (boo#963185)\n - CVE-2016-1614: Information leak in Blink (boo#963186)\n - CVE-2016-1615: Origin confusion in Omnibox (boo#963187)\n - CVE-2016-1616: URL Spoofing (boo#963188)\n - CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189)\n - CVE-2016-1618: Weak random number generator in Blink (boo#963190)\n - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)\n - CVE-2016-1620 chromium-browser: various fixes (boo#963192)\n\n This update also enables SSE2 support on x86_64, VA-API hardware\n acceleration and fixes a crash when trying to enable the Chromecast\n extension.\n\n", "edition": 1, "reporter": "Suse", "published": "2016-01-27T22:11:24", "title": "Security update for Chromium (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2016-01-27T22:11:24", "id": "OPENSUSE-SU-2016:0271-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:43:03", "references": ["https://bugzilla.suse.com/963187", "https://bugzilla.suse.com/963184", "https://bugzilla.suse.com/963185", "https://bugzilla.suse.com/963191", "https://bugzilla.suse.com/963188", "https://bugzilla.suse.com/963192", "https://bugzilla.suse.com/963190", "https://bugzilla.suse.com/963186", "https://bugzilla.suse.com/963189"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium-desktop-kde", "packageFilename": "chromium-desktop-kde-48.0.2564.82-67.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium-desktop-gnome", "packageFilename": "chromium-desktop-gnome-48.0.2564.82-13.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromedriver", "packageFilename": "chromedriver-48.0.2564.82-67.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium-ffmpegsumo", "packageFilename": "chromium-ffmpegsumo-48.0.2564.82-13.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium-ffmpegsumo", "packageFilename": "chromium-ffmpegsumo-48.0.2564.82-67.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromedriver-debuginfo", "packageFilename": "chromedriver-debuginfo-48.0.2564.82-13.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromedriver", "packageFilename": "chromedriver-48.0.2564.82-67.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium", "packageFilename": "chromium-48.0.2564.82-13.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromedriver", "packageFilename": "chromedriver-48.0.2564.82-13.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium-ffmpegsumo-debuginfo", "packageFilename": "chromium-ffmpegsumo-debuginfo-48.0.2564.82-13.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium-desktop-gnome", "packageFilename": "chromium-desktop-gnome-48.0.2564.82-67.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium-debuginfo", "packageFilename": "chromium-debuginfo-48.0.2564.82-13.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium-ffmpegsumo-debuginfo", "packageFilename": "chromium-ffmpegsumo-debuginfo-48.0.2564.82-67.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium-desktop-kde", "packageFilename": "chromium-desktop-kde-48.0.2564.82-67.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium", "packageFilename": "chromium-48.0.2564.82-67.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium-ffmpegsumo-debuginfo", "packageFilename": "chromium-ffmpegsumo-debuginfo-48.0.2564.82-67.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromedriver", "packageFilename": "chromedriver-48.0.2564.82-13.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium-desktop-gnome", "packageFilename": "chromium-desktop-gnome-48.0.2564.82-13.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium-desktop-gnome", "packageFilename": "chromium-desktop-gnome-48.0.2564.82-67.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromedriver-debuginfo", "packageFilename": "chromedriver-debuginfo-48.0.2564.82-67.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium-desktop-kde", "packageFilename": "chromium-desktop-kde-48.0.2564.82-13.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium", "packageFilename": "chromium-48.0.2564.82-13.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium-desktop-kde", "packageFilename": "chromium-desktop-kde-48.0.2564.82-13.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium-ffmpegsumo", "packageFilename": "chromium-ffmpegsumo-48.0.2564.82-67.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium-debugsource", "packageFilename": "chromium-debugsource-48.0.2564.82-67.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium-debuginfo", "packageFilename": "chromium-debuginfo-48.0.2564.82-67.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium-debugsource", "packageFilename": "chromium-debugsource-48.0.2564.82-13.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium-debuginfo", "packageFilename": "chromium-debuginfo-48.0.2564.82-13.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromedriver-debuginfo", "packageFilename": "chromedriver-debuginfo-48.0.2564.82-13.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium-debugsource", "packageFilename": "chromium-debugsource-48.0.2564.82-67.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium-debugsource", "packageFilename": "chromium-debugsource-48.0.2564.82-13.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium-ffmpegsumo-debuginfo", "packageFilename": "chromium-ffmpegsumo-debuginfo-48.0.2564.82-13.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "48.0.2564.82-13.1", "packageName": "chromium-ffmpegsumo", "packageFilename": "chromium-ffmpegsumo-48.0.2564.82-13.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium-debuginfo", "packageFilename": "chromium-debuginfo-48.0.2564.82-67.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromedriver-debuginfo", "packageFilename": "chromedriver-debuginfo-48.0.2564.82-67.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "48.0.2564.82-67.1", "packageName": "chromium", "packageFilename": "chromium-48.0.2564.82-67.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "Chromium was updated to 48.0.2564.82 to fix security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n - CVE-2016-1612: Bad cast in V8 (boo#963184)\n - CVE-2016-1613: Use-after-free in PDFium (boo#963185)\n - CVE-2016-1614: Information leak in Blink (boo#963186)\n - CVE-2016-1615: Origin confusion in Omnibox (boo#963187)\n - CVE-2016-1616: URL Spoofing (boo#963188)\n - CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189)\n - CVE-2016-1618: Weak random number generator in Blink (boo#963190)\n - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)\n - CVE-2016-1620 chromium-browser: various fixes (boo#963192)\n\n This update also enables SSE2 support on x86_64, VA-API hardware\n acceleration and fixes a crash when trying to enable the Chromecast\n extension.\n\n", "edition": 1, "reporter": "Suse", "published": "2016-01-26T18:13:18", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for Chromium (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2016-01-26T18:13:18", "id": "OPENSUSE-SU-2016:0250-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2016-09-02T18:21:25", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "48.0.2564.82-1~deb8u1", "packageFilename": "chromium-dbg_48.0.2564.82-1~deb8u1_all.deb", "arch": "all", "packageName": "chromium-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "48.0.2564.82-1~deb8u1", "packageFilename": "chromium-browser_48.0.2564.82-1~deb8u1_all.deb", "arch": "all", "packageName": "chromium-browser", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "48.0.2564.82-1~deb8u1", "packageFilename": "chromium_48.0.2564.82-1~deb8u1_all.deb", "arch": "all", "packageName": "chromium", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "48.0.2564.82-1~deb8u1", "packageFilename": "chromium-l10n_48.0.2564.82-1~deb8u1_all.deb", "arch": "all", "packageName": "chromium-l10n", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "48.0.2564.82-1~deb8u1", "packageFilename": "chromedriver_48.0.2564.82-1~deb8u1_all.deb", "arch": "all", "packageName": "chromedriver", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "8", "packageVersion": "48.0.2564.82-1~deb8u1", "packageFilename": "chromium-inspector_48.0.2564.82-1~deb8u1_all.deb", "arch": "all", "packageName": "chromium-inspector", "operator": "lt"}], "edition": 1, "description": "Several vulnerabilities were discovered in the chromium web browser.\n\n * [CVE-2015-6792](<https://security-tracker.debian.org/tracker/CVE-2015-6792>)\n\nAn issue was found in the handling of MIDI files.\n\n * [CVE-2016-1612](<https://security-tracker.debian.org/tracker/CVE-2016-1612>)\n\ncloudfuzzer discovered a logic error related to receiver compatibility in the v8 javascript library.\n\n * [CVE-2016-1613](<https://security-tracker.debian.org/tracker/CVE-2016-1613>)\n\nA use-after-free issue was discovered in the pdfium library.\n\n * [CVE-2016-1614](<https://security-tracker.debian.org/tracker/CVE-2016-1614>)\n\nChristoph Diehl discovered an information leak in Webkit/Blink.\n\n * [CVE-2016-1615](<https://security-tracker.debian.org/tracker/CVE-2016-1615>)\n\nRon Masas discovered a way to spoof URLs.\n\n * [CVE-2016-1616](<https://security-tracker.debian.org/tracker/CVE-2016-1616>)\n\nLuan Herrera discovered a way to spoof URLs.\n\n * [CVE-2016-1617](<https://security-tracker.debian.org/tracker/CVE-2016-1617>)\n\njenuis discovered a way to discover whether an HSTS web site had been visited.\n\n * [CVE-2016-1618](<https://security-tracker.debian.org/tracker/CVE-2016-1618>)\n\nAaron Toponce discovered the use of weak random number generator.\n\n * [CVE-2016-1619](<https://security-tracker.debian.org/tracker/CVE-2016-1619>)\n\nKeve Nagy discovered an out-of-bounds-read issue in the pdfium library.\n\n * [CVE-2016-1620](<https://security-tracker.debian.org/tracker/CVE-2016-1620>)\n\nThe chrome 48 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.7.271.17.\n\nFor the stable distribution (jessie), these problems have been fixed in version 48.0.2564.82-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in version 48.0.2564.82-1.\n\nWe recommend that you upgrade your chromium-browser packages.", "reporter": "Debian", "published": "2016-01-27T00:00:00", "type": "debian", "title": "chromium-browser -- security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-1612", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2015-6792", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-1614"], "modified": "2016-01-27T00:00:00", "id": "DSA-3456", "href": "http://www.debian.org/security/dsa-3456", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-09-14T00:47:37", "references": [], "description": "### *CVSS*:\n9.3\n\n### *Detect date*:\n01/20/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service or execute arbitrary code.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 48.0.2564.82\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Chrome](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Google Chrome releases blog](<http://googlechromereleases.blogspot.ru/2016/01/stable-channel-update_20.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+GoogleChromeReleases+\\(Google+Chrome+Releases\\)>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2016-2051](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2051>) \n[CVE-2016-1620](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1620>) \n[CVE-2016-1619](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1619>) \n[CVE-2016-1618](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1618>) \n[CVE-2016-1617](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1617>) \n[CVE-2016-1616](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1616>) \n[CVE-2016-1615](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1615>) \n[CVE-2016-1614](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1614>) \n[CVE-2016-1613](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1613>) \n[CVE-2016-1612](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1612>) \n[CVE-2016-2052](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2052>)", "edition": 13, "reporter": "Kaspersky Lab", "published": "2016-01-20T00:00:00", "title": "\r KLA10745Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2016-1612", "CVE-2016-2051", "CVE-2016-1615", "CVE-2016-1618", "CVE-2016-1613", "CVE-2016-1616", "CVE-2016-1620", "CVE-2016-1617", "CVE-2016-1619", "CVE-2016-2052", "CVE-2016-1614"], "modified": "2018-09-10T00:00:00", "id": "KLA10745", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10745", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-06-07T05:58:51", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "48.0.2564.82-1.el6", "arch": "i686", "packageName": "chromium-browser-debuginfo", "packageFilename": "chromium-browser-debuginfo-48.0.2564.82-1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "48.0.2564.82-1.el6", "arch": "x86_64", "packageName": "chromium-browser-debuginfo", "packageFilename": "chromium-browser-debuginfo-48.0.2564.82-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "48.0.2564.82-1.el6", "arch": "i686", "packageName": "chromium-browser", "packageFilename": "chromium-browser-48.0.2564.82-1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "48.0.2564.82-1.el6", "arch": "x86_64", "packageName": "chromium-browser", "packageFilename": "chromium-browser-48.0.2564.82-1.el6.x86_64.rpm", "operator": "lt"}], "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash, execute\narbitrary code, or disclose sensitive information when visited by the\nvictim. (CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615,\nCVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620,\nCVE-2016-2051, CVE-2016-2052)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 48.0.2564.82, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the changes\nto take effect.\n", "reporter": "RedHat", "published": "2016-01-27T05:00:00", "type": "redhat", "title": "(RHSA-2016:0072) Important: chromium-browser security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8947", "CVE-2016-1612", "CVE-2016-1613", "CVE-2016-1614", "CVE-2016-1615", "CVE-2016-1616", "CVE-2016-1617", "CVE-2016-1618", "CVE-2016-1619", "CVE-2016-1620", "CVE-2016-2051", "CVE-2016-2052"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:21", "id": "RHSA-2016:0072", "href": "https://access.redhat.com/errata/RHSA-2016:0072", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:50", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6760", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1627", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6779", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1279", "https://bugs.gentoo.org/show_bug.cgi?id=576354", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6758", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1286", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1277", "https://bugs.gentoo.org/show_bug.cgi?id=567308", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6771", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1276", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1293", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6755", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6788", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1625", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1281", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6776", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1634", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1613", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1622", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6782", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6775", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1295", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1635", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6774", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6763", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1639", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1274", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1614", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1620", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1278", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6769", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1289", "https://bugs.gentoo.org/show_bug.cgi?id=563098", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1292", "https://bugs.gentoo.org/show_bug.cgi?id=574416", "https://bugs.gentoo.org/show_bug.cgi?id=567870", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6757", "https://bugs.gentoo.org/show_bug.cgi?id=575434", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1271", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1294", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6756", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1624", "https://bugs.gentoo.org/show_bug.cgi?id=572542", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6781", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6780", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6764", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1287", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6787", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6792", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6767", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6768", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1641", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1280", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6777", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6778", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6789", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1628", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1623", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1296", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1270", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1638", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1285", "https://bugs.gentoo.org/show_bug.cgi?id=576858", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1617", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1302", "https://bugs.gentoo.org/show_bug.cgi?id=565510", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1272", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6772", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1612", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6786", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1631", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1637", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1629", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1630", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1615", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6765", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1626", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1621", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1636", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8126", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6790", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1284", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6761", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1300", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1275", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6785", "https://bugs.gentoo.org/show_bug.cgi?id=561448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1304", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1633", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1291", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1298", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1303", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1273", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6770", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1288", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1632", "https://bugs.gentoo.org/show_bug.cgi?id=555640", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1619", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6773", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6791", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1297", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1299", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1618", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6766", "https://bugs.gentoo.org/show_bug.cgi?id=568396", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6762", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1616", "https://bugs.gentoo.org/show_bug.cgi?id=559384", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1640", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6784", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6759", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1282"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "49.0.2623.87", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "www-client/chromium", "operator": "lt"}], "edition": 1, "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-49.0.2623.87\"", "reporter": "Gentoo Foundation", "published": "2016-03-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6776", "CVE-2016-1628", "CVE-2016-1634", "CVE-2015-6775", "CVE-2016-1638", "CVE-2015-6789", "CVE-2015-6766", "CVE-2015-6762", "CVE-2015-8126", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-6764", "CVE-2016-1612", "CVE-2015-6770", "CVE-2015-6760", "CVE-2015-6781", "CVE-2015-1291", "CVE-2016-1615", "CVE-2015-1275", "CVE-2016-1626", "CVE-2016-1618", "CVE-2015-1297", "CVE-2015-1286", "CVE-2016-1613", "CVE-2015-1298", "CVE-2015-1295", "CVE-2015-6771", "CVE-2015-1289", "CVE-2015-1296", "CVE-2015-1270", "CVE-2015-6784", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1300", "CVE-2015-1287", "CVE-2016-1621", "CVE-2016-1631", "CVE-2015-6774", "CVE-2015-6778", "CVE-2016-1640", "CVE-2016-1632", "CVE-2015-1282", "CVE-2016-1622", "CVE-2015-6772", "CVE-2015-1285", "CVE-2016-1639", "CVE-2016-1616", "CVE-2015-1302", "CVE-2015-1293", "CVE-2015-6758", "CVE-2015-1303", "CVE-2015-1294", "CVE-2016-1635", "CVE-2015-1276", "CVE-2015-1278", "CVE-2016-1620", "CVE-2015-6767", "CVE-2015-6783", "CVE-2016-1636", "CVE-2015-6787", "CVE-2015-6792", "CVE-2015-1277", "CVE-2016-1627", "CVE-2015-6786", "CVE-2016-1641", "CVE-2016-1633", "CVE-2016-1624", "CVE-2016-1617", "CVE-2015-6791", "CVE-2016-1629", "CVE-2015-6780", "CVE-2015-6785", "CVE-2015-6790", "CVE-2016-1619", "CVE-2015-1271", "CVE-2015-1292", "CVE-2015-6779", "CVE-2015-6788", "CVE-2015-6759", "CVE-2015-1273", "CVE-2015-6756", "CVE-2015-6768", "CVE-2015-6763", "CVE-2016-1630", "CVE-2016-1637", "CVE-2015-6765", "CVE-2015-6755", "CVE-2015-6769", "CVE-2015-6773", "CVE-2015-1304", "CVE-2015-6777", "CVE-2015-1280", "CVE-2015-1299", "CVE-2015-6757", "CVE-2016-1623", "CVE-2015-6782", "CVE-2016-1625", "CVE-2015-1284", "CVE-2016-1614", "CVE-2015-6761"], "modified": "2016-03-12T00:00:00", "id": "GLSA-201603-09", "href": "https://security.gentoo.org/glsa/201603-09", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
