ID CVE-2016-5130 Type cve Reporter cve@mitre.org Modified 2017-09-01T01:29:00
Description
content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.
{"nessus": [{"lastseen": "2019-02-21T01:27:37", "bulletinFamily": "scanner", "description": "Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service (application crash) or execute arbitrary code.\n(CVE-2016-1705)\n\nIt was discovered that the PPAPI implementation does not validate the origin of IPC messages to the plugin broker process. A remote attacker could potentially exploit this to bypass sandbox protection mechanisms. (CVE-2016-1706)\n\nIt was discovered that Blink does not prevent window creation by a deferred frame. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1710)\n\nIt was discovered that Blink does not disable frame navigation during a detach operation on a DocumentLoader object. A remote attacker could potentially exploit this to bypass same origin restrictions.\n(CVE-2016-1711)\n\nA use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5127)\n\nIt was discovered that objects.cc in V8 does not prevent API interceptors from modifying a store target without setting a property.\nA remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5128)\n\nA memory corruption was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5129)\n\nA security issue was discovered in Chromium. A remote attacker could potentially exploit this to spoof the currently displayed URL.\n(CVE-2016-5130)\n\nA use-after-free was discovered in libxml. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5131)\n\nThe Service Workers implementation in Chromium does not properly implement the Secure Contexts specification during decisions about whether to control a subframe. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5132)\n\nIt was discovered that Chromium mishandles origin information during proxy authentication. A man-in-the-middle attacker could potentially exploit this to spoof a proxy authentication login prompt.\n(CVE-2016-5133)\n\nIt was discovered that the Proxy Auto-Config (PAC) feature in Chromium does not ensure that URL information is restricted to a scheme, host and port. A remote attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5134)\n\nIt was discovered that Blink does not consider referrer-policy information inside an HTML document during a preload request. A remote attacker could potentially exploit this to bypass Content Security Policy (CSP) protections. (CVE-2016-5135)\n\nIt was discovered that the Content Security Policy (CSP) implementation in Blink does not apply http :80 policies to https :443 URLs. A remote attacker could potentially exploit this to determine whether a specific HSTS website has been visited by reading a CSP report. (CVE-2016-5137).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-3041-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92784", "published": "2016-08-08T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS : oxide-qt vulnerabilities (USN-3041-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3041-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92784);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2018/12/01 15:12:40\");\n\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5137\");\n script_xref(name:\"USN\", value:\"3041-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS : oxide-qt vulnerabilities (USN-3041-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service (application crash) or execute arbitrary code.\n(CVE-2016-1705)\n\nIt was discovered that the PPAPI implementation does not validate the\norigin of IPC messages to the plugin broker process. A remote attacker\ncould potentially exploit this to bypass sandbox protection\nmechanisms. (CVE-2016-1706)\n\nIt was discovered that Blink does not prevent window creation by a\ndeferred frame. A remote attacker could potentially exploit this to\nbypass same origin restrictions. (CVE-2016-1710)\n\nIt was discovered that Blink does not disable frame navigation during\na detach operation on a DocumentLoader object. A remote attacker could\npotentially exploit this to bypass same origin restrictions.\n(CVE-2016-1711)\n\nA use-after-free was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer process crash,\nor execute arbitrary code. (CVE-2016-5127)\n\nIt was discovered that objects.cc in V8 does not prevent API\ninterceptors from modifying a store target without setting a property.\nA remote attacker could potentially exploit this to bypass same origin\nrestrictions. (CVE-2016-5128)\n\nA memory corruption was discovered in V8. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer process crash,\nor execute arbitrary code. (CVE-2016-5129)\n\nA security issue was discovered in Chromium. A remote attacker could\npotentially exploit this to spoof the currently displayed URL.\n(CVE-2016-5130)\n\nA use-after-free was discovered in libxml. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer process crash,\nor execute arbitrary code. (CVE-2016-5131)\n\nThe Service Workers implementation in Chromium does not properly\nimplement the Secure Contexts specification during decisions about\nwhether to control a subframe. A remote attacker could potentially\nexploit this to bypass same origin restrictions. (CVE-2016-5132)\n\nIt was discovered that Chromium mishandles origin information during\nproxy authentication. A man-in-the-middle attacker could potentially\nexploit this to spoof a proxy authentication login prompt.\n(CVE-2016-5133)\n\nIt was discovered that the Proxy Auto-Config (PAC) feature in Chromium\ndoes not ensure that URL information is restricted to a scheme, host\nand port. A remote attacker could potentially exploit this to obtain\nsensitive information. (CVE-2016-5134)\n\nIt was discovered that Blink does not consider referrer-policy\ninformation inside an HTML document during a preload request. A remote\nattacker could potentially exploit this to bypass Content Security\nPolicy (CSP) protections. (CVE-2016-5135)\n\nIt was discovered that the Content Security Policy (CSP)\nimplementation in Blink does not apply http :80 policies to https :443\nURLs. A remote attacker could potentially exploit this to determine\nwhether a specific HSTS website has been visited by reading a CSP\nreport. (CVE-2016-5137).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3041-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liboxideqtcore0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.16.5-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.16.5-0ubuntu0.16.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:27:32", "bulletinFamily": "scanner", "description": "Chromium was updated to 52.0.2743.82 to fix the following security issues (boo#989901) :\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives", "modified": "2016-10-13T00:00:00", "id": "OPENSUSE-2016-900.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92550", "published": "2016-07-26T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2016-900)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-900.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92550);\n script_version(\"$Revision: 2.6 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:37:13 $\");\n\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-900)\");\n script_summary(english:\"Check for the openSUSE-2016-900 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 52.0.2743.82 to fix the following security\nissues (boo#989901) :\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service\n Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits,\n fuzzing and other initiatives\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989901\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-52.0.2743.82-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-52.0.2743.82-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-gnome-52.0.2743.82-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-kde-52.0.2743.82-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-ffmpegsumo-52.0.2743.82-61.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromium / chromium-desktop-gnome / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:27:33", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Windows host is prior to 52.0.2743.82. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified vulnerabilities exist that allow a remote attacker to cause a denial of service condition or possibly have other impact via unknown vectors.\n (CVE-2016-1705)\n\n - A sandbox protection bypass vulnerability exists in PPAPI due to a failure to validate the origin of IPC messages to the plugin broker process. An unauthenticated, remote attacker can exploit this to bypass the sandbox. (CVE-2016-1706)\n\n - A use-after-free error exists in Extensions due to a failure to consider object lifetimes during progress observation. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.\n (CVE-2016-1708)\n\n - An array indexing error exists in the ByteArray::Get() function in data/byte_array.cc due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-1709)\n\n - A same-origin bypass vulnerability exists in Blink due to a failure to prevent window creation by a deferred frame. A remote attacker can exploit this to bypass the same-origin policy. (CVE-2016-1710)\n\n - A same-origin bypass vulnerability exists in Blink due to a failure to disable frame navigation during a detach operation on a DocumentLoader object. A remote attacker can exploit this to bypass the same-origin policy.\n (CVE-2016-1711)\n\n - A use-after-free error exists in Blink in the previousLinePosition() function. An unauthenticated, remote attacker can exploit this, via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5127)\n\n - A same-origin bypass vulnerability exists in Google V8 due to a failure to prevent API interceptors from modifying a store target without setting a property. A remote attacker can exploit this to bypass the same-origin policy. (CVE-2016-5128)\n\n - A flaw exists in V8 due to improper processing of left-trimmed objects. An unauthenticated, remote attacker can exploit this, via crafted JavaScript code, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5129)\n\n - A flaw exists that is triggered when handling two forward navigations that compete in different frames. A remote attacker can exploit this to conduct a URL spoofing attack. (CVE-2016-5130)\n\n - A use-after-free error exists in libxml2 in the xmlXPtrRangeToFunction() function. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5131)\n\n - A same-origin bypass vulnerability exists in the Service Workers subsystem due to a failure to properly implement the Secure Contexts specification during decisions about whether to control a subframe. A remote attacker can exploit this to bypass the same-origin policy.\n (CVE-2016-5132)\n\n - A flaw exists in the handling of origin information during proxy authentication that allows a man-in-the-middle attacker to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. (CVE-2016-5133)\n\n - A validation flaw exists in the Proxy Auto-Config (PAC) feature due to a failure to ensure that URL information is restricted to a scheme, host, and port. A remote attacker can exploit this to disclose credentials by operating a server with a PAC script. (CVE-2016-5134)\n\n - A cross-origin bypass vulnerability exists in Blink due to a failure to consider referrer-policy information inside an HTML document during a preload request. A remote attacker can exploit this to bypass the Content Security Policy (CSP) protection mechanism.\n (CVE-2016-5135)\n\n - A use-after-free error exists in Extensions that allows a remote attacker to dereference already freed memory, resulting in the execution of arbitrary code with elevated privileges. (CVE-2016-5136)\n\n - An information disclosure vulnerability exists in Blink when handling HTTP vs HTTPs ports in source expressions.\n An unauthenticated, remote attacker can exploit this to determine whether a specific HTTP Strict Transport Security (HSTS) web site has been visited by reading a CSP report. (CVE-2016-5137)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-07-12T00:00:00", "id": "GOOGLE_CHROME_52_0_2743_82.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92628", "published": "2016-07-29T00:00:00", "title": "Google Chrome < 52.0.2743.82 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92628);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\n \"CVE-2016-1705\",\n \"CVE-2016-1706\",\n \"CVE-2016-1708\",\n \"CVE-2016-1709\",\n \"CVE-2016-1710\",\n \"CVE-2016-1711\",\n \"CVE-2016-5127\",\n \"CVE-2016-5128\",\n \"CVE-2016-5129\",\n \"CVE-2016-5130\",\n \"CVE-2016-5131\",\n \"CVE-2016-5132\",\n \"CVE-2016-5133\",\n \"CVE-2016-5134\",\n \"CVE-2016-5135\",\n \"CVE-2016-5136\",\n \"CVE-2016-5137\"\n );\n script_bugtraq_id(92053);\n\n script_name(english:\"Google Chrome < 52.0.2743.82 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 52.0.2743.82. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple unspecified vulnerabilities exist that allow a\n remote attacker to cause a denial of service condition\n or possibly have other impact via unknown vectors.\n (CVE-2016-1705)\n\n - A sandbox protection bypass vulnerability exists in\n PPAPI due to a failure to validate the origin of IPC\n messages to the plugin broker process. An\n unauthenticated, remote attacker can exploit this to\n bypass the sandbox. (CVE-2016-1706)\n\n - A use-after-free error exists in Extensions due to a\n failure to consider object lifetimes during progress\n observation. An unauthenticated, remote attacker can\n exploit this to dereference already freed memory,\n resulting in the execution of arbitrary code.\n (CVE-2016-1708)\n\n - An array indexing error exists in the ByteArray::Get()\n function in data/byte_array.cc due to improper \n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-1709)\n\n - A same-origin bypass vulnerability exists in Blink due\n to a failure to prevent window creation by a deferred\n frame. A remote attacker can exploit this to bypass the\n same-origin policy. (CVE-2016-1710)\n\n - A same-origin bypass vulnerability exists in Blink due\n to a failure to disable frame navigation during a detach\n operation on a DocumentLoader object. A remote attacker\n can exploit this to bypass the same-origin policy.\n (CVE-2016-1711)\n\n - A use-after-free error exists in Blink in the\n previousLinePosition() function. An unauthenticated,\n remote attacker can exploit this, via crafted JavaScript\n code involving an @import at-rule in a Cascading Style\n Sheets (CSS) token sequence in conjunction with a\n rel=import attribute of a LINK element, to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2016-5127)\n\n - A same-origin bypass vulnerability exists in Google V8\n due to a failure to prevent API interceptors from\n modifying a store target without setting a property. A\n remote attacker can exploit this to bypass the\n same-origin policy. (CVE-2016-5128)\n\n - A flaw exists in V8 due to improper processing of\n left-trimmed objects. An unauthenticated, remote\n attacker can exploit this, via crafted JavaScript code,\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2016-5129)\n\n - A flaw exists that is triggered when handling two\n forward navigations that compete in different frames. A\n remote attacker can exploit this to conduct a URL\n spoofing attack. (CVE-2016-5130)\n\n - A use-after-free error exists in libxml2 in the\n xmlXPtrRangeToFunction() function. An unauthenticated,\n remote attacker can exploit this to dereference already\n freed memory, resulting in the execution of arbitrary\n code. (CVE-2016-5131)\n\n - A same-origin bypass vulnerability exists in the Service\n Workers subsystem due to a failure to properly implement\n the Secure Contexts specification during decisions about\n whether to control a subframe. A remote attacker can\n exploit this to bypass the same-origin policy.\n (CVE-2016-5132)\n\n - A flaw exists in the handling of origin information\n during proxy authentication that allows a\n man-in-the-middle attacker to spoof a\n proxy-authentication login prompt or trigger incorrect\n credential storage by modifying the client-server data\n stream. (CVE-2016-5133)\n\n - A validation flaw exists in the Proxy Auto-Config (PAC)\n feature due to a failure to ensure that URL information\n is restricted to a scheme, host, and port. A remote\n attacker can exploit this to disclose credentials by\n operating a server with a PAC script. (CVE-2016-5134)\n\n - A cross-origin bypass vulnerability exists in Blink due\n to a failure to consider referrer-policy information\n inside an HTML document during a preload request. A\n remote attacker can exploit this to bypass the Content\n Security Policy (CSP) protection mechanism.\n (CVE-2016-5135)\n\n - A use-after-free error exists in Extensions that allows\n a remote attacker to dereference already freed memory,\n resulting in the execution of arbitrary code with\n elevated privileges. (CVE-2016-5136)\n\n - An information disclosure vulnerability exists in Blink\n when handling HTTP vs HTTPs ports in source expressions.\n An unauthenticated, remote attacker can exploit this to\n determine whether a specific HTTP Strict Transport\n Security (HSTS) web site has been visited by reading a\n CSP report. (CVE-2016-5137)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c7c32d0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 52.0.2743.82 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'52.0.2743.82', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:27:31", "bulletinFamily": "scanner", "description": "Google Chrome Releases reports :\n\n48 security fixes in this release, including :\n\n- [610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie xisigr of Tencent's Xuanwu Lab\n\n- [613949] High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan\n\n- [614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team\n\n- [616907] High CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski\n\n- [617495] High CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski\n\n- [618237] High CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer\n\n- [619166] High CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous\n\n- [620553] High CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin\n\n- [623319] High CVE-2016-5130: URL spoofing. Credit to Wadih Matar\n\n- [623378] High CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer\n\n- [607543] Medium CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly\n\n- [613626] Medium CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor\n\n- [593759] Medium CVE-2016-5134: URL leakage via PAC script. Credit to Paul Stone\n\n- [605451] Medium CVE-2016-5135: Content-Security-Policy bypass.\nCredit to kingxwy\n\n- [625393] Medium CVE-2016-5136: Use after free in extensions. Credit to Rob Wu\n\n- [625945] Medium CVE-2016-5137: History sniffing with HSTS and CSP.\nCredit to Xiaoyin Liu\n\n- [629852] CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_6FAE9FE1504811E68AA73065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92537", "published": "2016-07-25T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92537);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:45\");\n\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n48 security fixes in this release, including :\n\n- [610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to\nPinkie Pie xisigr of Tencent's Xuanwu Lab\n\n- [613949] High CVE-2016-1708: Use-after-free in Extensions. Credit to\nAdam Varsan\n\n- [614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit\nto ChenQin of Topsec Security Team\n\n- [616907] High CVE-2016-1710: Same-origin bypass in Blink. Credit to\nMariusz Mlynski\n\n- [617495] High CVE-2016-1711: Same-origin bypass in Blink. Credit to\nMariusz Mlynski\n\n- [618237] High CVE-2016-5127: Use-after-free in Blink. Credit to\ncloudfuzzer\n\n- [619166] High CVE-2016-5128: Same-origin bypass in V8. Credit to\nAnonymous\n\n- [620553] High CVE-2016-5129: Memory corruption in V8. Credit to\nJeonghoon Shin\n\n- [623319] High CVE-2016-5130: URL spoofing. Credit to Wadih Matar\n\n- [623378] High CVE-2016-5131: Use-after-free in libxml. Credit to\nNick Wellnhofer\n\n- [607543] Medium CVE-2016-5132: Limited same-origin bypass in Service\nWorkers. Credit to Ben Kelly\n\n- [613626] Medium CVE-2016-5133: Origin confusion in proxy\nauthentication. Credit to Patch Eudor\n\n- [593759] Medium CVE-2016-5134: URL leakage via PAC script. Credit to\nPaul Stone\n\n- [605451] Medium CVE-2016-5135: Content-Security-Policy bypass.\nCredit to kingxwy\n\n- [625393] Medium CVE-2016-5136: Use after free in extensions. Credit\nto Rob Wu\n\n- [625945] Medium CVE-2016-5137: History sniffing with HSTS and CSP.\nCredit to Xiaoyin Liu\n\n- [629852] CVE-2016-1705: Various fixes from internal audits, fuzzing\nand other initiatives.\"\n );\n # https://googlechromereleases.blogspot.nl/2016/07/stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f4bd83a\"\n );\n # https://vuxml.freebsd.org/freebsd/6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e67e600e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<52.0.2743.82\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<52.0.2743.82\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<52.0.2743.82\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:27:32", "bulletinFamily": "scanner", "description": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 52.0.2743.82.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1706, CVE-2016-1708, CVE-2016-1709, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5136, CVE-2016-5137, CVE-2016-1705)", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2016-1485.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92552", "published": "2016-07-26T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2016:1485)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1485. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92552);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:55\");\n\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_xref(name:\"RHSA\", value:\"2016:1485\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2016:1485)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 52.0.2743.82.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Chromium\nto crash, execute arbitrary code, or disclose sensitive information\nwhen visited by the victim. (CVE-2016-1706, CVE-2016-1708,\nCVE-2016-1709, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127,\nCVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131,\nCVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135,\nCVE-2016-5136, CVE-2016-5137, CVE-2016-1705)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5137\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1485\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-52.0.2743.82-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-52.0.2743.82-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-52.0.2743.82-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-52.0.2743.82-1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:27:34", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing.\n\n - CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing.\n\n - CVE-2016-1706 Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\n - CVE-2016-1707 xisigr discovered a URL spoofing issue.\n\n - CVE-2016-1708 Adam Varsan discovered a use-after-free issue.\n\n - CVE-2016-1709 ChenQin discovered a buffer overflow issue in the sfntly library.\n\n - CVE-2016-1710 Mariusz Mlynski discovered a same-origin bypass.\n\n - CVE-2016-1711 Mariusz Mlynski discovered another same-origin bypass.\n\n - CVE-2016-5127 cloudfuzzer discovered a use-after-free issue.\n\n - CVE-2016-5128 A same-origin bypass issue was discovered in the v8 JavaScript library.\n\n - CVE-2016-5129 Jeonghoon Shin discovered a memory corruption issue in the v8 JavaScript library.\n\n - CVE-2016-5130 Widih Matar discovered a URL spoofing issue.\n\n - CVE-2016-5131 Nick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\n - CVE-2016-5132 Ben Kelly discovered a same-origin bypass.\n\n - CVE-2016-5133 Patch Eudor discovered an issue in proxy authentication.\n\n - CVE-2016-5134 Paul Stone discovered an information leak in the Proxy Auto-Config feature.\n\n - CVE-2016-5135 ShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\n - CVE-2016-5136 Rob Wu discovered a use-after-free issue.\n\n - CVE-2016-5137 Xiaoyin Liu discovered a way to discover whether an HSTS website had been visited.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3637.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92666", "published": "2016-08-02T00:00:00", "title": "Debian DSA-3637-1 : chromium-browser - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3637. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92666);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2016-1704\", \"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_xref(name:\"DSA\", value:\"3637\");\n\n script_name(english:\"Debian DSA-3637-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2016-1704\n The chrome development team found and fixed various\n issues during internal auditing.\n\n - CVE-2016-1705\n The chrome development team found and fixed various\n issues during internal auditing.\n\n - CVE-2016-1706\n Pinkie Pie discovered a way to escape the Pepper Plugin\n API sandbox.\n\n - CVE-2016-1707\n xisigr discovered a URL spoofing issue.\n\n - CVE-2016-1708\n Adam Varsan discovered a use-after-free issue.\n\n - CVE-2016-1709\n ChenQin discovered a buffer overflow issue in the sfntly\n library.\n\n - CVE-2016-1710\n Mariusz Mlynski discovered a same-origin bypass.\n\n - CVE-2016-1711\n Mariusz Mlynski discovered another same-origin bypass.\n\n - CVE-2016-5127\n cloudfuzzer discovered a use-after-free issue.\n\n - CVE-2016-5128\n A same-origin bypass issue was discovered in the v8\n JavaScript library.\n\n - CVE-2016-5129\n Jeonghoon Shin discovered a memory corruption issue in\n the v8 JavaScript library.\n\n - CVE-2016-5130\n Widih Matar discovered a URL spoofing issue.\n\n - CVE-2016-5131\n Nick Wellnhofer discovered a use-after-free issue in the\n libxml2 library.\n\n - CVE-2016-5132\n Ben Kelly discovered a same-origin bypass.\n\n - CVE-2016-5133\n Patch Eudor discovered an issue in proxy authentication.\n\n - CVE-2016-5134\n Paul Stone discovered an information leak in the Proxy\n Auto-Config feature.\n\n - CVE-2016-5135\n ShenYeYinJiu discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2016-5136\n Rob Wu discovered a use-after-free issue.\n\n - CVE-2016-5137\n Xiaoyin Liu discovered a way to discover whether an HSTS\n website had been visited.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3637\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 52.0.2743.82-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"chromedriver\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-dbg\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-inspector\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-l10n\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:27:34", "bulletinFamily": "scanner", "description": "Chromium was updated to 52.0.2743.82 to fix the following security issues (boo#989901) :\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives", "modified": "2016-10-13T00:00:00", "id": "OPENSUSE-2016-919.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92655", "published": "2016-08-01T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2016-919)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-919.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92655);\n script_version(\"$Revision: 2.6 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:37:13 $\");\n\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-919)\");\n script_summary(english:\"Check for the openSUSE-2016-919 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 52.0.2743.82 to fix the following security\nissues (boo#989901) :\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service\n Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits,\n fuzzing and other initiatives\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989901\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-52.0.2743.82-150.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:27:32", "bulletinFamily": "scanner", "description": "Chromium was updated to 52.0.2743.82 to fix the following security issues (boo#989901) :\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives", "modified": "2016-10-13T00:00:00", "id": "OPENSUSE-2016-901.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92551", "published": "2016-07-26T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2016-901)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-901.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92551);\n script_version(\"$Revision: 2.6 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:37:13 $\");\n\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-901)\");\n script_summary(english:\"Check for the openSUSE-2016-901 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 52.0.2743.82 to fix the following security\nissues (boo#989901) :\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service\n Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits,\n fuzzing and other initiatives\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989901\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"chromedriver-debuginfo-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"chromium-debuginfo-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"chromium-debugsource-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"chromium-ffmpegsumo-debuginfo-52.0.2743.82-111.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromium / chromium-desktop-gnome / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:27:33", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Mac OS X host is prior to 52.0.2743.82. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified vulnerabilities exist that allow a remote attacker to cause a denial of service condition or possibly have other impact via unknown vectors.\n (CVE-2016-1705)\n\n - A sandbox protection bypass vulnerability exists in PPAPI due to a failure to validate the origin of IPC messages to the plugin broker process. An unauthenticated, remote attacker can exploit this to bypass the sandbox. (CVE-2016-1706)\n\n - A use-after-free error exists in Extensions due to a failure to consider object lifetimes during progress observation. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.\n (CVE-2016-1708)\n\n - An array indexing error exists in the ByteArray::Get() function in data/byte_array.cc due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-1709)\n\n - A same-origin bypass vulnerability exists in Blink due to a failure to prevent window creation by a deferred frame. A remote attacker can exploit this to bypass the same-origin policy. (CVE-2016-1710)\n\n - A same-origin bypass vulnerability exists in Blink due to a failure to disable frame navigation during a detach operation on a DocumentLoader object. A remote attacker can exploit this to bypass the same-origin policy.\n (CVE-2016-1711)\n\n - A use-after-free error exists in Blink in the previousLinePosition() function. An unauthenticated, remote attacker can exploit this, via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5127)\n\n - A same-origin bypass vulnerability exists in Google V8 due to a failure to prevent API interceptors from modifying a store target without setting a property. A remote attacker can exploit this to bypass the same-origin policy. (CVE-2016-5128)\n\n - A flaw exists in V8 due to improper processing of left-trimmed objects. An unauthenticated, remote attacker can exploit this, via crafted JavaScript code, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5129)\n\n - A flaw exists that is triggered when handling two forward navigations that compete in different frames. A remote attacker can exploit this to conduct a URL spoofing attack. (CVE-2016-5130)\n\n - A use-after-free error exists in libxml2 in the xmlXPtrRangeToFunction() function. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5131)\n\n - A same-origin bypass vulnerability exists in the Service Workers subsystem due to a failure to properly implement the Secure Contexts specification during decisions about whether to control a subframe. A remote attacker can exploit this to bypass the same-origin policy.\n (CVE-2016-5132)\n\n - A flaw exists in the handling of origin information during proxy authentication that allows a man-in-the-middle attacker to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. (CVE-2016-5133)\n\n - A validation flaw exists in the Proxy Auto-Config (PAC) feature due to a failure to ensure that URL information is restricted to a scheme, host, and port. A remote attacker can exploit this to disclose credentials by operating a server with a PAC script. (CVE-2016-5134)\n\n - A cross-origin bypass vulnerability exists in Blink due to a failure to consider referrer-policy information inside an HTML document during a preload request. A remote attacker can exploit this to bypass the Content Security Policy (CSP) protection mechanism.\n (CVE-2016-5135)\n\n - A use-after-free error exists in Extensions that allows a remote attacker to dereference already freed memory, resulting in the execution of arbitrary code with elevated privileges. (CVE-2016-5136)\n\n - An information disclosure vulnerability exists in Blink when handling HTTP vs HTTPs ports in source expressions.\n An unauthenticated, remote attacker can exploit this to determine whether a specific HTTP Strict Transport Security (HSTS) web site has been visited by reading a CSP report. (CVE-2016-5137)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-07-14T00:00:00", "id": "MACOSX_GOOGLE_CHROME_52_0_2743_82.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92629", "published": "2016-07-29T00:00:00", "title": "Google Chrome < 52.0.2743.82 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92629);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2016-1705\",\n \"CVE-2016-1706\",\n \"CVE-2016-1708\",\n \"CVE-2016-1709\",\n \"CVE-2016-1710\",\n \"CVE-2016-1711\",\n \"CVE-2016-5127\",\n \"CVE-2016-5128\",\n \"CVE-2016-5129\",\n \"CVE-2016-5130\",\n \"CVE-2016-5131\",\n \"CVE-2016-5132\",\n \"CVE-2016-5133\",\n \"CVE-2016-5134\",\n \"CVE-2016-5135\",\n \"CVE-2016-5136\",\n \"CVE-2016-5137\"\n );\n script_bugtraq_id(92053);\n\n script_name(english:\"Google Chrome < 52.0.2743.82 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Mac OS X host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 52.0.2743.82. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple unspecified vulnerabilities exist that allow a\n remote attacker to cause a denial of service condition\n or possibly have other impact via unknown vectors.\n (CVE-2016-1705)\n\n - A sandbox protection bypass vulnerability exists in\n PPAPI due to a failure to validate the origin of IPC\n messages to the plugin broker process. An\n unauthenticated, remote attacker can exploit this to\n bypass the sandbox. (CVE-2016-1706)\n\n - A use-after-free error exists in Extensions due to a\n failure to consider object lifetimes during progress\n observation. An unauthenticated, remote attacker can\n exploit this to dereference already freed memory,\n resulting in the execution of arbitrary code.\n (CVE-2016-1708)\n\n - An array indexing error exists in the ByteArray::Get()\n function in data/byte_array.cc due to improper \n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-1709)\n\n - A same-origin bypass vulnerability exists in Blink due\n to a failure to prevent window creation by a deferred\n frame. A remote attacker can exploit this to bypass the\n same-origin policy. (CVE-2016-1710)\n\n - A same-origin bypass vulnerability exists in Blink due\n to a failure to disable frame navigation during a detach\n operation on a DocumentLoader object. A remote attacker\n can exploit this to bypass the same-origin policy.\n (CVE-2016-1711)\n\n - A use-after-free error exists in Blink in the\n previousLinePosition() function. An unauthenticated,\n remote attacker can exploit this, via crafted JavaScript\n code involving an @import at-rule in a Cascading Style\n Sheets (CSS) token sequence in conjunction with a\n rel=import attribute of a LINK element, to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2016-5127)\n\n - A same-origin bypass vulnerability exists in Google V8\n due to a failure to prevent API interceptors from\n modifying a store target without setting a property. A\n remote attacker can exploit this to bypass the\n same-origin policy. (CVE-2016-5128)\n\n - A flaw exists in V8 due to improper processing of\n left-trimmed objects. An unauthenticated, remote\n attacker can exploit this, via crafted JavaScript code,\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2016-5129)\n\n - A flaw exists that is triggered when handling two\n forward navigations that compete in different frames. A\n remote attacker can exploit this to conduct a URL\n spoofing attack. (CVE-2016-5130)\n\n - A use-after-free error exists in libxml2 in the\n xmlXPtrRangeToFunction() function. An unauthenticated,\n remote attacker can exploit this to dereference already\n freed memory, resulting in the execution of arbitrary\n code. (CVE-2016-5131)\n\n - A same-origin bypass vulnerability exists in the Service\n Workers subsystem due to a failure to properly implement\n the Secure Contexts specification during decisions about\n whether to control a subframe. A remote attacker can\n exploit this to bypass the same-origin policy.\n (CVE-2016-5132)\n\n - A flaw exists in the handling of origin information\n during proxy authentication that allows a\n man-in-the-middle attacker to spoof a\n proxy-authentication login prompt or trigger incorrect\n credential storage by modifying the client-server data\n stream. (CVE-2016-5133)\n\n - A validation flaw exists in the Proxy Auto-Config (PAC)\n feature due to a failure to ensure that URL information\n is restricted to a scheme, host, and port. A remote\n attacker can exploit this to disclose credentials by\n operating a server with a PAC script. (CVE-2016-5134)\n\n - A cross-origin bypass vulnerability exists in Blink due\n to a failure to consider referrer-policy information\n inside an HTML document during a preload request. A\n remote attacker can exploit this to bypass the Content\n Security Policy (CSP) protection mechanism.\n (CVE-2016-5135)\n\n - A use-after-free error exists in Extensions that allows\n a remote attacker to dereference already freed memory,\n resulting in the execution of arbitrary code with\n elevated privileges. (CVE-2016-5136)\n\n - An information disclosure vulnerability exists in Blink\n when handling HTTP vs HTTPs ports in source expressions.\n An unauthenticated, remote attacker can exploit this to\n determine whether a specific HTTP Strict Transport\n Security (HSTS) web site has been visited by reading a\n CSP report. (CVE-2016-5137)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c7c32d0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 52.0.2743.82 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'52.0.2743.82', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:28:17", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201610-09 (Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2016-11-14T00:00:00", "id": "GENTOO_GLSA-201610-09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=94420", "published": "2016-10-31T00:00:00", "title": "GLSA-201610-09 : Chromium: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201610-09.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94420);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/11/14 14:40:46 $\");\n\n script_cve_id(\"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\", \"CVE-2016-5138\", \"CVE-2016-5139\", \"CVE-2016-5140\", \"CVE-2016-5141\", \"CVE-2016-5142\", \"CVE-2016-5143\", \"CVE-2016-5144\", \"CVE-2016-5145\", \"CVE-2016-5146\", \"CVE-2016-5147\", \"CVE-2016-5148\", \"CVE-2016-5149\", \"CVE-2016-5150\", \"CVE-2016-5151\", \"CVE-2016-5152\", \"CVE-2016-5153\", \"CVE-2016-5154\", \"CVE-2016-5155\", \"CVE-2016-5156\", \"CVE-2016-5157\", \"CVE-2016-5158\", \"CVE-2016-5159\", \"CVE-2016-5160\", \"CVE-2016-5161\", \"CVE-2016-5162\", \"CVE-2016-5163\", \"CVE-2016-5164\", \"CVE-2016-5165\", \"CVE-2016-5166\", \"CVE-2016-5167\", \"CVE-2016-5170\", \"CVE-2016-5171\", \"CVE-2016-5172\", \"CVE-2016-5173\", \"CVE-2016-5174\", \"CVE-2016-5175\", \"CVE-2016-5177\", \"CVE-2016-5178\", \"CVE-2016-5181\", \"CVE-2016-5182\", \"CVE-2016-5183\", \"CVE-2016-5184\", \"CVE-2016-5185\", \"CVE-2016-5186\", \"CVE-2016-5187\", \"CVE-2016-5188\", \"CVE-2016-5189\", \"CVE-2016-5190\", \"CVE-2016-5191\", \"CVE-2016-5192\", \"CVE-2016-5193\", \"CVE-2016-5194\");\n script_xref(name:\"GLSA\", value:\"201610-09\");\n\n script_name(english:\"GLSA-201610-09 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201610-09\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201610-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-54.0.2840.59'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 54.0.2840.59\"), vulnerable:make_list(\"lt 54.0.2840.59\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:37", "bulletinFamily": "unix", "description": "\nGoogle Chrome Releases reports:\n\n48 security fixes in this release, including:\n\n[610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to\n\t Pinkie Pie xisigr of Tencent's Xuanwu Lab\n[613949] High CVE-2016-1708: Use-after-free in Extensions.\n\t Credit to Adam Varsan\n[614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly.\n\t Credit to ChenQin of Topsec Security Team\n[616907] High CVE-2016-1710: Same-origin bypass in Blink.\n\t Credit to Mariusz Mlynski\n[617495] High CVE-2016-1711: Same-origin bypass in Blink.\n\t Credit to Mariusz Mlynski\n[618237] High CVE-2016-5127: Use-after-free in Blink. Credit\n\t to cloudfuzzer\n[619166] High CVE-2016-5128: Same-origin bypass in V8. Credit\n\t to Anonymous\n[620553] High CVE-2016-5129: Memory corruption in V8. Credit to\n\t Jeonghoon Shin\n[623319] High CVE-2016-5130: URL spoofing. Credit to Wadih\n\t Matar\n[623378] High CVE-2016-5131: Use-after-free in libxml. Credit\n\t to Nick Wellnhofer\n[607543] Medium CVE-2016-5132: Limited same-origin bypass in\n\t Service Workers. Credit to Ben Kelly\n[613626] Medium CVE-2016-5133: Origin confusion in proxy\n\t authentication. Credit to Patch Eudor\n[593759] Medium CVE-2016-5134: URL leakage via PAC script.\n\t Credit to Paul Stone\n[605451] Medium CVE-2016-5135: Content-Security-Policy bypass.\n\t Credit to kingxwy\n[625393] Medium CVE-2016-5136: Use after free in extensions.\n\t Credit to Rob Wu\n[625945] Medium CVE-2016-5137: History sniffing with HSTS and\n\t CSP. Credit to Xiaoyin Liu\n[629852] CVE-2016-1705: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n\n\n", "modified": "2016-07-20T00:00:00", "published": "2016-07-20T00:00:00", "id": "6FAE9FE1-5048-11E6-8AA7-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:43", "bulletinFamily": "unix", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 52.0.2743.82.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1706, CVE-2016-1708, CVE-2016-1709, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5136, CVE-2016-5137, CVE-2016-1705)", "modified": "2018-06-07T09:04:10", "published": "2016-07-26T09:05:36", "id": "RHSA-2016:1485", "href": "https://access.redhat.com/errata/RHSA-2016:1485", "type": "redhat", "title": "(RHSA-2016:1485) Important: chromium-browser security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:19", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1704\nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1705\nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1706\nPinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707\nxisigr discovered a URL spoofing issue.\n\nCVE-2016-1708\nAdam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709\nChenQin discovered a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710\nMariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711\nMariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127\ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128\nA same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129\nJeonghoon Shin discovered a memory corruption issue in the v8 javascript\nlibrary.\n\nCVE-2016-5130\nWidih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131\nNick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132\nBen Kelly discovered a same-origin bypass.\n\nCVE-2016-5133\nPatch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134\nPaul Stone discovered an information leak in the Proxy Auto-Config\nfeature.\n\nCVE-2016-5135\nShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136\nRob Wu discovered a use-after-free issue.\n\nCVE-2016-5137\nXiaoyin Liu discovered a way to discover whether an HSTS web side had been\nvisited.", "modified": "2019-03-18T00:00:00", "published": "2016-08-04T00:00:00", "id": "OPENVAS:1361412562310703637", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703637", "title": "Debian Security Advisory DSA 3637-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3637.nasl 3798 2016-08-04 11:01:10Z antu123 $\n# Auto-generated from advisory DSA 3637-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703637\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-1704\", \"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\",\n \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\",\n \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\",\n \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\",\n \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_name(\"Debian Security Advisory DSA 3637-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:39 +0530 (Thu, 04 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3637.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 52.0.2743.82-1~deb8u1.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems\nhave been fixed in version 52.0.2743.82-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1704\nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1705\nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1706\nPinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707\nxisigr discovered a URL spoofing issue.\n\nCVE-2016-1708\nAdam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709\nChenQin discovered a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710\nMariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711\nMariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127\ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128\nA same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129\nJeonghoon Shin discovered a memory corruption issue in the v8 javascript\nlibrary.\n\nCVE-2016-5130\nWidih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131\nNick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132\nBen Kelly discovered a same-origin bypass.\n\nCVE-2016-5133\nPatch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134\nPaul Stone discovered an information leak in the Proxy Auto-Config\nfeature.\n\nCVE-2016-5135\nShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136\nRob Wu discovered a use-after-free issue.\n\nCVE-2016-5137\nXiaoyin Liu discovered a way to discover whether an HSTS web side had been\nvisited.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.82-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.82-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.82-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:40", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-08-06T00:00:00", "id": "OPENVAS:1361412562310842848", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842848", "title": "Ubuntu Update for oxide-qt USN-3041-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for oxide-qt USN-3041-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842848\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-06 05:37:10 +0200 (Sat, 06 Aug 2016)\");\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1710\", \"CVE-2016-1711\",\n\t\t\"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\",\n \t\t\"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\",\n \t\t\"CVE-2016-5135\", \"CVE-2016-5137\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for oxide-qt USN-3041-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered\n in Chromium. If a user were tricked in to opening a specially crafted website,\n an attacker could potentially exploit these to read uninitialized memory,\n cause a denial of service (application crash) or execute arbitrary code.\n (CVE-2016-1705)\n\nIt was discovered that the PPAPI implementation does not validate the\norigin of IPC messages to the plugin broker process. A remote attacker\ncould potentially exploit this to bypass sandbox protection mechanisms.\n(CVE-2016-1706)\n\nIt was discovered that Blink does not prevent window creation by a\ndeferred frame. A remote attacker could potentially exploit this to bypass\nsame origin restrictions. (CVE-2016-1710)\n\nIt was discovered that Blink does not disable frame navigation during a\ndetach operation on a DocumentLoader object. A remote attacker could\npotentially exploit this to bypass same origin restrictions.\n(CVE-2016-1711)\n\nA use-after-free was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via renderer process crash, or execute\narbitrary code. (CVE-2016-5127)\n\nIt was discovered that objects.cc in V8 does not prevent API interceptors\nfrom modifying a store target without setting a property. A remote\nattacker could potentially exploit this to bypass same origin\nrestrictions. (CVE-2016-5128)\n\nA memory corruption was discovered in V8. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via renderer process crash, or execute\narbitrary code. (CVE-2016-5129)\n\nA security issue was discovered in Chromium. A remote attacker could\npotentially exploit this to spoof the currently displayed URL.\n(CVE-2016-5130)\n\nA use-after-free was discovered in libxml. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via renderer process crash, or execute\narbitrary code. (CVE-2016-5131)\n\nThe Service Workers implementation in Chromium does not properly implement\nthe Secure Contexts specification during decisions about whether to\ncontrol a subframe. A remote attacker could potentially exploit this to\nbypass same origin restrictions. (CVE-2016-5132)\n\nIt was discovered that Chromium mishandles origin information during proxy\nauthentication. A man-in-the-middle attacker could potentially exploit this\nto spoof a proxy authentication login prompt. (CVE-2016-5133)\n\nIt was discovered that the Proxy Auto-Config (PAC) feature in Chromium\ndoes ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3041-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3041-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.16.5-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.16.5-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.16.5-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.16.5-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:13", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1704 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1705 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1706 \nPinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707 \nxisigr discovered a URL spoofing issue.\n\nCVE-2016-1708 \nAdam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709 \nChenQin discovered a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710 \nMariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711 \nMariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127 \ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128 \nA same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129 \nJeonghoon Shin discovered a memory corruption issue in the v8 javascript\nlibrary.\n\nCVE-2016-5130 \nWidih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131 \nNick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132 \nBen Kelly discovered a same-origin bypass.\n\nCVE-2016-5133 \nPatch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134 \nPaul Stone discovered an information leak in the Proxy Auto-Config\nfeature.\n\nCVE-2016-5135 \nShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136 \nRob Wu discovered a use-after-free issue.\n\nCVE-2016-5137 \nXiaoyin Liu discovered a way to discover whether an HSTS web side had been\nvisited.", "modified": "2017-07-07T00:00:00", "published": "2016-08-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703637", "id": "OPENVAS:703637", "title": "Debian Security Advisory DSA 3637-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3637.nasl 3798 2016-08-04 11:01:10Z antu123 $\n# Auto-generated from advisory DSA 3637-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703637);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-1704\", \"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\",\n \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\",\n \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\",\n \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\",\n \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_name(\"Debian Security Advisory DSA 3637-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:39 +0530 (Thu, 04 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3637.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 52.0.2743.82-1~deb8u1.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems\nhave been fixed in version 52.0.2743.82-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1704 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1705 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1706 \nPinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707 \nxisigr discovered a URL spoofing issue.\n\nCVE-2016-1708 \nAdam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709 \nChenQin discovered a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710 \nMariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711 \nMariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127 \ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128 \nA same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129 \nJeonghoon Shin discovered a memory corruption issue in the v8 javascript\nlibrary.\n\nCVE-2016-5130 \nWidih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131 \nNick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132 \nBen Kelly discovered a same-origin bypass.\n\nCVE-2016-5133 \nPatch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134 \nPaul Stone discovered an information leak in the Proxy Auto-Config\nfeature.\n\nCVE-2016-5135 \nShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136 \nRob Wu discovered a use-after-free issue.\n\nCVE-2016-5137 \nXiaoyin Liu discovered a way to discover whether an HSTS web side had been\nvisited.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.82-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.82-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.82-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-08-02T00:00:00", "id": "OPENVAS:1361412562310851370", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851370", "title": "SuSE Update for Chromium openSUSE-SU-2016:1869-1 (Chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_1869_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Chromium openSUSE-SU-2016:1869-1 (Chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851370\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:57:38 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\",\n \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\",\n \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\",\n \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\",\n \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Chromium openSUSE-SU-2016:1869-1 (Chromium)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Chromium was updated to 52.0.2743.82 to fix the following security issues\n (boo#989901):\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other\n initiatives\");\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 42.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1869_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~52.0.2743.82~61.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~52.0.2743.82~61.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~52.0.2743.82~61.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~52.0.2743.82~61.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~52.0.2743.82~61.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:12:15", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-07-22T00:00:00", "id": "OPENVAS:1361412562310808265", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808265", "title": "Google Chrome Security Updates(stable-channel-update-2016-07)-MAC OS X", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-2016-07)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808265\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\",\n \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\",\n \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\",\n \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\",\n \"CVE-2016-5137\", \"CVE-2016-1705\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-07-22 13:12:56 +0530 (Fri, 22 Jul 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-2016-07)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - Sandbox escape in PPAPI\n\n - URL spoofing on iOS\n\n - Use-after-free in Extensions\n\n - Heap-buffer-overflow in sfntly\n\n - Same-origin bypass in Blink\n\n - Use-after-free in Blink\n\n - Same-origin bypass in V8\n\n - Memory corruption in V8\n\n - URL spoofing\n\n - Use-after-free in libxml\n\n - Limited same-origin bypass in Service Workers\n\n - Origin confusion in proxy authentication\n\n - URL leakage via PAC script\n\n - Content-Security-Policy bypass\n\n - Use after free in extensions\n\n - History sniffing with HSTS and CSP\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerabilities\n will allow remote attackers to bypass security, to cause denial of service and\n some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 52.0.2743.82 on MAC OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 52.0.2743.82 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/07/stable-channel-update.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"52.0.2743.82\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"52.0.2743.82\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-08-02T00:00:00", "id": "OPENVAS:1361412562310851369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851369", "title": "SuSE Update for Chromium openSUSE-SU-2016:1865-1 (Chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_1865_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Chromium openSUSE-SU-2016:1865-1 (Chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851369\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:56:28 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\",\n \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\",\n \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\",\n \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\",\n \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Chromium openSUSE-SU-2016:1865-1 (Chromium)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Chromium was updated to 52.0.2743.82 to fix the following security issues\n (boo#989901):\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other\n initiatives\");\n script_tag(name:\"affected\", value:\"Chromium on openSUSE 13.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1865_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~52.0.2743.82~111.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~52.0.2743.82~111.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~52.0.2743.82~111.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~52.0.2743.82~111.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~52.0.2743.82~111.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~52.0.2743.82~111.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~52.0.2743.82~111.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~52.0.2743.82~111.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~52.0.2743.82~111.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:11:42", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-07-22T00:00:00", "id": "OPENVAS:1361412562310808263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808263", "title": "Google Chrome Security Updates(stable-channel-update-2016-07)-Windows", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-2016-07)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808263\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\",\n \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\",\n \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\",\n \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\",\n \"CVE-2016-5137\", \"CVE-2016-1705\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-07-22 13:12:56 +0530 (Fri, 22 Jul 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-2016-07)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - Sandbox escape in PPAPI\n\n - URL spoofing on iOS\n\n - Use-after-free in Extensions\n\n - Heap-buffer-overflow in sfntly\n\n - Same-origin bypass in Blink\n\n - Use-after-free in Blink\n\n - Same-origin bypass in V8\n\n - Memory corruption in V8\n\n - URL spoofing\n\n - Use-after-free in libxml\n\n - Limited same-origin bypass in Service Workers\n\n - Origin confusion in proxy authentication\n\n - URL leakage via PAC script\n\n - Content-Security-Policy bypass\n\n - Use after free in extensions\n\n - History sniffing with HSTS and CSP\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerabilities\n will allow remote attackers to bypass security, to cause denial of service and\n some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 52.0.2743.82 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 52.0.2743.82 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/07/stable-channel-update.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"52.0.2743.82\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"52.0.2743.82\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:38", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-08-04T00:00:00", "id": "OPENVAS:1361412562310851374", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851374", "title": "SuSE Update for Chromium openSUSE-SU-2016:1918-1 (Chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_1918_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Chromium openSUSE-SU-2016:1918-1 (Chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851374\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:28 +0530 (Thu, 04 Aug 2016)\");\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\",\n \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\",\n \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\",\n \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\",\n \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Chromium openSUSE-SU-2016:1918-1 (Chromium)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Chromium was updated to 52.0.2743.82 to fix the following security issues\n (boo#989901):\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other\n initiatives\");\n script_tag(name:\"affected\", value:\"Chromium on openSUSE 13.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1918_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~52.0.2743.82~150.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~52.0.2743.82~150.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~52.0.2743.82~150.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~52.0.2743.82~150.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~52.0.2743.82~150.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~52.0.2743.82~150.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~52.0.2743.82~150.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~52.0.2743.82~150.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~52.0.2743.82~150.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:11:22", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-07-22T00:00:00", "id": "OPENVAS:1361412562310808264", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808264", "title": "Google Chrome Security Updates(stable-channel-update-2016-07)-Linux", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-2016-07)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808264\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\",\n \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\",\n \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\",\n \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\",\n \"CVE-2016-5137\", \"CVE-2016-1705\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-07-22 13:12:56 +0530 (Fri, 22 Jul 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-2016-07)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - Sandbox escape in PPAPI\n\n - URL spoofing on iOS\n\n - Use-after-free in Extensions\n\n - Heap-buffer-overflow in sfntly\n\n - Same-origin bypass in Blink\n\n - Use-after-free in Blink\n\n - Same-origin bypass in V8\n\n - Memory corruption in V8\n\n - URL spoofing\n\n - Use-after-free in libxml\n\n - Limited same-origin bypass in Service Workers\n\n - Origin confusion in proxy authentication\n\n - URL leakage via PAC script\n\n - Content-Security-Policy bypass\n\n - Use after free in extensions\n\n - History sniffing with HSTS and CSP\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerabilities\n will allow remote attackers to bypass security, to cause denial of service and\n some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 52.0.2743.82 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 52.0.2743.82 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/07/stable-channel-update.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"52.0.2743.82\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"52.0.2743.82\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:56:36", "bulletinFamily": "unix", "description": "Chromium was updated to 52.0.2743.82 to fix the following security issues\n (boo#989901):\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n - CVE-2016-1707: URL spoofing on iOS\n - CVE-2016-1708: Use-after-free in Extensions\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n - CVE-2016-1710: Same-origin bypass in Blink\n - CVE-2016-1711: Same-origin bypass in Blink\n - CVE-2016-5127: Use-after-free in Blink\n - CVE-2016-5128: Same-origin bypass in V8\n - CVE-2016-5129: Memory corruption in V8\n - CVE-2016-5130: URL spoofing\n - CVE-2016-5131: Use-after-free in libxml\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n - CVE-2016-5133: Origin confusion in proxy authentication\n - CVE-2016-5134: URL leakage via PAC script\n - CVE-2016-5135: Content-Security-Policy bypass\n - CVE-2016-5136: Use after free in extensions\n - CVE-2016-5137: History sniffing with HSTS and CSP\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "modified": "2016-07-25T15:08:48", "published": "2016-07-25T15:08:48", "id": "OPENSUSE-SU-2016:1865-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:25:25", "bulletinFamily": "unix", "description": "Chromium was updated to 52.0.2743.82 to fix the following security issues\n (boo#989901):\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n - CVE-2016-1707: URL spoofing on iOS\n - CVE-2016-1708: Use-after-free in Extensions\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n - CVE-2016-1710: Same-origin bypass in Blink\n - CVE-2016-1711: Same-origin bypass in Blink\n - CVE-2016-5127: Use-after-free in Blink\n - CVE-2016-5128: Same-origin bypass in V8\n - CVE-2016-5129: Memory corruption in V8\n - CVE-2016-5130: URL spoofing\n - CVE-2016-5131: Use-after-free in libxml\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n - CVE-2016-5133: Origin confusion in proxy authentication\n - CVE-2016-5134: URL leakage via PAC script\n - CVE-2016-5135: Content-Security-Policy bypass\n - CVE-2016-5136: Use after free in extensions\n - CVE-2016-5137: History sniffing with HSTS and CSP\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "modified": "2016-07-25T15:10:08", "published": "2016-07-25T15:10:08", "id": "OPENSUSE-SU-2016:1868-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:11:40", "bulletinFamily": "unix", "description": "Chromium was updated to 52.0.2743.82 to fix the following security issues\n (boo#989901):\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n - CVE-2016-1707: URL spoofing on iOS\n - CVE-2016-1708: Use-after-free in Extensions\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n - CVE-2016-1710: Same-origin bypass in Blink\n - CVE-2016-1711: Same-origin bypass in Blink\n - CVE-2016-5127: Use-after-free in Blink\n - CVE-2016-5128: Same-origin bypass in V8\n - CVE-2016-5129: Memory corruption in V8\n - CVE-2016-5130: URL spoofing\n - CVE-2016-5131: Use-after-free in libxml\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n - CVE-2016-5133: Origin confusion in proxy authentication\n - CVE-2016-5134: URL leakage via PAC script\n - CVE-2016-5135: Content-Security-Policy bypass\n - CVE-2016-5136: Use after free in extensions\n - CVE-2016-5137: History sniffing with HSTS and CSP\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "modified": "2016-07-25T15:10:21", "published": "2016-07-25T15:10:21", "id": "OPENSUSE-SU-2016:1869-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:29:34", "bulletinFamily": "unix", "description": "Chromium was updated to 52.0.2743.82 to fix the following security issues\n (boo#989901):\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n - CVE-2016-1707: URL spoofing on iOS\n - CVE-2016-1708: Use-after-free in Extensions\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n - CVE-2016-1710: Same-origin bypass in Blink\n - CVE-2016-1711: Same-origin bypass in Blink\n - CVE-2016-5127: Use-after-free in Blink\n - CVE-2016-5128: Same-origin bypass in V8\n - CVE-2016-5129: Memory corruption in V8\n - CVE-2016-5130: URL spoofing\n - CVE-2016-5131: Use-after-free in libxml\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n - CVE-2016-5133: Origin confusion in proxy authentication\n - CVE-2016-5134: URL leakage via PAC script\n - CVE-2016-5135: Content-Security-Policy bypass\n - CVE-2016-5136: Use after free in extensions\n - CVE-2016-5137: History sniffing with HSTS and CSP\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "modified": "2016-07-31T21:08:18", "published": "2016-07-31T21:08:18", "id": "OPENSUSE-SU-2016:1918-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:18", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3637-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJuly 31, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2016-1704 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707\n CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711\n CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130\n CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134\n CVE-2016-5135 CVE-2016-5136 CVE-2016-5137\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2016-1704\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nCVE-2016-1705\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nCVE-2016-1706\n\n Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707\n\n xisigr discovered a URL spoofing issue.\n\nCVE-2016-1708\n\n Adam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709\n\n ChenQin a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710\n\n Mariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711\n\n Mariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127\n\n cloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128\n\n A same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129\n\n Jeonghoon Shin discovered a memory corruption issue in the v8 javascript\n library.\n\nCVE-2016-5130\n\n Widih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131\n\n Nick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132\n\n Ben Kelly discovered a same-origin bypass.\n\nCVE-2016-5133\n\n Patch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134\n\n Paul Stone discovered an information leak in the Proxy Auto-Config\n feature.\n\nCVE-2016-5135\n\n ShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136\n\n Rob Wu discovered a use-after-free issue.\n\nCVE-2016-5137\n\n Xiaoyin Liu discovered a way to discover whether an HSTS web side had been\n visited.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 52.0.2743.82-1~deb8u1.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems\nhave been fixed in version 52.0.2743.82-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-07-31T21:48:40", "published": "2016-07-31T21:48:40", "id": "DEBIAN:DSA-3637-1:68841", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00215.html", "title": "[SECURITY] [DSA 3637-1] chromium-browser security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:48", "bulletinFamily": "unix", "description": "Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1705)\n\nIt was discovered that the PPAPI implementation does not validate the origin of IPC messages to the plugin broker process. A remote attacker could potentially exploit this to bypass sandbox protection mechanisms. (CVE-2016-1706)\n\nIt was discovered that Blink does not prevent window creation by a deferred frame. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1710)\n\nIt was discovered that Blink does not disable frame navigation during a detach operation on a DocumentLoader object. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1711)\n\nA use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5127)\n\nIt was discovered that objects.cc in V8 does not prevent API interceptors from modifying a store target without setting a property. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5128)\n\nA memory corruption was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5129)\n\nA security issue was discovered in Chromium. A remote attacker could potentially exploit this to spoof the currently displayed URL. (CVE-2016-5130)\n\nA use-after-free was discovered in libxml. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5131)\n\nThe Service Workers implementation in Chromium does not properly implement the Secure Contexts specification during decisions about whether to control a subframe. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5132)\n\nIt was discovered that Chromium mishandles origin information during proxy authentication. A man-in-the-middle attacker could potentially exploit this to spoof a proxy authentication login prompt. (CVE-2016-5133)\n\nIt was discovered that the Proxy Auto-Config (PAC) feature in Chromium does not ensure that URL information is restricted to a scheme, host and port. A remote attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5134)\n\nIt was discovered that Blink does not consider referrer-policy information inside an HTML document during a preload request. A remote attacker could potentially exploit this to bypass Content Security Policy (CSP) protections. (CVE-2016-5135)\n\nIt was discovered that the Content Security Policy (CSP) implementation in Blink does not apply http :80 policies to https :443 URLs. A remote attacker could potentially exploit this to determine whether a specific HSTS web site has been visited by reading a CSP report. (CVE-2016-5137)", "modified": "2016-08-05T00:00:00", "published": "2016-08-05T00:00:00", "id": "USN-3041-1", "href": "https://usn.ubuntu.com/3041-1/", "title": "Oxide vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2019-03-21T00:14:59", "bulletinFamily": "info", "description": "### *Detect date*:\n07/20/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 52.0.2743.82 (All branches)\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Google Chrome](<https://www.google.com/chrome/browser/desktop/index.html>)\n\n### *Original advisories*:\n[Google Chrome realases blog](<http://googlechromereleases.blogspot.ru/2016/07/stable-channel-update.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+GoogleChromeReleases+\\(Google+Chrome+Releases\\)>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2016-5137](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5137>)4.3Critical \n[CVE-2016-5136](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5136>)6.8Critical \n[CVE-2016-5135](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5135>)4.3Critical \n[CVE-2016-5134](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5134>)4.3Critical \n[CVE-2016-5133](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5133>)4.3Critical \n[CVE-2016-5132](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5132>)6.8Critical \n[CVE-2016-5131](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131>)6.8Critical \n[CVE-2016-5130](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5130>)4.3Critical \n[CVE-2016-5129](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5129>)6.8Critical \n[CVE-2016-5128](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5128>)6.8Critical \n[CVE-2016-5127](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5127>)6.8Critical \n[CVE-2016-1711](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1711>)6.8Critical \n[CVE-2016-1710](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1710>)6.8Critical \n[CVE-2016-1709](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1709>)6.8Critical \n[CVE-2016-1708](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1708>)6.8Critical \n[CVE-2016-1707](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1707>)4.3Critical \n[CVE-2016-1706](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1706>)9.3Critical \n[CVE-2016-1705](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1705>)6.8Critical", "modified": "2019-03-07T00:00:00", "published": "2016-07-20T00:00:00", "id": "KLA10846", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10846", "title": "\r KLA10846Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:55:00", "bulletinFamily": "info", "description": "Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox.\n\nThat vulnerability is one of 48 bugs fixed in version 52 of Chrome [released Wednesday](<http://googlechromereleases.blogspot.com/search/label/Stable%20updates>).\n\nFour dozen of those flaws are rated as high risks and Google paid out more than $22,000 in rewards to researchers who reported vulnerabilities to the company. Payment on an additional 11 bugs found by bug bounty hunters is pending, Google said.\n\nAmong the other serious vulnerabilities is a URL spoofing bug on iOS, a heap-buffer-overflow and four use-after-free vulnerabilities.\n\nThe bugs were found and reported via the Chrome bug bounty program. Longtime bug hunter Pinkie Pie earned $15,000 for a sandbox escape tied to Chrome\u2019s Pepper Plugin API (PPAPI) component of the browser that aims to make plugins more secure and portable.\n\nGoogle\u2019s sandbox technology isolates system processes in an effort to prevent malware from escaping the Chrome browser and infecting the host computer or allowing it to steal information from the PC or execute remote code. This is just the latest out of many out-of-sandbox escape flaws fixed by Google in previous browser updates. It\u2019s also just the latest sandbox escape flaw found by prolific hacker Pinkie Pie who earned $60,000 in 2012 at CanSecWest for finding several bugs including a sandbox escape bug. The following year Pinkie Pie earned another $50,000 at the Mobile Pwn2Own hacking contest for bugs once again tied to the Chrome sandbox escape bug.\n\nHere are the public bugs fixed in Chrome 52:\n\n[$15000][[610600](<https://crbug.com/610600>)] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie \n[$3000][[622183](<https://crbug.com/622183>)] High CVE-2016-1707: URL spoofing on iOS. Credit to xisigr of Tencent\u2019s Xuanwu Lab \n[$TBD][[613949](<https://crbug.com/613949>)] High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan \n[$TBD][[614934](<https://crbug.com/614934>)] High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team \n[$TBD][[616907](<https://crbug.com/616907>)] High CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski \n[$TBD][[617495](<https://crbug.com/617495>)] High CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski \n[$TBD][[618237](<https://crbug.com/618237>)] High CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer \n[$TBD][[619166](<https://crbug.com/619166>)] High CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous \n[$TBD][[620553](<https://crbug.com/620553>)] High CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin \n[$TBD][[623319](<https://crbug.com/623319>)] High CVE-2016-5130: URL spoofing. Credit to Wadih Matar \n[$TBD][[623378](<https://crbug.com/623378>)] High CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer \n[$1000][[607543](<https://crbug.com/607543>)] Medium CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly \n[$1000][[613626](<https://crbug.com/613626>)] Medium CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor \n[$500][[593759](<https://crbug.com/593759>)] Medium CVE-2016-5134: URL leakage via PAC script. Credit to Paul Stone \n[$500][[605451](<https://crbug.com/605451>)] Medium CVE-2016-5135: Content-Security-Policy bypass. Credit to kingxwy \n[$TBD][[625393](<https://crbug.com/625393>)] Medium CVE-2016-5136: Use after free in extensions. Credit to Rob Wu \n[$TBD][[625945](<https://crbug.com/625945>)] Medium CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu\n", "modified": "2016-07-28T12:37:30", "published": "2016-07-21T17:04:50", "id": "THREATPOST:C2E1563DBC065025E810CF457E1A802B", "href": "https://threatpost.com/google-fixes-sandbox-escape-in-chrome-again/119428/", "type": "threatpost", "title": "Google Fixes 48 Bugs, Sandbox Escape, in Chrome", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:41", "bulletinFamily": "unix", "description": "- CVE-2016-1705 (arbitrary code execution)\n\nVarious fixes from internal audits, fuzzing and other initiatives.\n\n- CVE-2016-1706 (sandbox escape)\n\nSandbox escape in PPAPI. Credit to Pinkie Pie.\n\n- CVE-2016-1708 (arbitrary code execution)\n\nUse-after-free in Extensions. Credit to Adam Varsan.\n\n- CVE-2016-1709 (arbitrary code execution)\n\nHeap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team.\n\n- CVE-2016-1710, CVE-2016-1711 (same-origin policy bypass)\n\nSame-origin bypass in Blink. Credit to Mariusz Mlynski.\n\n- CVE-2016-5127 (arbitrary code execution)\n\nUse-after-free in Blink. Credit to cloudfuzzer.\n\n- CVE-2016-5128 (same-origin policy bypass)\n\nSame-origin bypass in V8.\n\n- CVE-2016-5129 (arbitrary code execution)\n\nMemory corruption in V8. Credit to Jeonghoon Shin.\n\n- CVE-2016-5130 (URL spoofing)\n\nURL spoofing. Credit to Wadih Matar.\n\n- CVE-2016-5131 (arbitrary code execution)\n\nUse-after-free in libxml. Credit to Nick Wellnhofer.\n\n- CVE-2016-5132 (same-origin policy bypass)\n\nLimited same-origin bypass in Service Workers. Credit to Ben Kelly.\n\n- CVE-2016-5133 (man-in-the-middle)\n\nOrigin confusion in proxy authentication. Credit to Patch Eudor.\n\n- CVE-2016-5134 (information leakage)\n\nURL leakage via PAC script. Credit to Paul Stone.\n\n- CVE-2016-5135 (content security policy bypass)\n\nContent-Security-Policy bypass. Credit to ShenYeYinJiu of Tencent\nSecurity Response Center, TSRC.\n\n- CVE-2016-5136 (arbitrary code execution)\n\nUse after free in extensions. Credit to Rob Wu.\n\n- CVE-2016-5137 (information leakage)\n\nHistory sniffing with HSTS and CSP. Credit to Xiaoyin Liu.", "modified": "2016-07-24T00:00:00", "published": "2016-07-24T00:00:00", "id": "ASA-201607-12", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html", "title": "chromium: multiple issues", "type": "archlinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-10-29T16:42:14", "bulletinFamily": "unix", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-54.0.2840.59\"", "modified": "2016-10-29T00:00:00", "published": "2016-10-29T00:00:00", "href": "https://security.gentoo.org/glsa/201610-09", "id": "GLSA-201610-09", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
