ID CVE-2016-1656 Type cve Reporter cve@mitre.org Modified 2018-10-30T16:27:00
Description
The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.
{"freebsd": [{"lastseen": "2019-05-29T18:32:44", "bulletinFamily": "unix", "description": "\nGoogle Chrome Releases reports:\n\n20 security fixes in this release, including:\n\n[590275] High CVE-2016-1652: Universal XSS in extension\n\t bindings. Credit to anonymous.\n[589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit\n\t to Choongwoo Han.\n[591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium\n\t JPEG2000 decoding. Credit to kdot working with HP's Zero Day\n\t Initiative.\n[589512] Medium CVE-2016-1654: Uninitialized memory read in\n\t media. Credit to Atte Kettunen of OUSPG.\n[582008] Medium CVE-2016-1655: Use-after-free related to\n\t extensions. Credit to Rob Wu.\n[570750] Medium CVE-2016-1656: Android downloaded file path\n\t restriction bypass. Credit to Dzmitry Lukyanenko.\n[567445] Medium CVE-2016-1657: Address bar spoofing. Credit to\n\t Luan Herrera.\n[573317] Low CVE-2016-1658: Potential leak of sensitive\n\t information to malicious extensions. Credit to Antonio Sanso\n\t (@asanso) of Adobe.\n[602697] CVE-2016-1659: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n\n\n", "modified": "2016-04-13T00:00:00", "published": "2016-04-13T00:00:00", "id": "6D8505F0-0614-11E6-B39C-00262D5ED8EE", "href": "https://vuxml.freebsd.org/freebsd/6d8505f0-0614-11e6-b39c-00262d5ed8ee.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:29:44", "bulletinFamily": "unix", "description": "Chromium was updated to 50.0.2661.75 to fix the following vulnerabilities:\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding\n - CVE-2016-1652: Universal XSS in extension bindings\n - CVE-2016-1653: Out-of-bounds write in V8\n - CVE-2016-1654: Uninitialized memory read in media\n - CVE-2016-1655: Use-after-free related to extensions\n - CVE-2016-1656: Android downloaded file path restriction bypass\n - CVE-2016-1657: Address bar spoofing\n - CVE-2016-1658: Potential leak of sensitive information to malicious\n extensions\n - CVE-2016-1659: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "modified": "2016-04-24T12:07:36", "published": "2016-04-24T12:07:36", "id": "OPENSUSE-SU-2016:1136-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html", "type": "suse", "title": "Security update for Chromium (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:52:32", "bulletinFamily": "unix", "description": "Chromium was updated to 50.0.2661.75 to fix the following vulnerabilities:\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding\n - CVE-2016-1652: Universal XSS in extension bindings\n - CVE-2016-1653: Out-of-bounds write in V8\n - CVE-2016-1654: Uninitialized memory read in media\n - CVE-2016-1655: Use-after-free related to extensions\n - CVE-2016-1656: Android downloaded file path restriction bypass\n - CVE-2016-1657: Address bar spoofing\n - CVE-2016-1658: Potential leak of sensitive information to malicious\n extensions\n - CVE-2016-1659: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "modified": "2016-04-17T13:08:14", "published": "2016-04-17T13:08:14", "id": "OPENSUSE-SU-2016:1061-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:14:44", "bulletinFamily": "unix", "description": "Chromium was updated to 50.0.2661.75 to fix the following vulnerabilities:\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding\n - CVE-2016-1652: Universal XSS in extension bindings\n - CVE-2016-1653: Out-of-bounds write in V8\n - CVE-2016-1654: Uninitialized memory read in media\n - CVE-2016-1655: Use-after-free related to extensions\n - CVE-2016-1656: Android downloaded file path restriction bypass\n - CVE-2016-1657: Address bar spoofing\n - CVE-2016-1658: Potential leak of sensitive information to malicious\n extensions\n - CVE-2016-1659: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "modified": "2016-04-24T02:07:44", "published": "2016-04-24T02:07:44", "id": "OPENSUSE-SU-2016:1135-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html", "type": "suse", "title": "Security update for Chromium (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:28", "bulletinFamily": "unix", "description": "Chromium was updated to 50.0.2661.75 to fix the following vulnerabilities:\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding\n - CVE-2016-1652: Universal XSS in extension bindings\n - CVE-2016-1653: Out-of-bounds write in V8\n - CVE-2016-1654: Uninitialized memory read in media\n - CVE-2016-1655: Use-after-free related to extensions\n - CVE-2016-1656: Android downloaded file path restriction bypass\n - CVE-2016-1657: Address bar spoofing\n - CVE-2016-1658: Potential leak of sensitive information to malicious\n extensions\n - CVE-2016-1659: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "modified": "2016-04-17T13:07:56", "published": "2016-04-17T13:07:56", "id": "SUSE-SU-2016:1060-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:30", "bulletinFamily": "unix", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 50.0.2661.75.\n\nSecurity Fix(es):\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1652, CVE-2016-1653, CVE-2016-1651, CVE-2016-1654, CVE-2016-1655, CVE-2016-1656, CVE-2016-1657, CVE-2016-1658, CVE-2016-1659)", "modified": "2018-06-07T09:04:23", "published": "2016-04-18T10:48:00", "id": "RHSA-2016:0638", "href": "https://access.redhat.com/errata/RHSA-2016:0638", "type": "redhat", "title": "(RHSA-2016:0638) Important: chromium-browser security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-04-18T00:00:00", "id": "OPENVAS:1361412562310851280", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851280", "title": "SuSE Update for Chromium openSUSE-SU-2016:1061-1 (Chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_1061_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Chromium openSUSE-SU-2016:1061-1 (Chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851280\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-18 05:21:55 +0200 (Mon, 18 Apr 2016)\");\n script_cve_id(\"CVE-2016-1651\", \"CVE-2016-1652\", \"CVE-2016-1653\", \"CVE-2016-1654\",\n \"CVE-2016-1655\", \"CVE-2016-1656\", \"CVE-2016-1657\", \"CVE-2016-1658\",\n \"CVE-2016-1659\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Chromium openSUSE-SU-2016:1061-1 (Chromium)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Chromium was updated to 50.0.2661.75 to fix the following vulnerabilities:\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding\n\n - CVE-2016-1652: Universal XSS in extension bindings\n\n - CVE-2016-1653: Out-of-bounds write in V8\n\n - CVE-2016-1654: Uninitialized memory read in media\n\n - CVE-2016-1655: Use-after-free related to extensions\n\n - CVE-2016-1656: Android downloaded file path restriction bypass\n\n - CVE-2016-1657: Address bar spoofing\n\n - CVE-2016-1658: Potential leak of sensitive information to malicious\n extensions\n\n - CVE-2016-1659: Various fixes from internal audits, fuzzing and other\n initiatives\");\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 42.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1061_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~50.0.2661.75~41.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~50.0.2661.75~41.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~50.0.2661.75~41.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~50.0.2661.75~41.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~50.0.2661.75~41.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~50.0.2661.75~41.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~50.0.2661.75~41.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~50.0.2661.75~41.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~50.0.2661.75~41.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:11:25", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-04-18T00:00:00", "id": "OPENVAS:1361412562310807548", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807548", "title": "Google Chrome Security Updates(stable-channel-update_13-2016-04)-MAC OS X", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update_13-2016-04)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807548\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-1652\", \"CVE-2016-1653\", \"CVE-2016-1651\", \"CVE-2016-1654\",\n \"CVE-2016-1655\", \"CVE-2016-1656\", \"CVE-2016-1657\", \"CVE-2016-1658\",\n \"CVE-2016-1659\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-04-18 16:52:03 +0530 (Mon, 18 Apr 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update_13-2016-04)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - A universal XSS in the browser's extension bindings.\n\n - An out-of-bounds write in Chrome's V8 JavaScript engine.\n\n - An out-of-bounds memory read issue in Pdfium JPEG2000 decoding.\n\n - An Uninitialized memory read in browser's media component.\n\n - An use-after-free in the extensions component.\n\n - A path restriction bypass in download implementation on Android.\n\n - An Address bar spoofing vulnerability.\n\n - The Extensions subsystem incorrectly relies on GetOrigin method calls for\n origin comparisons.\n\n - Multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code,\n to obtain sensitive information and to cause denial of service or possibly\n have other impact via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 50.0.2661.75 on MAC OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 50.0.2661.75 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/04/stable-channel-update_13.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"50.0.2661.75\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"50.0.2661.75\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-04-25T00:00:00", "id": "OPENVAS:1361412562310851284", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851284", "title": "SuSE Update for Chromium openSUSE-SU-2016:1136-1 (Chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_1136_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Chromium openSUSE-SU-2016:1136-1 (Chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851284\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-25 05:00:59 +0200 (Mon, 25 Apr 2016)\");\n script_cve_id(\"CVE-2016-1651\", \"CVE-2016-1652\", \"CVE-2016-1653\", \"CVE-2016-1654\",\n \"CVE-2016-1655\", \"CVE-2016-1656\", \"CVE-2016-1657\", \"CVE-2016-1658\",\n \"CVE-2016-1659\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Chromium openSUSE-SU-2016:1136-1 (Chromium)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Chromium was updated to 50.0.2661.75 to fix the following vulnerabilities:\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding\n\n - CVE-2016-1652: Universal XSS in extension bindings\n\n - CVE-2016-1653: Out-of-bounds write in V8\n\n - CVE-2016-1654: Uninitialized memory read in media\n\n - CVE-2016-1655: Use-after-free related to extensions\n\n - CVE-2016-1656: Android downloaded file path restriction bypass\n\n - CVE-2016-1657: Address bar spoofing\n\n - CVE-2016-1658: Potential leak of sensitive information to malicious\n extensions\n\n - CVE-2016-1659: Various fixes from internal audits, fuzzing and other\n initiatives\");\n script_tag(name:\"affected\", value:\"Chromium on openSUSE 13.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1136_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~50.0.2661.75~144.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~50.0.2661.75~144.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~50.0.2661.75~144.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~50.0.2661.75~144.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~50.0.2661.75~144.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~50.0.2661.75~144.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~50.0.2661.75~144.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~50.0.2661.75~144.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~50.0.2661.75~144.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:50", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-04-24T00:00:00", "id": "OPENVAS:1361412562310851283", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851283", "title": "SuSE Update for Chromium openSUSE-SU-2016:1135-1 (Chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_1135_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Chromium openSUSE-SU-2016:1135-1 (Chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851283\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-24 05:16:28 +0200 (Sun, 24 Apr 2016)\");\n script_cve_id(\"CVE-2016-1651\", \"CVE-2016-1652\", \"CVE-2016-1653\", \"CVE-2016-1654\",\n \"CVE-2016-1655\", \"CVE-2016-1656\", \"CVE-2016-1657\", \"CVE-2016-1658\",\n \"CVE-2016-1659\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Chromium openSUSE-SU-2016:1135-1 (Chromium)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Chromium was updated to 50.0.2661.75 to fix the following vulnerabilities:\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding\n\n - CVE-2016-1652: Universal XSS in extension bindings\n\n - CVE-2016-1653: Out-of-bounds write in V8\n\n - CVE-2016-1654: Uninitialized memory read in media\n\n - CVE-2016-1655: Use-after-free related to extensions\n\n - CVE-2016-1656: Android downloaded file path restriction bypass\n\n - CVE-2016-1657: Address bar spoofing\n\n - CVE-2016-1658: Potential leak of sensitive information to malicious\n extensions\n\n - CVE-2016-1659: Various fixes from internal audits, fuzzing and other\n initiatives\");\n script_tag(name:\"affected\", value:\"Chromium on openSUSE 13.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1135_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~50.0.2661.75~94.3\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~50.0.2661.75~94.3\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~50.0.2661.75~94.3\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~50.0.2661.75~94.3\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~50.0.2661.75~94.3\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~50.0.2661.75~94.3\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~50.0.2661.75~94.3\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~50.0.2661.75~94.3\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~50.0.2661.75~94.3\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:12:37", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-04-18T00:00:00", "id": "OPENVAS:1361412562310807546", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807546", "title": "Google Chrome Security Updates(stable-channel-update_13-2016-04)-Windows", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update_13-2016-04)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807546\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-1652\", \"CVE-2016-1653\", \"CVE-2016-1651\", \"CVE-2016-1654\",\n \"CVE-2016-1655\", \"CVE-2016-1656\", \"CVE-2016-1657\", \"CVE-2016-1658\",\n \"CVE-2016-1659\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-04-18 16:52:03 +0530 (Mon, 18 Apr 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update_13-2016-04)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - A universal XSS in the browser's extension bindings.\n\n - An out-of-bounds write in Chrome's V8 JavaScript engine.\n\n - An out-of-bounds memory read issue in Pdfium JPEG2000 decoding.\n\n - An Uninitialized memory read in browser's media component.\n\n - An use-after-free in the extensions component.\n\n - A path restriction bypass in download implementation on Android.\n\n - An Address bar spoofing vulnerability.\n\n - The Extensions subsystem incorrectly relies on GetOrigin method calls for\n origin comparisons.\n\n - Multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code,\n to obtain sensitive information and to cause denial of service or possibly\n have other impact via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 50.0.2661.75 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 50.0.2661.75 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/04/stable-channel-update_13.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"50.0.2661.75\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"50.0.2661.75\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:11:32", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-04-18T00:00:00", "id": "OPENVAS:1361412562310807547", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807547", "title": "Google Chrome Security Updates(stable-channel-update_13-2016-04)-Linux", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update_13-2016-04)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807547\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-1652\", \"CVE-2016-1653\", \"CVE-2016-1651\", \"CVE-2016-1654\",\n \"CVE-2016-1655\", \"CVE-2016-1656\", \"CVE-2016-1657\", \"CVE-2016-1658\",\n \"CVE-2016-1659\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-04-18 16:52:03 +0530 (Mon, 18 Apr 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update_13-2016-04)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - A universal XSS in the browser's extension bindings.\n\n - An out-of-bounds write in Chrome's V8 JavaScript engine.\n\n - An out-of-bounds memory read issue in Pdfium JPEG2000 decoding.\n\n - An Uninitialized memory read in browser's media component.\n\n - An use-after-free in the extensions component.\n\n - A path restriction bypass in download implementation on Android.\n\n - An Address bar spoofing vulnerability.\n\n - The Extensions subsystem incorrectly relies on GetOrigin method calls for\n origin comparisons.\n\n - Multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code,\n to obtain sensitive information and to cause denial of service or possibly\n have other impact via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 50.0.2661.75 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 50.0.2661.75 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/04/stable-channel-update_13.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"50.0.2661.75\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"50.0.2661.75\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-12-13T08:16:35", "bulletinFamily": "scanner", "description": "Chromium was updated to 50.0.2661.75 to fix the following\nvulnerabilities :\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000\n decoding\n\n - CVE-2016-1652: Universal XSS in extension bindings\n\n - CVE-2016-1653: Out-of-bounds write in V8\n\n - CVE-2016-1654: Uninitialized memory read in media\n\n - CVE-2016-1655: Use-after-free related to extensions\n\n - CVE-2016-1656: Android downloaded file path restriction\n bypass\n\n - CVE-2016-1657: Address bar spoofing\n\n - CVE-2016-1658: Potential leak of sensitive information\n to malicious extensions\n\n - CVE-2016-1659: Various fixes from internal audits,\n fuzzing and other initiatives", "modified": "2019-12-02T00:00:00", "id": "OPENSUSE-2016-505.NASL", "href": "https://www.tenable.com/plugins/nessus/90702", "published": "2016-04-25T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2016-505)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-505.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90702);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:37:11 $\");\n\n script_cve_id(\"CVE-2016-1651\", \"CVE-2016-1652\", \"CVE-2016-1653\", \"CVE-2016-1654\", \"CVE-2016-1655\", \"CVE-2016-1656\", \"CVE-2016-1657\", \"CVE-2016-1658\", \"CVE-2016-1659\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-505)\");\n script_summary(english:\"Check for the openSUSE-2016-505 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 50.0.2661.75 to fix the following\nvulnerabilities :\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000\n decoding\n\n - CVE-2016-1652: Universal XSS in extension bindings\n\n - CVE-2016-1653: Out-of-bounds write in V8\n\n - CVE-2016-1654: Uninitialized memory read in media\n\n - CVE-2016-1655: Use-after-free related to extensions\n\n - CVE-2016-1656: Android downloaded file path restriction\n bypass\n\n - CVE-2016-1657: Address bar spoofing\n\n - CVE-2016-1658: Potential leak of sensitive information\n to malicious extensions\n\n - CVE-2016-1659: Various fixes from internal audits,\n fuzzing and other initiatives\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975572\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-50.0.2661.75-144.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-50.0.2661.75-144.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-50.0.2661.75-144.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-50.0.2661.75-144.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-50.0.2661.75-144.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-50.0.2661.75-144.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-50.0.2661.75-144.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-50.0.2661.75-144.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-50.0.2661.75-144.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T07:41:01", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Windows host is\nprior to 50.0.2661.75. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An out-of-bounds read error exists in PDFium in the\n sycc420_to_rgb() and sycc422_to_rgb() functions within\n file fxcodec/codec/fx_codec_jpx_opj.cpp that is\n triggered when decoding JPEG2000 images. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service or disclose memory contents.\n (CVE-2016-1651)\n\n - A cross-site scripting vulnerability exists due to\n a failure by extension bindings to validate input before\n returning it to users. An unauthenticated, remote\n attacker can exploit this, via a crafted request, to\n execute arbitrary script code in the user", "modified": "2019-12-02T00:00:00", "id": "GOOGLE_CHROME_50_0_2661_75.NASL", "href": "https://www.tenable.com/plugins/nessus/90542", "published": "2016-04-15T00:00:00", "title": "Google Chrome < 50.0.2661.75 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90542);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-1651\",\n \"CVE-2016-1652\",\n \"CVE-2016-1653\",\n \"CVE-2016-1654\",\n \"CVE-2016-1655\",\n \"CVE-2016-1656\",\n \"CVE-2016-1657\",\n \"CVE-2016-1658\",\n \"CVE-2016-1659\"\n );\n\n script_name(english:\"Google Chrome < 50.0.2661.75 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 50.0.2661.75. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An out-of-bounds read error exists in PDFium in the\n sycc420_to_rgb() and sycc422_to_rgb() functions within\n file fxcodec/codec/fx_codec_jpx_opj.cpp that is\n triggered when decoding JPEG2000 images. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service or disclose memory contents.\n (CVE-2016-1651)\n\n - A cross-site scripting vulnerability exists due to\n a failure by extension bindings to validate input before\n returning it to users. An unauthenticated, remote\n attacker can exploit this, via a crafted request, to\n execute arbitrary script code in the user's browser\n session. (CVE-2016-1652)\n\n - An out-of-bounds write error exists in Google V8,\n related to the LoadBuffer operator, that is triggered\n when handling typed arrays. An unauthenticated, remote\n attacker can exploit this to corrupt memory, resulting\n in a denial of service or the execution of arbitrary\n code. (CVE-2016-1653)\n\n - An uninitialized memory read error exists in media\n that allows an attacker to have an unspecified impact.\n No other details are available. (CVE-2016-1654)\n\n - A use-after-free error exists in extensions that is\n triggered when handling frame removal by content\n scripts. An unauthenticated, remote attacker can exploit\n this to dereference already freed memory, resulting in\n arbitrary code execution. (CVE-2016-1655)\n\n - A flaw exists, related to content disposition, due to\n the improper sanitization of the names of downloaded\n files. An unauthenticated, remote attacker can exploit\n this to bypass path restrictions. (CVE-2016-1656)\n\n - A flaw exists in the FocusLocationBarByDefault()\n function of the WebContentsImpl class within the file\n content/browser/web_contents/web_contents_impl.cc that\n allows an authenticated, remote attacker to spoof the\n address bar. (CVE-2016-1657)\n\n - An unspecified flaw exists that allows an\n unauthenticated, remote attacker to access sensitive\n information by using malicious extensions.\n (CVE-2016-1658)\n\n - Multiple vulnerabilities exist in Chrome, the most\n serious of which allow an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2016-1659)\");\n # http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2fb8d51\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 50.0.2661.75 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1659\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'50.0.2661.75', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:22:05", "bulletinFamily": "scanner", "description": "Chromium was updated to 50.0.2661.75 to fix the following\nvulnerabilities :\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000\n decoding\n\n - CVE-2016-1652: Universal XSS in extension bindings\n\n - CVE-2016-1653: Out-of-bounds write in V8\n\n - CVE-2016-1654: Uninitialized memory read in media\n\n - CVE-2016-1655: Use-after-free related to extensions\n\n - CVE-2016-1656: Android downloaded file path restriction\n bypass\n\n - CVE-2016-1657: Address bar spoofing\n\n - CVE-2016-1658: Potential leak of sensitive information\n to malicious extensions\n\n - CVE-2016-1659: Various fixes from internal audits,\n fuzzing and other initiatives\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "SUSE_SU-2016-1060-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90585", "published": "2016-04-19T00:00:00", "title": "SUSE SLES12 Security Update : Chromium (SUSE-SU-2016:1060-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1060-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90585);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/09/11 11:22:13\");\n\n script_cve_id(\"CVE-2016-1651\", \"CVE-2016-1652\", \"CVE-2016-1653\", \"CVE-2016-1654\", \"CVE-2016-1655\", \"CVE-2016-1656\", \"CVE-2016-1657\", \"CVE-2016-1658\", \"CVE-2016-1659\");\n\n script_name(english:\"SUSE SLES12 Security Update : Chromium (SUSE-SU-2016:1060-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 50.0.2661.75 to fix the following\nvulnerabilities :\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000\n decoding\n\n - CVE-2016-1652: Universal XSS in extension bindings\n\n - CVE-2016-1653: Out-of-bounds write in V8\n\n - CVE-2016-1654: Uninitialized memory read in media\n\n - CVE-2016-1655: Use-after-free related to extensions\n\n - CVE-2016-1656: Android downloaded file path restriction\n bypass\n\n - CVE-2016-1657: Address bar spoofing\n\n - CVE-2016-1658: Potential leak of sensitive information\n to malicious extensions\n\n - CVE-2016-1659: Various fixes from internal audits,\n fuzzing and other initiatives\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1651/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1652/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1653/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1654/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1655/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1656/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1658/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1659/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161060-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a0cc2bc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Package Hub for SUSE Linux Enterprise 12 :\n\nzypper in -t patch 4965=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"chromedriver-50.0.2661.75-68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"chromedriver-debuginfo-50.0.2661.75-68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"chromium-50.0.2661.75-68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"chromium-debuginfo-50.0.2661.75-68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"chromium-debugsource-50.0.2661.75-68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"chromium-desktop-gnome-50.0.2661.75-68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"chromium-desktop-kde-50.0.2661.75-68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"chromium-ffmpegsumo-50.0.2661.75-68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"chromium-ffmpegsumo-debuginfo-50.0.2661.75-68.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:54:06", "bulletinFamily": "scanner", "description": "An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 50.0.2661.75.\n\nSecurity Fix(es) :\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash,\nexecute arbitrary code, or disclose sensitive information when visited\nby the victim. (CVE-2016-1652, CVE-2016-1653, CVE-2016-1651,\nCVE-2016-1654, CVE-2016-1655, CVE-2016-1656, CVE-2016-1657,\nCVE-2016-1658, CVE-2016-1659)", "modified": "2019-12-02T00:00:00", "id": "REDHAT-RHSA-2016-0638.NASL", "href": "https://www.tenable.com/plugins/nessus/90570", "published": "2016-04-19T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2016:0638)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0638. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90570);\n script_version(\"2.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-1651\", \"CVE-2016-1652\", \"CVE-2016-1653\", \"CVE-2016-1654\", \"CVE-2016-1655\", \"CVE-2016-1656\", \"CVE-2016-1657\", \"CVE-2016-1658\", \"CVE-2016-1659\");\n script_xref(name:\"RHSA\", value:\"2016:0638\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2016:0638)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 50.0.2661.75.\n\nSecurity Fix(es) :\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash,\nexecute arbitrary code, or disclose sensitive information when visited\nby the victim. (CVE-2016-1652, CVE-2016-1653, CVE-2016-1651,\nCVE-2016-1654, CVE-2016-1655, CVE-2016-1656, CVE-2016-1657,\nCVE-2016-1658, CVE-2016-1659)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1659\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0638\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-50.0.2661.75-1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-50.0.2661.75-1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-50.0.2661.75-1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-50.0.2661.75-1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:16:12", "bulletinFamily": "scanner", "description": "Chromium was updated to 50.0.2661.75 to fix the following\nvulnerabilities :\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000\n decoding\n\n - CVE-2016-1652: Universal XSS in extension bindings\n\n - CVE-2016-1653: Out-of-bounds write in V8\n\n - CVE-2016-1654: Uninitialized memory read in media\n\n - CVE-2016-1655: Use-after-free related to extensions\n\n - CVE-2016-1656: Android downloaded file path restriction\n bypass\n\n - CVE-2016-1657: Address bar spoofing\n\n - CVE-2016-1658: Potential leak of sensitive information\n to malicious extensions\n\n - CVE-2016-1659: Various fixes from internal audits,\n fuzzing and other initiatives", "modified": "2019-12-02T00:00:00", "id": "OPENSUSE-2016-1061.NASL", "href": "https://www.tenable.com/plugins/nessus/90569", "published": "2016-04-19T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2016-1061)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1061.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90569);\n script_version(\"$Revision: 2.6 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:27:27 $\");\n\n script_cve_id(\"CVE-2016-1651\", \"CVE-2016-1652\", \"CVE-2016-1653\", \"CVE-2016-1654\", \"CVE-2016-1655\", \"CVE-2016-1656\", \"CVE-2016-1657\", \"CVE-2016-1658\", \"CVE-2016-1659\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-1061)\");\n script_summary(english:\"Check for the openSUSE-2016-1061 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 50.0.2661.75 to fix the following\nvulnerabilities :\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000\n decoding\n\n - CVE-2016-1652: Universal XSS in extension bindings\n\n - CVE-2016-1653: Out-of-bounds write in V8\n\n - CVE-2016-1654: Uninitialized memory read in media\n\n - CVE-2016-1655: Use-after-free related to extensions\n\n - CVE-2016-1656: Android downloaded file path restriction\n bypass\n\n - CVE-2016-1657: Address bar spoofing\n\n - CVE-2016-1658: Potential leak of sensitive information\n to malicious extensions\n\n - CVE-2016-1659: Various fixes from internal audits,\n fuzzing and other initiatives\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975572\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-50.0.2661.75-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-debuginfo-50.0.2661.75-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-50.0.2661.75-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-debuginfo-50.0.2661.75-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-debugsource-50.0.2661.75-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-gnome-50.0.2661.75-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-kde-50.0.2661.75-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-ffmpegsumo-50.0.2661.75-41.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-ffmpegsumo-debuginfo-50.0.2661.75-41.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T07:57:15", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Mac OS X host is\nprior to 50.0.2661.75. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An out-of-bounds read error exists in PDFium in the\n sycc420_to_rgb() and sycc422_to_rgb() functions within\n file fxcodec/codec/fx_codec_jpx_opj.cpp that is\n triggered when decoding JPEG2000 images. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service or disclose memory contents.\n (CVE-2016-1651)\n\n - A cross-site scripting vulnerability exists due to\n a failure by extension bindings to validate input before\n returning it to users. An unauthenticated, remote\n attacker can exploit this, via a crafted request, to\n execute arbitrary script code in the user", "modified": "2019-12-02T00:00:00", "id": "MACOSX_GOOGLE_CHROME_50_0_2661_75.NASL", "href": "https://www.tenable.com/plugins/nessus/90543", "published": "2016-04-15T00:00:00", "title": "Google Chrome < 50.0.2661.75 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90543);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-1651\",\n \"CVE-2016-1652\",\n \"CVE-2016-1653\",\n \"CVE-2016-1654\",\n \"CVE-2016-1655\",\n \"CVE-2016-1656\",\n \"CVE-2016-1657\",\n \"CVE-2016-1658\",\n \"CVE-2016-1659\"\n );\n\n script_name(english:\"Google Chrome < 50.0.2661.75 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Mac OS X host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 50.0.2661.75. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An out-of-bounds read error exists in PDFium in the\n sycc420_to_rgb() and sycc422_to_rgb() functions within\n file fxcodec/codec/fx_codec_jpx_opj.cpp that is\n triggered when decoding JPEG2000 images. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service or disclose memory contents.\n (CVE-2016-1651)\n\n - A cross-site scripting vulnerability exists due to\n a failure by extension bindings to validate input before\n returning it to users. An unauthenticated, remote\n attacker can exploit this, via a crafted request, to\n execute arbitrary script code in the user's browser\n session. (CVE-2016-1652)\n\n - An out-of-bounds write error exists in Google V8,\n related to the LoadBuffer operator, that is triggered\n when handling typed arrays. An unauthenticated, remote\n attacker can exploit this to corrupt memory, resulting\n in a denial of service or the execution of arbitrary\n code. (CVE-2016-1653)\n\n - An uninitialized memory read error exists in media\n that allows an attacker to have an unspecified impact.\n No other details are available. (CVE-2016-1654)\n\n - A use-after-free error exists in extensions that is\n triggered when handling frame removal by content\n scripts. An unauthenticated, remote attacker can exploit\n this to dereference already freed memory, resulting in\n arbitrary code execution. (CVE-2016-1655)\n\n - A flaw exists, related to content disposition, due to\n the improper sanitization of the names of downloaded\n files. An unauthenticated, remote attacker can exploit\n this to bypass path restrictions. (CVE-2016-1656)\n\n - A flaw exists in the FocusLocationBarByDefault()\n function of the WebContentsImpl class within the file\n content/browser/web_contents/web_contents_impl.cc that\n allows an authenticated, remote attacker to spoof the\n address bar. (CVE-2016-1657)\n\n - An unspecified flaw exists that allows an\n unauthenticated, remote attacker to access sensitive\n information by using malicious extensions.\n (CVE-2016-1658)\n\n - Multiple vulnerabilities exist in Chrome, the most\n serious of which allow an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2016-1659)\");\n # http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2fb8d51\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 50.0.2661.75 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1659\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'50.0.2661.75', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:16:35", "bulletinFamily": "scanner", "description": "Chromium was updated to 50.0.2661.75 to fix the following\nvulnerabilities :\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000\n decoding\n\n - CVE-2016-1652: Universal XSS in extension bindings\n\n - CVE-2016-1653: Out-of-bounds write in V8\n\n - CVE-2016-1654: Uninitialized memory read in media\n\n - CVE-2016-1655: Use-after-free related to extensions\n\n - CVE-2016-1656: Android downloaded file path restriction\n bypass\n\n - CVE-2016-1657: Address bar spoofing\n\n - CVE-2016-1658: Potential leak of sensitive information\n to malicious extensions\n\n - CVE-2016-1659: Various fixes from internal audits,\n fuzzing and other initiatives", "modified": "2019-12-02T00:00:00", "id": "OPENSUSE-2016-504.NASL", "href": "https://www.tenable.com/plugins/nessus/90701", "published": "2016-04-25T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2016-504)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-504.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90701);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:37:11 $\");\n\n script_cve_id(\"CVE-2016-1651\", \"CVE-2016-1652\", \"CVE-2016-1653\", \"CVE-2016-1654\", \"CVE-2016-1655\", \"CVE-2016-1656\", \"CVE-2016-1657\", \"CVE-2016-1658\", \"CVE-2016-1659\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-504)\");\n script_summary(english:\"Check for the openSUSE-2016-504 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 50.0.2661.75 to fix the following\nvulnerabilities :\n\n - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000\n decoding\n\n - CVE-2016-1652: Universal XSS in extension bindings\n\n - CVE-2016-1653: Out-of-bounds write in V8\n\n - CVE-2016-1654: Uninitialized memory read in media\n\n - CVE-2016-1655: Use-after-free related to extensions\n\n - CVE-2016-1656: Android downloaded file path restriction\n bypass\n\n - CVE-2016-1657: Address bar spoofing\n\n - CVE-2016-1658: Potential leak of sensitive information\n to malicious extensions\n\n - CVE-2016-1659: Various fixes from internal audits,\n fuzzing and other initiatives\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975572\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-50.0.2661.75-94.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-50.0.2661.75-94.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-50.0.2661.75-94.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-50.0.2661.75-94.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-50.0.2661.75-94.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-50.0.2661.75-94.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-50.0.2661.75-94.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-50.0.2661.75-94.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-50.0.2661.75-94.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T07:30:06", "bulletinFamily": "scanner", "description": "Google Chrome Releases reports :\n\n20 security fixes in this release, including :\n\n- [590275] High CVE-2016-1652: Universal XSS in extension bindings.\nCredit to anonymous.\n\n- [589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit to\nChoongwoo Han.\n\n- [591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000\ndecoding. Credit to kdot working with HP", "modified": "2019-12-02T00:00:00", "id": "FREEBSD_PKG_6D8505F0061411E6B39C00262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/90592", "published": "2016-04-20T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (6d8505f0-0614-11e6-b39c-00262d5ed8ee)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90592);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:45\");\n\n script_cve_id(\"CVE-2016-1651\", \"CVE-2016-1652\", \"CVE-2016-1653\", \"CVE-2016-1654\", \"CVE-2016-1655\", \"CVE-2016-1656\", \"CVE-2016-1657\", \"CVE-2016-1658\", \"CVE-2016-1659\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (6d8505f0-0614-11e6-b39c-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n20 security fixes in this release, including :\n\n- [590275] High CVE-2016-1652: Universal XSS in extension bindings.\nCredit to anonymous.\n\n- [589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit to\nChoongwoo Han.\n\n- [591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000\ndecoding. Credit to kdot working with HP's Zero Day Initiative.\n\n- [589512] Medium CVE-2016-1654: Uninitialized memory read in media.\nCredit to Atte Kettunen of OUSPG.\n\n- [582008] Medium CVE-2016-1655: Use-after-free related to extensions.\nCredit to Rob Wu.\n\n- [570750] Medium CVE-2016-1656: Android downloaded file path\nrestriction bypass. Credit to Dzmitry Lukyanenko.\n\n- [567445] Medium CVE-2016-1657: Address bar spoofing. Credit to Luan\nHerrera.\n\n- [573317] Low CVE-2016-1658: Potential leak of sensitive information\nto malicious extensions. Credit to Antonio Sanso (@asanso) of Adobe.\n\n- [602697] CVE-2016-1659: Various fixes from internal audits, fuzzing\nand other initiatives.\"\n );\n # http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e0db6fd\"\n );\n # https://vuxml.freebsd.org/freebsd/6d8505f0-0614-11e6-b39c-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c129d85\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<50.0.2661.75\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<50.0.2661.75\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<50.0.2661.75\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T07:33:54", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201605-02\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-12-02T00:00:00", "id": "GENTOO_GLSA-201605-02.NASL", "href": "https://www.tenable.com/plugins/nessus/91176", "published": "2016-05-17T00:00:00", "title": "GLSA-201605-02 : Chromium: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201605-02.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91176);\n script_version(\"$Revision: 2.6 $\");\n script_cvs_date(\"$Date: 2016/10/10 14:25:16 $\");\n\n script_cve_id(\"CVE-2016-1646\", \"CVE-2016-1647\", \"CVE-2016-1648\", \"CVE-2016-1649\", \"CVE-2016-1650\", \"CVE-2016-1651\", \"CVE-2016-1652\", \"CVE-2016-1653\", \"CVE-2016-1654\", \"CVE-2016-1655\", \"CVE-2016-1656\", \"CVE-2016-1657\", \"CVE-2016-1658\", \"CVE-2016-1659\", \"CVE-2016-1660\", \"CVE-2016-1661\", \"CVE-2016-1662\", \"CVE-2016-1663\", \"CVE-2016-1664\", \"CVE-2016-1665\", \"CVE-2016-1666\", \"CVE-2016-1667\", \"CVE-2016-1668\", \"CVE-2016-1669\", \"CVE-2016-1670\", \"CVE-2016-1671\");\n script_xref(name:\"GLSA\", value:\"201605-02\");\n\n script_name(english:\"GLSA-201605-02 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201605-02\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201605-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-client/chromium-50.0.2661.102'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 50.0.2661.102\"), vulnerable:make_list(\"lt 50.0.2661.102\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:55:29", "bulletinFamily": "info", "description": "Google on Wednesday pushed its third Chrome update since the beginning of March, patching a pair of high-severity vulnerabilities in the browser.\n\nYesterday\u2019s update brings Chrome to version 50.0.2662.75 and [patched 20 vulnerabilities](<http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html>), according to the Google Chrome Releases blog.\n\nEight of the bugs qualified for a reward under Google\u2019s bug bounty program, the remaining dozen bugs were found internally.\n\nTwo of the flaws were rated \u201cHigh\u201d severity by Google: one was a cross-site scripting flaw credited to an unnamed researcher, and the other an out-of-bounds write flaw in V8 found by Choongwoo Han, a South Korean researcher and student at the Korea Advanced Institute of Science and Technology. The two bugs earned rewards of $7,500 and $5,000 respectively.\n\nFollowing is a complete list of vulnerabilities that earned rewards:\n\n$7500][[590275](<https://crbug.com/590275>)] High CVE-2016-1652: Universal XSS in extension bindings. _Credit to anonymous._\n\n[$5000][[589792](<https://crbug.com/589792>)] High CVE-2016-1653: Out-of-bounds write in V8. _Credit to Choongwoo Han._\n\n[[591785](<https://crbug.com/591785>)] Medium CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. _Credit to kdot working with HP\u2019s Zero Day Initiative._\n\n[$1500][[589512](<https://crbug.com/589512>)] Medium CVE-2016-1654: Uninitialized memory read in media. _Credit to Atte Kettunen of OUSPG._\n\n[$1500][[582008](<https://crbug.com/582008>)] Medium CVE-2016-1655: Use-after-free related to extensions. _Credit to Rob Wu._\n\n[$500][[570750](<https://crbug.com/570750>)] Medium CVE-2016-1656: Android downloaded file path restriction bypass. _Credit to __[Dzmitry Lukyanenko](<https://www.linkedin.com/in/dzima>)_.\n\n[$1000][[567445](<https://crbug.com/567445>)] Medium CVE-2016-1657: Address bar spoofing. _Credit to Luan Herrera._\n\n[$500][[573317](<https://crbug.com/573317>)] Low CVE-2016-1658: Potential leak of sensitive information to malicious extensions. _Credit to Antonio Sanso (@asanso) of Adobe._\n\nOn March 25, [Google pushed out an update](<https://threatpost.com/google-fixes-four-critical-vulnerabilities-in-latest-chrome-build/116990/>) that addressed a number of flaws in Chrome disclosed during the [Pwn2Own](<https://threatpost.com/safari-flash-fall-at-pwn2own-2016-day-one/116837/>) [contest](<https://threatpost.com/pwn2own-day-two-safari-microsoft-edge-go-down-winner-crowned/116877/>) earlier in the month.\n", "modified": "2016-04-21T13:04:08", "published": "2016-04-14T08:00:02", "id": "THREATPOST:B7D3066EB579F6D060D4CEA75080D7AE", "href": "https://threatpost.com/latest-chrome-update-addresses-two-high-severity-vulnerabilities/117400/", "type": "threatpost", "title": "Google Chrome Security Update 50.0.2662.75", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-03-21T00:14:23", "bulletinFamily": "info", "description": "### *Detect date*:\n04/13/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, inject arbitrary code, cause denial of service or obtain sensitive information.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 50.0.2661.75\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Chrome](<https://www.google.com/chrome/browser/desktop/index.html>)\n\n### *Original advisories*:\n[Google chrome releases blog entry](<http://feedproxy.google.com/~r/GoogleChromeReleases/~3/sWdN1-CS2Vc/stable-channel-update_13.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2016-1659](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1659>)10.0Critical \n[CVE-2016-1658](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1658>)4.3Critical \n[CVE-2016-1657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1657>)4.3Critical \n[CVE-2016-1656](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1656>)5.0Critical \n[CVE-2016-1655](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1655>)6.8Critical \n[CVE-2016-1654](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1654>)4.3Critical \n[CVE-2016-1653](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1653>)9.3Critical \n[CVE-2016-1652](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1652>)4.3Critical \n[CVE-2016-1651](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1651>)5.8Critical", "modified": "2019-03-07T00:00:00", "published": "2016-04-13T00:00:00", "id": "KLA10783", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10783", "title": "\r KLA10783Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:06", "bulletinFamily": "unix", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-50.0.2661.102\"", "modified": "2016-05-14T00:00:00", "published": "2016-05-14T00:00:00", "id": "GLSA-201605-02", "href": "https://security.gentoo.org/glsa/201605-02", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
