ID CVE-2018-6129 Type cve Reporter cve@mitre.org Modified 2019-07-01T13:37:00
Description
Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
{"zdt": [{"lastseen": "2018-06-10T01:34:55", "description": "Exploit for multiple platform in category dos / poc", "edition": 1, "published": "2018-06-09T00:00:00", "title": "WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-6129"], "modified": "2018-06-09T00:00:00", "id": "1337DAY-ID-30557", "href": "https://0day.today/exploit/description/30557", "sourceData": "There is a missing check in VP9 frame processing that could lead to memory corruption.\r\n \r\nIn the file video_coding/rtp_frame_reference_finder.cc, the function RtpFrameReferenceFinder::MissingRequiredFrameVp9 contains the following code:\r\n \r\n size_t temporal_idx = info.gof->temporal_idx[gof_idx];\r\n ...\r\n for (size_t l = 0; l < temporal_idx; ++l) {\r\n ...\r\n auto missing_frame_it = missing_frames_for_layer_[l].lower_bound(ref_pid);\r\n \r\nmissing_frames_for_layer_ is a std::array of length kMaxTemporalLayers which equals 5.\r\n \r\nMeanwhile, values in the temporal_idx array are read in rtp_format_vp9.cc in the following code:\r\n \r\n RETURN_FALSE_ON_ERROR(parser->ReadBits(&t, 3));\r\n ...\r\n vp9->gof.temporal_idx[i] = t;\r\n \r\nReading three bits makes the maximum size of temporal_idx 7, which can go out of bounds of the missing_frames_for_layer_ array.\r\n \r\nThis issue causes a crash in Chrome. To reproduce the issue.\r\n \r\n1) unzip the attached webrtc-from-chat.zip on a local webserver\r\n2) fetch the webrtc source (https://webrtc.org/native-code/development/), and replace src/modules/rtp_rtcp/source/rtp_format_vp9.cc with the version attached to the code\r\n3) build webrtc, including the examples\r\n4) run the attached webrtcserver.py with python 3.6 or higher\r\n5) start the peerconnection_client sample in the webrtc examples. Connect to the recommended server, and then select test2 as the peer to connect to\r\n6) visit http://127.0.0.1/webrtc-from-chat/index.html in chrome\r\n7) Enter any username and hit \"Log in\"\r\n8) Type anything into the chat window at the bottom and hit send\r\n \r\nThe attached file 'missingframe' contains the VP9 frame that causes this crash.\r\n \r\nThough the attached PoC requires user interaction, it is not necessary to exercise this issue in a browser.\r\n \r\nThis issue affects any browser that supports VP9, and can be reached by loading a single webpage (though some browsers will prompt for permissions). It also affects native clients (such as mobile applications) that use webrtc and support VP9, though the user has to place or answer a video call for their client to be in the state where this issue is reachable.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44863.zip\n\n# 0day.today [2018-06-10] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/30557"}], "exploitdb": [{"lastseen": "2018-06-08T18:24:48", "description": "WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access. CVE-2018-6129. Dos exploit for Multiple platform", "published": "2018-06-08T00:00:00", "type": "exploitdb", "title": "WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-6129"], "modified": "2018-06-08T00:00:00", "id": "EDB-ID:44863", "href": "https://www.exploit-db.com/exploits/44863/", "sourceData": "There is a missing check in VP9 frame processing that could lead to memory corruption.\r\n\r\nIn the file video_coding/rtp_frame_reference_finder.cc, the function RtpFrameReferenceFinder::MissingRequiredFrameVp9 contains the following code:\r\n\r\n size_t temporal_idx = info.gof->temporal_idx[gof_idx];\r\n ...\r\n for (size_t l = 0; l < temporal_idx; ++l) {\r\n ...\r\n auto missing_frame_it = missing_frames_for_layer_[l].lower_bound(ref_pid);\r\n\r\nmissing_frames_for_layer_ is a std::array of length kMaxTemporalLayers which equals 5.\r\n\r\nMeanwhile, values in the temporal_idx array are read in rtp_format_vp9.cc in the following code:\r\n\r\n RETURN_FALSE_ON_ERROR(parser->ReadBits(&t, 3));\r\n ...\r\n vp9->gof.temporal_idx[i] = t;\r\n\r\nReading three bits makes the maximum size of temporal_idx 7, which can go out of bounds of the missing_frames_for_layer_ array.\r\n\r\nThis issue causes a crash in Chrome. To reproduce the issue.\r\n\r\n1) unzip the attached webrtc-from-chat.zip on a local webserver\r\n2) fetch the webrtc source (https://webrtc.org/native-code/development/), and replace src/modules/rtp_rtcp/source/rtp_format_vp9.cc with the version attached to the code\r\n3) build webrtc, including the examples\r\n4) run the attached webrtcserver.py with python 3.6 or higher\r\n5) start the peerconnection_client sample in the webrtc examples. Connect to the recommended server, and then select test2 as the peer to connect to\r\n6) visit http://127.0.0.1/webrtc-from-chat/index.html in chrome\r\n7) Enter any username and hit \"Log in\"\r\n8) Type anything into the chat window at the bottom and hit send\r\n\r\nThe attached file 'missingframe' contains the VP9 frame that causes this crash.\r\n\r\nThough the attached PoC requires user interaction, it is not necessary to exercise this issue in a browser.\r\n\r\nThis issue affects any browser that supports VP9, and can be reached by loading a single webpage (though some browsers will prompt for permissions). It also affects native clients (such as mobile applications) that use webrtc and support VP9, though the user has to place or answer a video call for their client to be in the state where this issue is reachable.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44863.zip", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/44863/"}], "googleprojectzero": [{"lastseen": "2020-12-14T19:21:43", "bulletinFamily": "info", "cvelist": ["CVE-2018-16071", "CVE-2018-16083", "CVE-2018-6129", "CVE-2018-6130", "CVE-2018-6155", "CVE-2018-6156", "CVE-2018-6157"], "description": "Posted by Natalie Silvanovich, Project Zero\n\n \n\n\nOver the past five years, video conferencing support in websites and applications has exploded. Facebook, WhatsApp, FaceTime and Signal are just a few of the many ways that users can make audio and video calls across networks. While a lot of research has been done into the cryptographic and privacy properties of video conferencing, there is limited information available about the attack surface of these platforms and their susceptibility to vulnerabilities. We reviewed the three most widely-used video conferencing implementations. In this series of blog posts, we describe what we found. \n\n** \n**\n\nThis part will discuss our analysis of WebRTC. Part 2 will cover our analysis of FaceTime. Part 3 will discuss how we fuzzed WhatsApp. Part 4 will describe some attacks against WhatsApp that didn\u2019t work out. And finally, Part 5 will discuss the future of video conferencing and steps that developers can take to improve the security of their implementation.\n\n# Typical Video Conferencing Architecture\n\n** \n**\n\nAll the video conferencing implementations we investigated allow at least two peers anywhere on the Internet to communicate through audiovisual streams. Implementing this capability so that it is reliable and has good audio and video quality presents several challenges. First, the peers need to be able to find each other and establish a connection regardless of NATs or other network infrastructure. Then they need to be able to communicate, even though they could be on different platforms, application versions or browsers. Finally, they need to maintain audio and video quality, even if the connection is low-bandwidth or noisy.\n\n** \n**\n\nAlmost all video conferencing solutions have converged on a single architecture. It assumes that two peers can communicate via a secure, integrity checked channel which may have low bandwidth or involve an intermediary server, and it allows them to create a faster, higher-bandwidth peer-to-peer channel.\n\n** \n**\n\nThe first stage in creating a connection is called signalling. It is the process through which the two peers exchange the information they will need to create a connection, including network addresses, supported codecs and cryptographic keys. Usually, the calling peer sends a call request including information about itself to the receiving peer, and then the receiving peer responds with similar information. [SDP](<https://tools.ietf.org/html/rfc2327>) is a common protocol for exchanging this information, but it is not always used, and most implementations do not conform to the specification. It is common for mobile messaging apps to send this information in a specially formatted message, sent through the same channel text messages are sent. Websites that support video conferencing often use WebSockets to exchange information, or exchange it via HTTPS using the webserver as an intermediary.\n\n** \n**\n\nOnce signalling is complete, the peers find a way to route traffic to each other using the STUN, TURN and ICE protocols. Based on what these protocols determine, the peers can create UDP, UDP-over-STUN and occasionally TCP connections based of what is favorable for the network conditions.\n\n** \n**\n\nOnce the connection has been made, the peers communicate using [Real-time Transport Protocol](<https://tools.ietf.org/html/rfc3550>). Though this protocol is standardized, most implementations deviate somewhat from the standard. RTP can be encrypted using a protocol called Secure RTP (SRTP), and some implementations also encrypt streams using DTLS. Under the encryption envelope, RTP supports features that allow multiple streams and formats of data to be exchanged simultaneously. Then, based on how RTP classifies the data, it is passed on to other processing, such as video codecs. Stream Control Transmission Protocol (SCTP) is also sometimes used to exchange small amounts of data (for example a text message on top of a call) during video conferencing, but it is less commonly used than RTP.\n\n** \n**\n\nEven when it is encrypted, RTP often doesn\u2019t include integrity protection, and if it does, it usually doesn\u2019t discard malformed packets. Instead, it attempts to recover them using strategies such as [Forward Error Correction](<https://tools.ietf.org/id/draft-ietf-payload-flexible-fec-scheme-06.html>) (FEC). Most video conferencing solutions also detect when a channel is noisy or low-bandwidth and attempt to handle the situation in a way that leads to the best audio and video quality, for example, sending fewer frames or changing codecs. [Real Time Control Protocol](<https://tools.ietf.org/html/rfc3605>) (RTCP) is used to exchange statistics on network quality and coordinate adjusting properties of RTP streams to adapt to network conditions.\n\n# WebRTC\n\n** \n**\n\n[WebRTC](<https://webrtc.org/>) is an open source project that enables video conferencing. It is by far the most commonly used implementation. Chrome, Safari, Firefox, Facebook Messenger, Signal and many other mobile applications use WebRTC. WebRTC seemed like a good starting point for looking at video conferencing as it is heavily used, open source and reasonably well-documented.\n\n## WebRTC Signalling\n\n** \n**\n\nI started by looking at WebRTC signalling, because it is an attack surface that does not require any user interaction. Protocols like RTP usually start being processed after a user has picked up the video call, but signalling is performed before the user is notified of the call. WebRTC uses SDP for signalling.\n\n** \n**\n\nI reviewed the WebRTC SDP parser code, but did not find any bugs. I also compiled it so it would accept an SDP file on the commandline and fuzzed it, but I did not find any bugs through fuzzing either. I later discovered that WebRTC signalling is not implemented consistently across browsers anyhow. Chrome uses the main WebRTC implementation, Safari has branched slightly and Firefox uses their own implementation. Most mobile applications that use WebRTC implement their own signalling in a protocol that is not SDP as well. So it is not likely that a bug in WebRTC signalling would affect a wide variety of targets.\n\n** \n**\n\n## RTP Fuzzing\n\n** \n**\n\nI then decided to look at how RTP is processed in WebRTC. While RTP is not an interaction-less attack surface because the user usually has to answer the call before RTP traffic is processed, picking up a call is a reasonable action to expect a user to take. I started by looking at the WebRTC source, but it is very large and complex, so I decided fuzzing would be a better approach.\n\n** \n**\n\nThe WebRTC repository contains fuzzers written for OSS-Fuzz for every protocol and codec supported by WebRTC, but they do not simulate the interactions between the various parsers, and do not maintain state between test cases, so it seemed likely that end-to-end fuzzing would provide additional coverage.\n\n** \n**\n\nSetting up end-to-end fuzzing was fairly time intensive, so to see if it was likely to find many bugs, I altered Chrome to send malformed RTP packets. I changed the srtp_protect function in libsrtp so that it ran the following fuzzer on every packet:\n\n** \n**\n\nvoid fuzz(char* buf, int len){\n\n \n\n\nint q = rand()%10;\n\n \n\n\nif (q == 7){\n\nint ind = rand()%len;\n\nbuf[ind] = rand();\n\n}\n\n \n\n\nif(q == 5){\n\nfor(int i = 0; i < len; i++)\n\nbuf[i] = rand();\n\n \n\n\n} \n \n--- \n \nRTP fuzzer (fuzzer q)\n\n** \n**\n\nWhen this version was used to make a WebRTC call to an unmodified instance of Chrome, it crashed roughly every 30 seconds.\n\n** \n**\n\nMost of the crashes were due to divide-by-zero exceptions, which I submitted patches for, but there were three interesting crashes. I reproduced them by altering the WebRTC source in Chrome so that it would generate the packets that caused the same crashes, and then set up a standalone build of WebRTC to reproduce them, so that it was not necessary to rebuild Chrome to reproduce the issues.\n\n** \n**\n\nThe first issue, [CVE-2018-6130](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1567&can=1&q=label%3AFinder-natashenka&colspec=ID%20Status%20Restrict%20Reported%20Vendor%20Product%20Finder%20Summary&start=100>) is an out-of-bounds memory issue related to the use of std::map find in processing VP9 (a video codec). In the following code, the value t10_pic_idx is pulled out of an RTP packet unverified (GOF stands for group of frames).\n\n** \n**\n\nif (frame->frame_type() == kVideoFrameKey) {\n\n...\n\nGofInfo info = gof_info_.find(codec_header.tl0_pic_idx)->second;\n\nFrameReceivedVp9(frame->id.picture_id, &info);\n\nUnwrapPictureIds(frame);\n\nreturn kHandOff;\n\n}\n\n** \n** \n\n\nIf this value does not exist in the gof_info_ array, std::map::find returns the end value of the map, which points to one element past the allocated values for the map. Depending on memory layout, dereferencing this iterator will either crash or return the contents of unallocated memory.\n\n** \n**\n\nThe second issue, [CVE-2018-6129](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1568>) is a more typical out-of-bounds read issue, where the index of a field is read out of an RTP packet, and not verified before it is used to index a vector.\n\n** \n**\n\nThe third issue, [CVE-2018-6157](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1571&can=1&q=label%3AFinder-natashenka&colspec=ID%20Status%20Restrict%20Reported%20Vendor%20Product%20Finder%20Summary&start=100>) is a type confusion issue that occurs when a packet that looks like a VP8 packet is sent to the H264 parser. The packet will eventually be treated like an H264 packet even though it hasn\u2019t gone through the necessary checks for H264. The impact of this issue is also limited to reading out of bounds. \n\n\nThere are a lot of limitations to the approach of fuzzing in a browser. It is very slow, the issues are difficult to reproduce, and it is difficult to fuzz a variety of test cases, because each call needs to be started manually, and certain properties, such as the default codec, can\u2019t change in the middle of the call. After I reported these issues, the WebRTC team [suggested](<https://bugs.chromium.org/p/chromium/issues/detail?id=840536#c3>) that I use the video_replay tool, which can be used to replay RTP streams recorded in a patched browser. The tool was not able to reproduce a lot of my issues because they used non-default WebRTC settings configured through signalling, so I added the ability to load a configuration file alongside the RTP dump to this tool. This made it possible to quickly reproduce vulnerabilities in WebRTC.\n\n** \n**\n\nThis tool also had the benefit of enabling much faster fuzzing, as it was possible to fuzz RTP by fuzzing the RTP dump file and loading it into video_replay. There were some false positives, as it was also possible that fuzzing caused bugs in parsing the RTP dump file format, but most of the bugs were actually in RTP processing.\n\nFuzzing with the video_replay tool with code coverage and ASAN enabled led to four more bugs. We ran the fuzzer on 50 cores for about two weeks to find these issues.\n\n** \n**\n\n[CVE-2018-6156](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1573&can=1&q=label%3AFinder-natashenka&colspec=ID%20Status%20Restrict%20Reported%20Vendor%20Product%20Finder%20Summary&start=100>) is probably the most exploitable bug uncovered. It is a large overflow in FEC. The buffer WebRTC uses to process FEC packets is 1500 bytes, but it does no size checking of these packets once they are extracted from RTP. Practically, they can be up to about 2000 bytes long.\n\n** \n**\n\n[CVE-2018-6155](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1575>) is a use-after-free in a video codec called VP8. It is interesting because it affects the VP8 library, libvpx as opposed to code in WebRTC, so it has the potential to affect software that uses this library other than WebRTC. A generic fix for libvpx was released as a result of this bug.\n\n** \n**\n\n[CVE-2018-16071](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1601>) is a use-after-free in VP9 processing that is somewhat similar to CVE-2018-6130. Once again, an untrusted index is pulled out of a packet, but this time it is used as the upper bounds of a vector erase operation, so it is possible to delete all the elements of the vector before it is used.\n\n** \n**\n\n[CVE-2018-16083](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1606&can=1&q=label%3AFinder-natashenka&colspec=ID%20Status%20Restrict%20Reported%20Vendor%20Product%20Finder%20Summary&start=100>) is an out-of-bounds read in FEC that occurs due to a lack of bounds checking.\n\n \n\n\nOverall, end-to-end fuzzing found a lot of bugs in WebRTC, and a few were fairly serious. They have all now been fixed. This shows that end-to-end fuzzing is an effective approach for finding vulnerabilities in this type of video conferencing solution. In Part 2, we will try a similar approach on FaceTime. Stay tuned!\n", "modified": "2018-12-04T00:00:00", "published": "2018-12-04T00:00:00", "id": "GOOGLEPROJECTZERO:78584B63AE9BD948CB6A636F46E065BB", "href": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-1.html", "type": "googleprojectzero", "title": "\nAdventures in Video Conferencing Part 1: The Wild World of WebRTC\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2019-05-30T05:52:36", "bulletinFamily": "info", "cvelist": ["CVE-2018-6123", "CVE-2018-6124", "CVE-2018-6125", "CVE-2018-6126", "CVE-2018-6127", "CVE-2018-6128", "CVE-2018-6129", "CVE-2018-6130", "CVE-2018-6131"], "description": "Google updated its Chrome browser to version 67.0.3396.62 on Tuesday patching 34 bugs and adding support for the credential management API called WebAuthn. The update will be available in the coming days for Windows, Mac and Linux platforms, Google said.\n\nMost notably to the browser update are mitigations for Spectre. The fix includes an added feature called Site Isolation that essentially separates the processes between different tabs \u2013 so that if one tab crashes, the others will continue to work. This also protects against speculative side-channel CPU vulnerabilities like [Spectre](<https://threatpost.com/intel-responds-to-news-of-spectre-like-flaw-in-cpus/132169/>) because it reduces the amount of data exposed to side channel attacks.\n\n\u201cWe\u2019re continuing to roll out Site Isolation to a larger percentage of the stable population in Chrome 67,\u201d said Chrome in its [security release](<https://chromereleases.googleblog.com/search/label/Stable%20updates>). \u201cSite Isolation improves Chrome\u2019s security and helps mitigate the risks posed by Spectre.\u201d\n\nBug fixes for Chrome 67 include nine rated high. One of them is an out of bounds memory access bug ([CVE-2018-6130](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6130>)) in Web Real Time Communication (WebRTC), which is an open-source project providing web browsers with real-time communication through simple APIs. Google also patched a heap buffer overflow glitch in open source graphics library Skia ([CVE-2018-6126](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6126>)) and an overly permissive policy bug ([CVE-2018-6125](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6125>)) in the WebUSB API, which provides a way to expose USB device services to the Web. Below is a full list of the vulnerabilities fixed that are rated high.\n\n> * CVE-2018-6123: Use after free in Blink.\n> * CVE-2018-6124: Type confusion in Blink.\n> * CVE-2018-6125: Overly permissive policy in WebUSB.\n> * CVE-2018-6126: Heap buffer overflow in Skia.\n> * CVE-2018-6127: Use after free in indexedDB.\n> * CVE-2018-6128: uXSS in Chrome on iOS.\n> * CVE-2018-6129: Out of bounds memory access in WebRTC.\n> * CVE-2018-6130: Out of bounds memory access in WebRTC.\n> * CVE-2018-6131: Incorrect mutability protection in WebAssembly.\n\nPart of the Google update also included the introduction of the [WebAuthn](<https://www.w3.org/TR/2018/CR-webauthn-20180320/>) API into Chrome 67. This API enables users to log into their accounts using alternative methods such as with biometric options ranging from fingerprint readers, iris scans or facial recognition. Mozilla has also recently packaged this feature into Firefox a few weeks ago with the release of [Firefox 60](<https://www.mozilla.org/en-US/firefox/60.0/releasenotes/>).\n\nFinally, the latest version of Chrome has deprecated the browser\u2019s support for HTTP public key pinning; instead adopting the more flexible solution of Expect-CT headers. This plan was first announced in [2017](<https://threatpost.com/google-to-ditch-public-key-pinning-in-chrome/128679/>) after Google argued that public key pinning runs the risk of leaving website admins open to difficulties selecting a reliable set of keys to pin to.\n\nChrome 67 for desktops is currently available. Android and Chrome OS versions will follow soon after.\n", "modified": "2018-05-30T15:32:20", "published": "2018-05-30T15:32:20", "id": "THREATPOST:06CF4AB78C7900E0E881A9B5B24C9D21", "href": "https://threatpost.com/google-patches-34-browser-bugs-in-chrome-67-adds-spectre-fixes/132370/", "type": "threatpost", "title": "Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:43", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6123", "CVE-2018-6124", "CVE-2018-6125", "CVE-2018-6126", "CVE-2018-6127", "CVE-2018-6129", "CVE-2018-6130", "CVE-2018-6131", "CVE-2018-6132", "CVE-2018-6133", "CVE-2018-6134", "CVE-2018-6135", "CVE-2018-6136", "CVE-2018-6137", "CVE-2018-6138", "CVE-2018-6139", "CVE-2018-6140", "CVE-2018-6141", "CVE-2018-6142", "CVE-2018-6143", "CVE-2018-6144", "CVE-2018-6145", "CVE-2018-6147"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 67.0.3396.62.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in Blink (CVE-2018-6123)\n\n* chromium-browser: Type confusion in Blink (CVE-2018-6124)\n\n* chromium-browser: Overly permissive policy in WebUSB (CVE-2018-6125)\n\n* chromium-browser: Heap buffer overflow in Skia (CVE-2018-6126)\n\n* chromium-browser: Use after free in indexedDB (CVE-2018-6127)\n\n* chromium-browser: Out of bounds memory access in WebRTC (CVE-2018-6129)\n\n* chromium-browser: Out of bounds memory access in WebRTC (CVE-2018-6130)\n\n* chromium-browser: Incorrect mutability protection in WebAssembly (CVE-2018-6131)\n\n* chromium-browser: Use of uninitialized memory in WebRTC (CVE-2018-6132)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-6133)\n\n* chromium-browser: Referrer Policy bypass in Blink (CVE-2018-6134)\n\n* chromium-browser: UI spoofing in Blink (CVE-2018-6135)\n\n* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6136)\n\n* chromium-browser: Leak of visited status of page in Blink (CVE-2018-6137)\n\n* chromium-browser: Overly permissive policy in Extensions (CVE-2018-6138)\n\n* chromium-browser: Restrictions bypass in the debugger extension API (CVE-2018-6139)\n\n* chromium-browser: Restrictions bypass in the debugger extension API (CVE-2018-6140)\n\n* chromium-browser: Heap buffer overflow in Skia (CVE-2018-6141)\n\n* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6142)\n\n* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6143)\n\n* chromium-browser: Out of bounds memory access in PDFium (CVE-2018-6144)\n\n* chromium-browser: Incorrect escaping of MathML in Blink (CVE-2018-6145)\n\n* chromium-browser: Password fields not taking advantage of OS protections in Views (CVE-2018-6147)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-06-09T14:13:38", "published": "2018-06-08T00:24:56", "id": "RHSA-2018:1815", "href": "https://access.redhat.com/errata/RHSA-2018:1815", "type": "redhat", "title": "(RHSA-2018:1815) Important: chromium-browser security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-05-31T20:16:09", "description": "An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 67.0.3396.62.\n\nSecurity Fix(es) :\n\n* chromium-browser: Use after free in Blink (CVE-2018-6123)\n\n* chromium-browser: Type confusion in Blink (CVE-2018-6124)\n\n* chromium-browser: Overly permissive policy in WebUSB (CVE-2018-6125)\n\n* chromium-browser: Heap buffer overflow in Skia (CVE-2018-6126)\n\n* chromium-browser: Use after free in indexedDB (CVE-2018-6127)\n\n* chromium-browser: Out of bounds memory access in WebRTC\n(CVE-2018-6129)\n\n* chromium-browser: Out of bounds memory access in WebRTC\n(CVE-2018-6130)\n\n* chromium-browser: Incorrect mutability protection in WebAssembly\n(CVE-2018-6131)\n\n* chromium-browser: Use of uninitialized memory in WebRTC\n(CVE-2018-6132)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-6133)\n\n* chromium-browser: Referrer Policy bypass in Blink (CVE-2018-6134)\n\n* chromium-browser: UI spoofing in Blink (CVE-2018-6135)\n\n* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6136)\n\n* chromium-browser: Leak of visited status of page in Blink\n(CVE-2018-6137)\n\n* chromium-browser: Overly permissive policy in Extensions\n(CVE-2018-6138)\n\n* chromium-browser: Restrictions bypass in the debugger extension API\n(CVE-2018-6139)\n\n* chromium-browser: Restrictions bypass in the debugger extension API\n(CVE-2018-6140)\n\n* chromium-browser: Heap buffer overflow in Skia (CVE-2018-6141)\n\n* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6142)\n\n* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6143)\n\n* chromium-browser: Out of bounds memory access in PDFium\n(CVE-2018-6144)\n\n* chromium-browser: Incorrect escaping of MathML in Blink\n(CVE-2018-6145)\n\n* chromium-browser: Password fields not taking advantage of OS\nprotections in Views (CVE-2018-6147)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.", "edition": 21, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-06-08T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2018:1815)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "modified": "2018-06-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "p-cpe:/a:redhat:enterprise_linux:chromium-browser", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-1815.NASL", "href": "https://www.tenable.com/plugins/nessus/110406", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1815. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110406);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\", \"CVE-2018-6127\", \"CVE-2018-6129\", \"CVE-2018-6130\", \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\", \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\", \"CVE-2018-6139\", \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\", \"CVE-2018-6143\", \"CVE-2018-6144\", \"CVE-2018-6145\", \"CVE-2018-6147\");\n script_xref(name:\"RHSA\", value:\"2018:1815\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2018:1815)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 67.0.3396.62.\n\nSecurity Fix(es) :\n\n* chromium-browser: Use after free in Blink (CVE-2018-6123)\n\n* chromium-browser: Type confusion in Blink (CVE-2018-6124)\n\n* chromium-browser: Overly permissive policy in WebUSB (CVE-2018-6125)\n\n* chromium-browser: Heap buffer overflow in Skia (CVE-2018-6126)\n\n* chromium-browser: Use after free in indexedDB (CVE-2018-6127)\n\n* chromium-browser: Out of bounds memory access in WebRTC\n(CVE-2018-6129)\n\n* chromium-browser: Out of bounds memory access in WebRTC\n(CVE-2018-6130)\n\n* chromium-browser: Incorrect mutability protection in WebAssembly\n(CVE-2018-6131)\n\n* chromium-browser: Use of uninitialized memory in WebRTC\n(CVE-2018-6132)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-6133)\n\n* chromium-browser: Referrer Policy bypass in Blink (CVE-2018-6134)\n\n* chromium-browser: UI spoofing in Blink (CVE-2018-6135)\n\n* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6136)\n\n* chromium-browser: Leak of visited status of page in Blink\n(CVE-2018-6137)\n\n* chromium-browser: Overly permissive policy in Extensions\n(CVE-2018-6138)\n\n* chromium-browser: Restrictions bypass in the debugger extension API\n(CVE-2018-6139)\n\n* chromium-browser: Restrictions bypass in the debugger extension API\n(CVE-2018-6140)\n\n* chromium-browser: Heap buffer overflow in Skia (CVE-2018-6141)\n\n* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6142)\n\n* chromium-browser: Out of bounds memory access in V8 (CVE-2018-6143)\n\n* chromium-browser: Out of bounds memory access in PDFium\n(CVE-2018-6144)\n\n* chromium-browser: Incorrect escaping of MathML in Blink\n(CVE-2018-6145)\n\n* chromium-browser: Password fields not taking advantage of OS\nprotections in Views (CVE-2018-6147)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6147\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1815\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-67.0.3396.62-2.el6_9\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-67.0.3396.62-2.el6_9\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-67.0.3396.62-2.el6_9\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-67.0.3396.62-2.el6_9\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:07:42", "description": "The version of Google Chrome installed on the remote Windows host is\nprior to 67.0.3396.62. It is, therefore, affected by a multiple\nunspecified vulnerabilities as noted in Chrome stable channel update\nrelease notes for May 29th, 2018. Please refer to the release notes\nfor additional information.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-05-31T00:00:00", "title": "Google Chrome < 67.0.3396.62 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_67_0_3396_62.NASL", "href": "https://www.tenable.com/plugins/nessus/110228", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110228);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/04/05 23:25:09\");\n\n script_cve_id(\n \"CVE-2018-6123\",\n \"CVE-2018-6124\",\n \"CVE-2018-6125\",\n \"CVE-2018-6126\",\n \"CVE-2018-6127\",\n \"CVE-2018-6128\",\n \"CVE-2018-6129\",\n \"CVE-2018-6130\",\n \"CVE-2018-6131\",\n \"CVE-2018-6132\",\n \"CVE-2018-6133\",\n \"CVE-2018-6134\",\n \"CVE-2018-6135\",\n \"CVE-2018-6136\",\n \"CVE-2018-6137\",\n \"CVE-2018-6138\",\n \"CVE-2018-6139\",\n \"CVE-2018-6140\",\n \"CVE-2018-6141\",\n \"CVE-2018-6142\",\n \"CVE-2018-6143\",\n \"CVE-2018-6144\",\n \"CVE-2018-6145\",\n \"CVE-2018-6147\"\n );\n script_bugtraq_id(104309);\n\n script_name(english:\"Google Chrome < 67.0.3396.62 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 67.0.3396.62. It is, therefore, affected by a multiple\nunspecified vulnerabilities as noted in Chrome stable channel update\nrelease notes for May 29th, 2018. Please refer to the release notes\nfor additional information.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html\n script_set_attribute(attribute:\"see_also\",value:\"http://www.nessus.org/u?e0ac93e8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 67.0.3396.62 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/31\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'67.0.3396.62', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:32:14", "description": "The version of Google Chrome installed on the remote host is prior\nto 67.0.3396.62. It is, therefore, affected by multiple unspecified\nvulnerabilities as noted in Chrome stable channel update release notes\nfor May 29th, 2018. Please refer to the release notes for additional\ninformation.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-05-31T00:00:00", "title": "Google Chrome < 67.0.3396.62 Multiple Vulnerabilities (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_67_0_3396_62.NASL", "href": "https://www.tenable.com/plugins/nessus/110229", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110229);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\n \"CVE-2018-6123\",\n \"CVE-2018-6124\",\n \"CVE-2018-6125\",\n \"CVE-2018-6126\",\n \"CVE-2018-6127\",\n \"CVE-2018-6128\",\n \"CVE-2018-6129\",\n \"CVE-2018-6130\",\n \"CVE-2018-6131\",\n \"CVE-2018-6132\",\n \"CVE-2018-6133\",\n \"CVE-2018-6134\",\n \"CVE-2018-6135\",\n \"CVE-2018-6136\",\n \"CVE-2018-6137\",\n \"CVE-2018-6138\",\n \"CVE-2018-6139\",\n \"CVE-2018-6140\",\n \"CVE-2018-6141\",\n \"CVE-2018-6142\",\n \"CVE-2018-6143\",\n \"CVE-2018-6144\",\n \"CVE-2018-6145\",\n \"CVE-2018-6147\"\n );\n script_bugtraq_id(104309);\n\n script_name(english:\"Google Chrome < 67.0.3396.62 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is prior\nto 67.0.3396.62. It is, therefore, affected by multiple unspecified\nvulnerabilities as noted in Chrome stable channel update release notes\nfor May 29th, 2018. Please refer to the release notes for additional\ninformation.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html\n script_set_attribute(attribute:\"see_also\",value:\"http://www.nessus.org/u?e0ac93e8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 67.0.3396.62 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/31\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'67.0.3396.62', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T02:37:48", "description": "Google Chrome Releases reports :\n\n34 security fixes in this release, including :\n\n- [835639] High CVE-2018-6123: Use after free in Blink. Reported by\nLooben Yang on 2018-04-22\n\n- [840320] High CVE-2018-6124: Type confusion in Blink. Reported by\nGuang Gong of Alpha Team, Qihoo 360 on 2018-05-07\n\n- [818592] High CVE-2018-6125: Overly permissive policy in WebUSB.\nReported by Yubico, Inc on 2018-03-05\n\n- [844457] High CVE-2018-6126: Heap buffer overflow in Skia. Reported\nby Ivan Fratric of Google Project Zero on 2018-05-18\n\n- [842990] High CVE-2018-6127: Use after free in indexedDB. Reported\nby Looben Yang on 2018-05-15\n\n- [841105] High CVE-2018-6128: uXSS in Chrome on iOS. Reported by\nTomasz Bojarski on 2018-05-09\n\n- [838672] High CVE-2018-6129: Out of bounds memory access in WebRTC.\nReported by Natalie Silvanovich of Google Project Zero on 2018-05-01\n\n- [838402] High CVE-2018-6130: Out of bounds memory access in WebRTC.\nReported by Natalie Silvanovich of Google Project Zero on 2018-04-30\n\n- [826434] High CVE-2018-6131: Incorrect mutability protection in\nWebAssembly. Reported by Natalie Silvanovich of Google Project Zero on\n2018-03-27\n\n- [839960] Medium CVE-2018-6132: Use of uninitialized memory in\nWebRTC. Reported by Ronald E. Crane on 2018-05-04\n\n- [817247] Medium CVE-2018-6133: URL spoof in Omnibox. Reported by\nKhalil Zhani on 2018-02-28\n\n- [797465] Medium CVE-2018-6134: Referrer Policy bypass in Blink.\nReported by Jun Kokatsu (@shhnjk) on 2017-12-23\n\n- [823353] Medium CVE-2018-6135: UI spoofing in Blink. Reported by\nJasper Rebane on 2018-03-19\n\n- [831943] Medium CVE-2018-6136: Out of bounds memory access in V8.\nReported by Peter Wong on 2018-04-12\n\n- [835589] Medium CVE-2018-6137: Leak of visited status of page in\nBlink. Reported by Michael Smith (spinda.net) on 2018-04-21\n\n- [810220] Medium CVE-2018-6138: Overly permissive policy in\nExtensions. Reported by Francois Lajeunesse-Robert on 2018-02-08\n\n- [805224] Medium CVE-2018-6139: Restrictions bypass in the debugger\nextension API. Reported by Rob Wu on 2018-01-24\n\n- [798222] Medium CVE-2018-6140: Restrictions bypass in the debugger\nextension API. Reported by Rob Wu on 2018-01-01\n\n- [796107] Medium CVE-2018-6141: Heap buffer overflow in Skia.\nReported by Yangkang (@dnpushme) and Wanglu of Qihoo360 Qex Team on\n2017-12-19\n\n- [837939] Medium CVE-2018-6142: Out of bounds memory access in V8.\nReported by Choongwoo Han of Naver Corporation on 2018-04-28\n\n- [843022] Medium CVE-2018-6143: Out of bounds memory access in V8.\nReported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-15\n\n- [828049] Low CVE-2018-6144: Out of bounds memory access in PDFium.\nReported by pdknsk on 2018-04-02\n\n- [805924] Low CVE-2018-6145: Incorrect escaping of MathML in Blink.\nReported by Masato Kinugawa on 2018-01-25\n\n- [818133] Low CVE-2018-6147: Password fields not taking advantage of\nOS protections in Views. Reported by Michail Pishchagin (Yandex) on\n2018-03-02\n\n- [847542] Various fixes from internal audits, fuzzing and other\ninitiatives", "edition": 28, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-05-31T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (427b0f58-644c-11e8-9e1b-e8e0b747a45a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_427B0F58644C11E89E1BE8E0B747A45A.NASL", "href": "https://www.tenable.com/plugins/nessus/110254", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110254);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/07/10 16:04:13\");\n\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\", \"CVE-2018-6127\", \"CVE-2018-6128\", \"CVE-2018-6129\", \"CVE-2018-6130\", \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\", \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\", \"CVE-2018-6139\", \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\", \"CVE-2018-6143\", \"CVE-2018-6144\", \"CVE-2018-6145\", \"CVE-2018-6147\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (427b0f58-644c-11e8-9e1b-e8e0b747a45a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n34 security fixes in this release, including :\n\n- [835639] High CVE-2018-6123: Use after free in Blink. Reported by\nLooben Yang on 2018-04-22\n\n- [840320] High CVE-2018-6124: Type confusion in Blink. Reported by\nGuang Gong of Alpha Team, Qihoo 360 on 2018-05-07\n\n- [818592] High CVE-2018-6125: Overly permissive policy in WebUSB.\nReported by Yubico, Inc on 2018-03-05\n\n- [844457] High CVE-2018-6126: Heap buffer overflow in Skia. Reported\nby Ivan Fratric of Google Project Zero on 2018-05-18\n\n- [842990] High CVE-2018-6127: Use after free in indexedDB. Reported\nby Looben Yang on 2018-05-15\n\n- [841105] High CVE-2018-6128: uXSS in Chrome on iOS. Reported by\nTomasz Bojarski on 2018-05-09\n\n- [838672] High CVE-2018-6129: Out of bounds memory access in WebRTC.\nReported by Natalie Silvanovich of Google Project Zero on 2018-05-01\n\n- [838402] High CVE-2018-6130: Out of bounds memory access in WebRTC.\nReported by Natalie Silvanovich of Google Project Zero on 2018-04-30\n\n- [826434] High CVE-2018-6131: Incorrect mutability protection in\nWebAssembly. Reported by Natalie Silvanovich of Google Project Zero on\n2018-03-27\n\n- [839960] Medium CVE-2018-6132: Use of uninitialized memory in\nWebRTC. Reported by Ronald E. Crane on 2018-05-04\n\n- [817247] Medium CVE-2018-6133: URL spoof in Omnibox. Reported by\nKhalil Zhani on 2018-02-28\n\n- [797465] Medium CVE-2018-6134: Referrer Policy bypass in Blink.\nReported by Jun Kokatsu (@shhnjk) on 2017-12-23\n\n- [823353] Medium CVE-2018-6135: UI spoofing in Blink. Reported by\nJasper Rebane on 2018-03-19\n\n- [831943] Medium CVE-2018-6136: Out of bounds memory access in V8.\nReported by Peter Wong on 2018-04-12\n\n- [835589] Medium CVE-2018-6137: Leak of visited status of page in\nBlink. Reported by Michael Smith (spinda.net) on 2018-04-21\n\n- [810220] Medium CVE-2018-6138: Overly permissive policy in\nExtensions. Reported by Francois Lajeunesse-Robert on 2018-02-08\n\n- [805224] Medium CVE-2018-6139: Restrictions bypass in the debugger\nextension API. Reported by Rob Wu on 2018-01-24\n\n- [798222] Medium CVE-2018-6140: Restrictions bypass in the debugger\nextension API. Reported by Rob Wu on 2018-01-01\n\n- [796107] Medium CVE-2018-6141: Heap buffer overflow in Skia.\nReported by Yangkang (@dnpushme) and Wanglu of Qihoo360 Qex Team on\n2017-12-19\n\n- [837939] Medium CVE-2018-6142: Out of bounds memory access in V8.\nReported by Choongwoo Han of Naver Corporation on 2018-04-28\n\n- [843022] Medium CVE-2018-6143: Out of bounds memory access in V8.\nReported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-15\n\n- [828049] Low CVE-2018-6144: Out of bounds memory access in PDFium.\nReported by pdknsk on 2018-04-02\n\n- [805924] Low CVE-2018-6145: Incorrect escaping of MathML in Blink.\nReported by Masato Kinugawa on 2018-01-25\n\n- [818133] Low CVE-2018-6147: Password fields not taking advantage of\nOS protections in Views. Reported by Michail Pishchagin (Yandex) on\n2018-03-02\n\n- [847542] Various fixes from internal audits, fuzzing and other\ninitiatives\"\n );\n # https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e0ac93e8\"\n );\n # https://vuxml.freebsd.org/freebsd/427b0f58-644c-11e8-9e1b-e8e0b747a45a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f447c183\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<67.0.3396.62\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:18:56", "description": "Update to Chromium 67. Security fix for CVE-2018-6123 CVE-2018-6124\nCVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6128 CVE-2018-6129\nCVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134\nCVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6148\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 15, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : chromium (2018-7c80aaef26)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6148", "CVE-2018-6135", "CVE-2018-6143"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-7C80AAEF26.NASL", "href": "https://www.tenable.com/plugins/nessus/120558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-7c80aaef26.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120558);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\", \"CVE-2018-6127\", \"CVE-2018-6128\", \"CVE-2018-6129\", \"CVE-2018-6130\", \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\", \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\", \"CVE-2018-6139\", \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\", \"CVE-2018-6143\", \"CVE-2018-6144\", \"CVE-2018-6145\", \"CVE-2018-6147\", \"CVE-2018-6148\");\n script_xref(name:\"FEDORA\", value:\"2018-7c80aaef26\");\n\n script_name(english:\"Fedora 28 : chromium (2018-7c80aaef26)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Chromium 67. Security fix for CVE-2018-6123 CVE-2018-6124\nCVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6128 CVE-2018-6129\nCVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134\nCVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6148\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-7c80aaef26\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6140\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"chromium-67.0.3396.79-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:15:52", "description": "Update to Chromium 67. Security fix for CVE-2018-6123 CVE-2018-6124\nCVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6128 CVE-2018-6129\nCVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134\nCVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6148\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-06-21T00:00:00", "title": "Fedora 27 : chromium (2018-09b59b0227)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6148", "CVE-2018-6135", "CVE-2018-6143"], "modified": "2018-06-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2018-09B59B0227.NASL", "href": "https://www.tenable.com/plugins/nessus/110625", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-09b59b0227.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110625);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\", \"CVE-2018-6127\", \"CVE-2018-6128\", \"CVE-2018-6129\", \"CVE-2018-6130\", \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\", \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\", \"CVE-2018-6139\", \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\", \"CVE-2018-6143\", \"CVE-2018-6144\", \"CVE-2018-6145\", \"CVE-2018-6147\", \"CVE-2018-6148\");\n script_xref(name:\"FEDORA\", value:\"2018-09b59b0227\");\n\n script_name(english:\"Fedora 27 : chromium (2018-09b59b0227)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Chromium 67. Security fix for CVE-2018-6123 CVE-2018-6124\nCVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6128 CVE-2018-6129\nCVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134\nCVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6148\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-09b59b0227\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"chromium-67.0.3396.79-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:37:57", "description": "This update for chromium to version 66.0.3359.181 fixes the following\nissues :\n\nThe following security issues were fixed (boo#1095163) :\n\n - CVE-2018-6123: Use after free in Blink.\n\n - CVE-2018-6124: Type confusion in Blink.\n\n - CVE-2018-6125: Overly permissive policy in WebUSB.\n\n - CVE-2018-6126: Heap buffer overflow in Skia.\n\n - CVE-2018-6127: Use after free in indexedDB.\n\n - CVE-2018-6128: uXSS in Chrome on iOS.\n\n - CVE-2018-6129: Out of bounds memory access in WebRTC.\n\n - CVE-2018-6130: Out of bounds memory access in WebRTC.\n\n - CVE-2018-6131: Incorrect mutability protection in\n WebAssembly.\n\n - CVE-2018-6132: Use of uninitialized memory in WebRTC.\n\n - CVE-2018-6133: URL spoof in Omnibox.\n\n - CVE-2018-6134: Referrer Policy bypass in Blink.\n\n - CVE-2018-6135: UI spoofing in Blink.\n\n - CVE-2018-6136: Out of bounds memory access in V8.\n\n - CVE-2018-6137: Leak of visited status of page in Blink.\n\n - CVE-2018-6138: Overly permissive policy in Extensions.\n\n - CVE-2018-6139: Restrictions bypass in the debugger\n extension API.\n\n - CVE-2018-6140: Restrictions bypass in the debugger\n extension API.\n\n - CVE-2018-6141: Heap buffer overflow in Skia.\n\n - CVE-2018-6142: Out of bounds memory access in V8.\n\n - CVE-2018-6143: Out of bounds memory access in V8.\n\n - CVE-2018-6144: Out of bounds memory access in PDFium.\n\n - CVE-2018-6145: Incorrect escaping of MathML in Blink.\n\n - CVE-2018-6147: Password fields not taking advantage of\n OS protections in Views.\n\nAdditional changes :\n\n - Autoplay: Force enable on desktop for Web Audio This\n update enables the 'Strict site isolation' feature for a\n larger percentage of users. This feature is a mitigation\n against the Spectre vulnerabilities. It can be turned on\n via: chrome://flags/#enable-site-per-process It can be\n disabled via:\n chrome://flags/#site-isolation-trial-opt-out", "edition": 21, "published": "2018-06-01T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-2018-546)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "modified": "2018-06-01T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2018-546.NASL", "href": "https://www.tenable.com/plugins/nessus/110275", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-546.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110275);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\", \"CVE-2018-6127\", \"CVE-2018-6128\", \"CVE-2018-6129\", \"CVE-2018-6130\", \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\", \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\", \"CVE-2018-6139\", \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\", \"CVE-2018-6143\", \"CVE-2018-6144\", \"CVE-2018-6145\", \"CVE-2018-6147\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2018-546)\");\n script_summary(english:\"Check for the openSUSE-2018-546 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for chromium to version 66.0.3359.181 fixes the following\nissues :\n\nThe following security issues were fixed (boo#1095163) :\n\n - CVE-2018-6123: Use after free in Blink.\n\n - CVE-2018-6124: Type confusion in Blink.\n\n - CVE-2018-6125: Overly permissive policy in WebUSB.\n\n - CVE-2018-6126: Heap buffer overflow in Skia.\n\n - CVE-2018-6127: Use after free in indexedDB.\n\n - CVE-2018-6128: uXSS in Chrome on iOS.\n\n - CVE-2018-6129: Out of bounds memory access in WebRTC.\n\n - CVE-2018-6130: Out of bounds memory access in WebRTC.\n\n - CVE-2018-6131: Incorrect mutability protection in\n WebAssembly.\n\n - CVE-2018-6132: Use of uninitialized memory in WebRTC.\n\n - CVE-2018-6133: URL spoof in Omnibox.\n\n - CVE-2018-6134: Referrer Policy bypass in Blink.\n\n - CVE-2018-6135: UI spoofing in Blink.\n\n - CVE-2018-6136: Out of bounds memory access in V8.\n\n - CVE-2018-6137: Leak of visited status of page in Blink.\n\n - CVE-2018-6138: Overly permissive policy in Extensions.\n\n - CVE-2018-6139: Restrictions bypass in the debugger\n extension API.\n\n - CVE-2018-6140: Restrictions bypass in the debugger\n extension API.\n\n - CVE-2018-6141: Heap buffer overflow in Skia.\n\n - CVE-2018-6142: Out of bounds memory access in V8.\n\n - CVE-2018-6143: Out of bounds memory access in V8.\n\n - CVE-2018-6144: Out of bounds memory access in PDFium.\n\n - CVE-2018-6145: Incorrect escaping of MathML in Blink.\n\n - CVE-2018-6147: Password fields not taking advantage of\n OS protections in Views.\n\nAdditional changes :\n\n - Autoplay: Force enable on desktop for Web Audio This\n update enables the 'Strict site isolation' feature for a\n larger percentage of users. This feature is a mitigation\n against the Spectre vulnerabilities. It can be turned on\n via: chrome://flags/#enable-site-per-process It can be\n disabled via:\n chrome://flags/#site-isolation-trial-opt-out\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095163\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-67.0.3396.62-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-debuginfo-67.0.3396.62-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-67.0.3396.62-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debuginfo-67.0.3396.62-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debugsource-67.0.3396.62-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-67.0.3396.62-161.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-debuginfo-67.0.3396.62-161.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-67.0.3396.62-161.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debuginfo-67.0.3396.62-161.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debugsource-67.0.3396.62-161.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:38:37", "description": "This update for Chromium to version 67.0.3396.99 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1095163) :\n\n - CVE-2018-6123: Use after free in Blink\n\n - CVE-2018-6124: Type confusion in Blink\n\n - CVE-2018-6125: Overly permissive policy in WebUSB\n\n - CVE-2018-6126: Heap buffer overflow in Skia\n\n - CVE-2018-6127: Use after free in indexedDB\n\n - CVE-2018-6129: Out of bounds memory access in WebRTC\n\n - CVE-2018-6130: Out of bounds memory access in WebRTC\n\n - CVE-2018-6131: Incorrect mutability protection in\n WebAssembly\n\n - CVE-2018-6132: Use of uninitialized memory in WebRTC\n\n - CVE-2018-6133: URL spoof in Omnibox\n\n - CVE-2018-6134: Referrer Policy bypass in Blink\n\n - CVE-2018-6135: UI spoofing in Blink\n\n - CVE-2018-6136: Out of bounds memory access in V8\n\n - CVE-2018-6137: Leak of visited status of page in Blink\n\n - CVE-2018-6138: Overly permissive policy in Extensions\n\n - CVE-2018-6139: Restrictions bypass in the debugger\n extension API\n\n - CVE-2018-6140: Restrictions bypass in the debugger\n extension API\n\n - CVE-2018-6141: Heap buffer overflow in Skia\n\n - CVE-2018-6142: Out of bounds memory access in V8\n\n - CVE-2018-6143: Out of bounds memory access in V8\n\n - CVE-2018-6144: Out of bounds memory access in PDFium\n\n - CVE-2018-6145: Incorrect escaping of MathML in Blink\n\n - CVE-2018-6147: Password fields not taking advantage of\n OS protections in Views\n\n - CVE-2018-6148: Incorrect handling of CSP header\n (boo#1096508)\n\n - CVE-2018-6149: Out of bounds write in V8 (boo#1097452)\n\nThe following tracked packaging changes are included :\n\n - Require ffmpeg >= 4.0 (boo#1095545)", "edition": 18, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-07-26T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2018-759)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6149", "CVE-2018-6148", "CVE-2018-6135", "CVE-2018-6143"], "modified": "2018-07-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2018-759.NASL", "href": "https://www.tenable.com/plugins/nessus/111345", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-759.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111345);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\", \"CVE-2018-6127\", \"CVE-2018-6128\", \"CVE-2018-6129\", \"CVE-2018-6130\", \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\", \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\", \"CVE-2018-6139\", \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\", \"CVE-2018-6143\", \"CVE-2018-6144\", \"CVE-2018-6145\", \"CVE-2018-6147\", \"CVE-2018-6148\", \"CVE-2018-6149\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2018-759)\");\n script_summary(english:\"Check for the openSUSE-2018-759 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for Chromium to version 67.0.3396.99 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1095163) :\n\n - CVE-2018-6123: Use after free in Blink\n\n - CVE-2018-6124: Type confusion in Blink\n\n - CVE-2018-6125: Overly permissive policy in WebUSB\n\n - CVE-2018-6126: Heap buffer overflow in Skia\n\n - CVE-2018-6127: Use after free in indexedDB\n\n - CVE-2018-6129: Out of bounds memory access in WebRTC\n\n - CVE-2018-6130: Out of bounds memory access in WebRTC\n\n - CVE-2018-6131: Incorrect mutability protection in\n WebAssembly\n\n - CVE-2018-6132: Use of uninitialized memory in WebRTC\n\n - CVE-2018-6133: URL spoof in Omnibox\n\n - CVE-2018-6134: Referrer Policy bypass in Blink\n\n - CVE-2018-6135: UI spoofing in Blink\n\n - CVE-2018-6136: Out of bounds memory access in V8\n\n - CVE-2018-6137: Leak of visited status of page in Blink\n\n - CVE-2018-6138: Overly permissive policy in Extensions\n\n - CVE-2018-6139: Restrictions bypass in the debugger\n extension API\n\n - CVE-2018-6140: Restrictions bypass in the debugger\n extension API\n\n - CVE-2018-6141: Heap buffer overflow in Skia\n\n - CVE-2018-6142: Out of bounds memory access in V8\n\n - CVE-2018-6143: Out of bounds memory access in V8\n\n - CVE-2018-6144: Out of bounds memory access in PDFium\n\n - CVE-2018-6145: Incorrect escaping of MathML in Blink\n\n - CVE-2018-6147: Password fields not taking advantage of\n OS protections in Views\n\n - CVE-2018-6148: Incorrect handling of CSP header\n (boo#1096508)\n\n - CVE-2018-6149: Out of bounds write in V8 (boo#1097452)\n\nThe following tracked packaging changes are included :\n\n - Require ffmpeg >= 4.0 (boo#1095545)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1070421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097452\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-67.0.3396.99-lp150.2.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-debuginfo-67.0.3396.99-lp150.2.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-67.0.3396.99-lp150.2.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debuginfo-67.0.3396.99-lp150.2.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debugsource-67.0.3396.99-lp150.2.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-67.0.3396.99-161.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-debuginfo-67.0.3396.99-161.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-67.0.3396.99-161.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debuginfo-67.0.3396.99-161.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debugsource-67.0.3396.99-161.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:51:50", "description": "This update for Chromium to version 67.0.3396.99 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1095163) :\n\n - CVE-2018-6123: Use after free in Blink\n\n - CVE-2018-6124: Type confusion in Blink\n\n - CVE-2018-6125: Overly permissive policy in WebUSB\n\n - CVE-2018-6126: Heap buffer overflow in Skia\n\n - CVE-2018-6127: Use after free in indexedDB\n\n - CVE-2018-6129: Out of bounds memory access in WebRTC\n\n - CVE-2018-6130: Out of bounds memory access in WebRTC\n\n - CVE-2018-6131: Incorrect mutability protection in\n WebAssembly\n\n - CVE-2018-6132: Use of uninitialized memory in WebRTC\n\n - CVE-2018-6133: URL spoof in Omnibox\n\n - CVE-2018-6134: Referrer Policy bypass in Blink\n\n - CVE-2018-6135: UI spoofing in Blink\n\n - CVE-2018-6136: Out of bounds memory access in V8\n\n - CVE-2018-6137: Leak of visited status of page in Blink\n\n - CVE-2018-6138: Overly permissive policy in Extensions\n\n - CVE-2018-6139: Restrictions bypass in the debugger\n extension API\n\n - CVE-2018-6140: Restrictions bypass in the debugger\n extension API\n\n - CVE-2018-6141: Heap buffer overflow in Skia\n\n - CVE-2018-6142: Out of bounds memory access in V8\n\n - CVE-2018-6143: Out of bounds memory access in V8\n\n - CVE-2018-6144: Out of bounds memory access in PDFium\n\n - CVE-2018-6145: Incorrect escaping of MathML in Blink\n\n - CVE-2018-6147: Password fields not taking advantage of\n OS protections in Views\n\n - CVE-2018-6148: Incorrect handling of CSP header\n (boo#1096508)\n\n - CVE-2018-6149: Out of bounds write in V8 (boo#1097452)\n\nThe following tracked packaging changes are included :\n\n - Require ffmpeg >= 4.0 (boo#1095545)", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2019-548)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6149", "CVE-2018-6148", "CVE-2018-6135", "CVE-2018-6143"], "modified": "2019-03-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2019-548.NASL", "href": "https://www.tenable.com/plugins/nessus/123234", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-548.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123234);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\", \"CVE-2018-6127\", \"CVE-2018-6128\", \"CVE-2018-6129\", \"CVE-2018-6130\", \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\", \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\", \"CVE-2018-6139\", \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\", \"CVE-2018-6143\", \"CVE-2018-6144\", \"CVE-2018-6145\", \"CVE-2018-6147\", \"CVE-2018-6148\", \"CVE-2018-6149\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2019-548)\");\n script_summary(english:\"Check for the openSUSE-2019-548 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for Chromium to version 67.0.3396.99 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1095163) :\n\n - CVE-2018-6123: Use after free in Blink\n\n - CVE-2018-6124: Type confusion in Blink\n\n - CVE-2018-6125: Overly permissive policy in WebUSB\n\n - CVE-2018-6126: Heap buffer overflow in Skia\n\n - CVE-2018-6127: Use after free in indexedDB\n\n - CVE-2018-6129: Out of bounds memory access in WebRTC\n\n - CVE-2018-6130: Out of bounds memory access in WebRTC\n\n - CVE-2018-6131: Incorrect mutability protection in\n WebAssembly\n\n - CVE-2018-6132: Use of uninitialized memory in WebRTC\n\n - CVE-2018-6133: URL spoof in Omnibox\n\n - CVE-2018-6134: Referrer Policy bypass in Blink\n\n - CVE-2018-6135: UI spoofing in Blink\n\n - CVE-2018-6136: Out of bounds memory access in V8\n\n - CVE-2018-6137: Leak of visited status of page in Blink\n\n - CVE-2018-6138: Overly permissive policy in Extensions\n\n - CVE-2018-6139: Restrictions bypass in the debugger\n extension API\n\n - CVE-2018-6140: Restrictions bypass in the debugger\n extension API\n\n - CVE-2018-6141: Heap buffer overflow in Skia\n\n - CVE-2018-6142: Out of bounds memory access in V8\n\n - CVE-2018-6143: Out of bounds memory access in V8\n\n - CVE-2018-6144: Out of bounds memory access in PDFium\n\n - CVE-2018-6145: Incorrect escaping of MathML in Blink\n\n - CVE-2018-6147: Password fields not taking advantage of\n OS protections in Views\n\n - CVE-2018-6148: Incorrect handling of CSP header\n (boo#1096508)\n\n - CVE-2018-6149: Out of bounds write in V8 (boo#1097452)\n\nThe following tracked packaging changes are included :\n\n - Require ffmpeg >= 4.0 (boo#1095545)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1070421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097452\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6140\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-67.0.3396.99-lp150.2.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-debuginfo-67.0.3396.99-lp150.2.3.3\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-67.0.3396.99-lp150.2.3.3\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debuginfo-67.0.3396.99-lp150.2.3.3\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debugsource-67.0.3396.99-lp150.2.3.3\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:47:32", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2018-6118\n Ned Williamson discovered a use-after-free issue.\n\n - CVE-2018-6120\n Zhou Aiting discovered a buffer overflow issue in the\n pdfium library.\n\n - CVE-2018-6121\n It was discovered that malicious extensions could\n escalate privileges.\n\n - CVE-2018-6122\n A type confusion issue was discovered in the v8\n JavaScript library.\n\n - CVE-2018-6123\n Looben Yang discovered a use-after-free issue.\n\n - CVE-2018-6124\n Guang Gong discovered a type confusion issue.\n\n - CVE-2018-6125\n Yubico discovered that the WebUSB implementation was too\n permissive.\n\n - CVE-2018-6126\n Ivan Fratric discovered a buffer overflow issue in the\n skia library.\n\n - CVE-2018-6127\n Looben Yang discovered a use-after-free issue.\n\n - CVE-2018-6129\n Natalie Silvanovich discovered an out-of-bounds read\n issue in WebRTC.\n\n - CVE-2018-6130\n Natalie Silvanovich discovered an out-of-bounds read\n issue in WebRTC.\n\n - CVE-2018-6131\n Natalie Silvanovich discovered an error in WebAssembly.\n\n - CVE-2018-6132\n Ronald E. Crane discovered an uninitialized memory\n issue.\n\n - CVE-2018-6133\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-6134\n Jun Kokatsu discovered a way to bypass the Referrer\n Policy.\n\n - CVE-2018-6135\n Jasper Rebane discovered a user interface spoofing\n issue.\n\n - CVE-2018-6136\n Peter Wong discovered an out-of-bounds read issue in the\n v8 JavaScript library.\n\n - CVE-2018-6137\n Michael Smith discovered an information leak.\n\n - CVE-2018-6138\n Francois Lajeunesse-Robert discovered that the\n extensions policy was too permissive.\n\n - CVE-2018-6139\n Rob Wu discovered a way to bypass restrictions in the\n debugger extension.\n\n - CVE-2018-6140\n Rob Wu discovered a way to bypass restrictions in the\n debugger extension.\n\n - CVE-2018-6141\n Yangkang discovered a buffer overflow issue in the skia\n library.\n\n - CVE-2018-6142\n Choongwoo Han discovered an out-of-bounds read in the v8\n JavaScript library.\n\n - CVE-2018-6143\n Guang Gong discovered an out-of-bounds read in the v8\n JavaScript library.\n\n - CVE-2018-6144\n pdknsk discovered an out-of-bounds read in the pdfium\n library.\n\n - CVE-2018-6145\n Masato Kinugawa discovered an error in the MathML\n implementation.\n\n - CVE-2018-6147\n Michail Pishchagin discovered an error in password entry\n fields.\n\n - CVE-2018-6148\n Michal Bentkowski discovered that the Content Security\n Policy header was handled incorrectly.\n\n - CVE-2018-6149\n Yu Zhou and Jundong Xie discovered an out-of-bounds\n write issue in the v8 JavaScript library.", "edition": 25, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-07-02T00:00:00", "title": "Debian DSA-4237-1 : chromium-browser - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6120", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6118", "CVE-2018-6122", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6121", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6149", "CVE-2018-6148", "CVE-2018-6135", "CVE-2018-6143"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4237.NASL", "href": "https://www.tenable.com/plugins/nessus/110820", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4237. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110820);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/07/15 14:20:30\");\n\n script_cve_id(\"CVE-2018-6118\", \"CVE-2018-6120\", \"CVE-2018-6121\", \"CVE-2018-6122\", \"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\", \"CVE-2018-6127\", \"CVE-2018-6129\", \"CVE-2018-6130\", \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\", \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\", \"CVE-2018-6139\", \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\", \"CVE-2018-6143\", \"CVE-2018-6144\", \"CVE-2018-6145\", \"CVE-2018-6147\", \"CVE-2018-6148\", \"CVE-2018-6149\");\n script_xref(name:\"DSA\", value:\"4237\");\n\n script_name(english:\"Debian DSA-4237-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2018-6118\n Ned Williamson discovered a use-after-free issue.\n\n - CVE-2018-6120\n Zhou Aiting discovered a buffer overflow issue in the\n pdfium library.\n\n - CVE-2018-6121\n It was discovered that malicious extensions could\n escalate privileges.\n\n - CVE-2018-6122\n A type confusion issue was discovered in the v8\n JavaScript library.\n\n - CVE-2018-6123\n Looben Yang discovered a use-after-free issue.\n\n - CVE-2018-6124\n Guang Gong discovered a type confusion issue.\n\n - CVE-2018-6125\n Yubico discovered that the WebUSB implementation was too\n permissive.\n\n - CVE-2018-6126\n Ivan Fratric discovered a buffer overflow issue in the\n skia library.\n\n - CVE-2018-6127\n Looben Yang discovered a use-after-free issue.\n\n - CVE-2018-6129\n Natalie Silvanovich discovered an out-of-bounds read\n issue in WebRTC.\n\n - CVE-2018-6130\n Natalie Silvanovich discovered an out-of-bounds read\n issue in WebRTC.\n\n - CVE-2018-6131\n Natalie Silvanovich discovered an error in WebAssembly.\n\n - CVE-2018-6132\n Ronald E. Crane discovered an uninitialized memory\n issue.\n\n - CVE-2018-6133\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-6134\n Jun Kokatsu discovered a way to bypass the Referrer\n Policy.\n\n - CVE-2018-6135\n Jasper Rebane discovered a user interface spoofing\n issue.\n\n - CVE-2018-6136\n Peter Wong discovered an out-of-bounds read issue in the\n v8 JavaScript library.\n\n - CVE-2018-6137\n Michael Smith discovered an information leak.\n\n - CVE-2018-6138\n Francois Lajeunesse-Robert discovered that the\n extensions policy was too permissive.\n\n - CVE-2018-6139\n Rob Wu discovered a way to bypass restrictions in the\n debugger extension.\n\n - CVE-2018-6140\n Rob Wu discovered a way to bypass restrictions in the\n debugger extension.\n\n - CVE-2018-6141\n Yangkang discovered a buffer overflow issue in the skia\n library.\n\n - CVE-2018-6142\n Choongwoo Han discovered an out-of-bounds read in the v8\n JavaScript library.\n\n - CVE-2018-6143\n Guang Gong discovered an out-of-bounds read in the v8\n JavaScript library.\n\n - CVE-2018-6144\n pdknsk discovered an out-of-bounds read in the pdfium\n library.\n\n - CVE-2018-6145\n Masato Kinugawa discovered an error in the MathML\n implementation.\n\n - CVE-2018-6147\n Michail Pishchagin discovered an error in password entry\n fields.\n\n - CVE-2018-6148\n Michal Bentkowski discovered that the Content Security\n Policy header was handled incorrectly.\n\n - CVE-2018-6149\n Yu Zhou and Jundong Xie discovered an out-of-bounds\n write issue in the v8 JavaScript library.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6149\"\n );\n # https://security-tracker.debian.org/tracker/source-package/chromium-browser\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e33901a2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4237\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 67.0.3396.87-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"chromedriver\", reference:\"67.0.3396.87-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium\", reference:\"67.0.3396.87-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-driver\", reference:\"67.0.3396.87-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-l10n\", reference:\"67.0.3396.87-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-shell\", reference:\"67.0.3396.87-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-widevine\", reference:\"67.0.3396.87-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:43:51", "bulletinFamily": "info", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "description": "### *Detect date*:\n05/29/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities possibly to execute arbitrary code, cause denial of service, perform cross-site scripting attacks, obtain sensitive information, spoof user interface, bypass security restrictions and perform unspecified attacks.\n\n### *Affected products*:\nGoogle Chrome earlier than 67.0.3396.62\n\n### *Solution*:\nUpdate to latest version. \n[Download Google Chrome](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2018-6123](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6123>)0.0Unknown \n[CVE-2018-6124](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6124>)0.0Unknown \n[CVE-2018-6125](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6125>)0.0Unknown \n[CVE-2018-6126](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6126>)0.0Unknown \n[CVE-2018-6127](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6127>)0.0Unknown \n[CVE-2018-6128](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6128>)0.0Unknown \n[CVE-2018-6129](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6129>)0.0Unknown \n[CVE-2018-6130](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6130>)0.0Unknown \n[CVE-2018-6131](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6131>)0.0Unknown \n[CVE-2018-6132](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6132>)0.0Unknown \n[CVE-2018-6133](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6133>)0.0Unknown \n[CVE-2018-6134](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6134>)0.0Unknown \n[CVE-2018-6135](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6135>)0.0Unknown \n[CVE-2018-6136](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6136>)0.0Unknown \n[CVE-2018-6137](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6137>)0.0Unknown \n[CVE-2018-6138](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6138>)0.0Unknown \n[CVE-2018-6139](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6139>)0.0Unknown \n[CVE-2018-6140](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6140>)0.0Unknown \n[CVE-2018-6141](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6141>)0.0Unknown \n[CVE-2018-6142](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6142>)0.0Unknown \n[CVE-2018-6143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6143>)0.0Unknown \n[CVE-2018-6144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6144>)0.0Unknown \n[CVE-2018-6145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6145>)0.0Unknown \n[CVE-2018-6147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6147>)0.0Unknown\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 38, "modified": "2020-06-18T00:00:00", "published": "2018-05-29T00:00:00", "id": "KLA11257", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11257", "title": "\r KLA11257Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:41:00", "bulletinFamily": "info", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "description": "### *Detect date*:\n06/14/2018\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack, spoof user interface, execute arbitrary code.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nOpera earlier than 54.0.2952.23\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for Opera 54](<https://blogs.opera.com/desktop/changelog-for-54/#b2952.23>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2018-6123](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6123>)0.0Unknown \n[CVE-2018-6124](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6124>)0.0Unknown \n[CVE-2018-6125](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6125>)0.0Unknown \n[CVE-2018-6126](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6126>)0.0Unknown \n[CVE-2018-6127](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6127>)0.0Unknown \n[CVE-2018-6128](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6128>)0.0Unknown \n[CVE-2018-6129](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6129>)0.0Unknown \n[CVE-2018-6130](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6130>)0.0Unknown \n[CVE-2018-6131](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6131>)0.0Unknown \n[CVE-2018-6132](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6132>)0.0Unknown \n[CVE-2018-6133](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6133>)0.0Unknown \n[CVE-2018-6134](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6134>)0.0Unknown \n[CVE-2018-6135](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6135>)0.0Unknown \n[CVE-2018-6136](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6136>)0.0Unknown \n[CVE-2018-6137](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6137>)0.0Unknown \n[CVE-2018-6138](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6138>)0.0Unknown \n[CVE-2018-6139](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6139>)0.0Unknown \n[CVE-2018-6140](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6140>)0.0Unknown \n[CVE-2018-6141](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6141>)0.0Unknown \n[CVE-2018-6142](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6142>)0.0Unknown \n[CVE-2018-6143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6143>)0.0Unknown \n[CVE-2018-6144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6144>)0.0Unknown \n[CVE-2018-6145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6145>)0.0Unknown \n[CVE-2018-6147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6147>)0.0Unknown", "edition": 1, "modified": "2020-06-18T00:00:00", "published": "2018-06-14T00:00:00", "id": "KLA11732", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11732", "title": "\r KLA11732Multiple vulnerabilities in Opera ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-06-01T04:36:29", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "description": "This update for chromium to version 66.0.3359.181 fixes the following\n issues:\n\n The following security issues were fixed (boo#1095163):\n\n * CVE-2018-6123: Use after free in Blink.\n * CVE-2018-6124: Type confusion in Blink.\n * CVE-2018-6125: Overly permissive policy in WebUSB.\n * CVE-2018-6126: Heap buffer overflow in Skia.\n * CVE-2018-6127: Use after free in indexedDB.\n * CVE-2018-6128: uXSS in Chrome on iOS.\n * CVE-2018-6129: Out of bounds memory access in WebRTC.\n * CVE-2018-6130: Out of bounds memory access in WebRTC.\n * CVE-2018-6131: Incorrect mutability protection in WebAssembly.\n * CVE-2018-6132: Use of uninitialized memory in WebRTC.\n * CVE-2018-6133: URL spoof in Omnibox.\n * CVE-2018-6134: Referrer Policy bypass in Blink.\n * CVE-2018-6135: UI spoofing in Blink.\n * CVE-2018-6136: Out of bounds memory access in V8.\n * CVE-2018-6137: Leak of visited status of page in Blink.\n * CVE-2018-6138: Overly permissive policy in Extensions.\n * CVE-2018-6139: Restrictions bypass in the debugger extension API.\n * CVE-2018-6140: Restrictions bypass in the debugger extension API.\n * CVE-2018-6141: Heap buffer overflow in Skia.\n * CVE-2018-6142: Out of bounds memory access in V8.\n * CVE-2018-6143: Out of bounds memory access in V8.\n * CVE-2018-6144: Out of bounds memory access in PDFium.\n * CVE-2018-6145: Incorrect escaping of MathML in Blink.\n * CVE-2018-6147: Password fields not taking advantage of OS protections in\n Views.\n\n Additional changes:\n\n * Autoplay: Force enable on desktop for Web Audio\n\n This update enables the "Strict site isolation" feature for a larger\n percentage of users. This feature is a mitigation against the Spectre\n vulnerabilities. It can be turned on via:\n chrome://flags/#enable-site-per-process It can be disabled via:\n chrome://flags/#site-isolation-trial-opt-out\n\n", "edition": 1, "modified": "2018-06-01T03:07:21", "published": "2018-06-01T03:07:21", "id": "OPENSUSE-SU-2018:1485-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00001.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-06-01T04:36:29", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "description": "This update for chromium to version 66.0.3359.181 fixes the following\n issues:\n\n The following security issues were fixed (boo#1095163):\n\n * CVE-2018-6123: Use after free in Blink.\n * CVE-2018-6124: Type confusion in Blink.\n * CVE-2018-6125: Overly permissive policy in WebUSB.\n * CVE-2018-6126: Heap buffer overflow in Skia.\n * CVE-2018-6127: Use after free in indexedDB.\n * CVE-2018-6128: uXSS in Chrome on iOS.\n * CVE-2018-6129: Out of bounds memory access in WebRTC.\n * CVE-2018-6130: Out of bounds memory access in WebRTC.\n * CVE-2018-6131: Incorrect mutability protection in WebAssembly.\n * CVE-2018-6132: Use of uninitialized memory in WebRTC.\n * CVE-2018-6133: URL spoof in Omnibox.\n * CVE-2018-6134: Referrer Policy bypass in Blink.\n * CVE-2018-6135: UI spoofing in Blink.\n * CVE-2018-6136: Out of bounds memory access in V8.\n * CVE-2018-6137: Leak of visited status of page in Blink.\n * CVE-2018-6138: Overly permissive policy in Extensions.\n * CVE-2018-6139: Restrictions bypass in the debugger extension API.\n * CVE-2018-6140: Restrictions bypass in the debugger extension API.\n * CVE-2018-6141: Heap buffer overflow in Skia.\n * CVE-2018-6142: Out of bounds memory access in V8.\n * CVE-2018-6143: Out of bounds memory access in V8.\n * CVE-2018-6144: Out of bounds memory access in PDFium.\n * CVE-2018-6145: Incorrect escaping of MathML in Blink.\n * CVE-2018-6147: Password fields not taking advantage of OS protections in\n Views.\n\n Additional changes:\n\n * Autoplay: Force enable on desktop for Web Audio\n\n This update enables the "Strict site isolation" feature for a larger\n percentage of users. This feature is a mitigation against the Spectre\n vulnerabilities. It can be turned on via:\n chrome://flags/#enable-site-per-process It can be disabled via:\n chrome://flags/#site-isolation-trial-opt-out\n\n", "edition": 1, "modified": "2018-06-01T03:06:56", "published": "2018-06-01T03:06:56", "id": "OPENSUSE-SU-2018:1484-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00000.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-07-25T17:46:30", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6149", "CVE-2018-6148", "CVE-2018-6135", "CVE-2018-6143"], "description": "This update for Chromium to version 67.0.3396.99 fixes multiple issues.\n\n Security issues fixed (bsc#1095163):\n\n - CVE-2018-6123: Use after free in Blink\n - CVE-2018-6124: Type confusion in Blink\n - CVE-2018-6125: Overly permissive policy in WebUSB\n - CVE-2018-6126: Heap buffer overflow in Skia\n - CVE-2018-6127: Use after free in indexedDB\n - CVE-2018-6129: Out of bounds memory access in WebRTC\n - CVE-2018-6130: Out of bounds memory access in WebRTC\n - CVE-2018-6131: Incorrect mutability protection in WebAssembly\n - CVE-2018-6132: Use of uninitialized memory in WebRTC\n - CVE-2018-6133: URL spoof in Omnibox\n - CVE-2018-6134: Referrer Policy bypass in Blink\n - CVE-2018-6135: UI spoofing in Blink\n - CVE-2018-6136: Out of bounds memory access in V8\n - CVE-2018-6137: Leak of visited status of page in Blink\n - CVE-2018-6138: Overly permissive policy in Extensions\n - CVE-2018-6139: Restrictions bypass in the debugger extension API\n - CVE-2018-6140: Restrictions bypass in the debugger extension API\n - CVE-2018-6141: Heap buffer overflow in Skia\n - CVE-2018-6142: Out of bounds memory access in V8\n - CVE-2018-6143: Out of bounds memory access in V8\n - CVE-2018-6144: Out of bounds memory access in PDFium\n - CVE-2018-6145: Incorrect escaping of MathML in Blink\n - CVE-2018-6147: Password fields not taking advantage of OS protections in\n Views\n - CVE-2018-6148: Incorrect handling of CSP header (boo#1096508)\n - CVE-2018-6149: Out of bounds write in V8 (boo#1097452)\n\n The following tracked packaging changes are included:\n\n - Require ffmpeg >= 4.0 (boo#1095545)\n\n", "edition": 1, "modified": "2018-07-25T15:09:58", "published": "2018-07-25T15:09:58", "id": "OPENSUSE-SU-2018:2055-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00032.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-07-25T17:46:30", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6149", "CVE-2018-6148", "CVE-2018-6135", "CVE-2018-6143"], "description": "This update for Chromium to version 67.0.3396.99 fixes multiple issues.\n\n Security issues fixed (bsc#1095163):\n\n - CVE-2018-6123: Use after free in Blink\n - CVE-2018-6124: Type confusion in Blink\n - CVE-2018-6125: Overly permissive policy in WebUSB\n - CVE-2018-6126: Heap buffer overflow in Skia\n - CVE-2018-6127: Use after free in indexedDB\n - CVE-2018-6129: Out of bounds memory access in WebRTC\n - CVE-2018-6130: Out of bounds memory access in WebRTC\n - CVE-2018-6131: Incorrect mutability protection in WebAssembly\n - CVE-2018-6132: Use of uninitialized memory in WebRTC\n - CVE-2018-6133: URL spoof in Omnibox\n - CVE-2018-6134: Referrer Policy bypass in Blink\n - CVE-2018-6135: UI spoofing in Blink\n - CVE-2018-6136: Out of bounds memory access in V8\n - CVE-2018-6137: Leak of visited status of page in Blink\n - CVE-2018-6138: Overly permissive policy in Extensions\n - CVE-2018-6139: Restrictions bypass in the debugger extension API\n - CVE-2018-6140: Restrictions bypass in the debugger extension API\n - CVE-2018-6141: Heap buffer overflow in Skia\n - CVE-2018-6142: Out of bounds memory access in V8\n - CVE-2018-6143: Out of bounds memory access in V8\n - CVE-2018-6144: Out of bounds memory access in PDFium\n - CVE-2018-6145: Incorrect escaping of MathML in Blink\n - CVE-2018-6147: Password fields not taking advantage of OS protections in\n Views\n - CVE-2018-6148: Incorrect handling of CSP header (boo#1096508)\n - CVE-2018-6149: Out of bounds write in V8 (boo#1097452)\n\n The following tracked packaging changes are included:\n\n - Require ffmpeg >= 4.0 (boo#1095545)\n\n", "edition": 1, "modified": "2018-07-25T15:08:23", "published": "2018-07-25T15:08:23", "id": "OPENSUSE-SU-2018:2054-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00031.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "description": "\nGoogle Chrome Releases reports:\n\n34 security fixes in this release, including:\n\n[835639] High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22\n[840320] High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07\n[818592] High CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico, Inc on 2018-03-05\n[844457] High CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric of Google Project Zero on 2018-05-18\n[842990] High CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang on 2018-05-15\n[841105] High CVE-2018-6128: uXSS in Chrome on iOS. Reported by Tomasz Bojarski on 2018-05-09\n[838672] High CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-01\n[838402] High CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-04-30\n[826434] High CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-27\n[839960] Medium CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald E. Crane on 2018-05-04\n[817247] Medium CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-28\n[797465] Medium CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-12-23\n[823353] Medium CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane on 2018-03-19\n[831943] Medium CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong on 2018-04-12\n[835589] Medium CVE-2018-6137: Leak of visited status of page in Blink. Reported by Michael Smith (spinda.net) on 2018-04-21\n[810220] Medium CVE-2018-6138: Overly permissive policy in Extensions. Reported by Francois Lajeunesse-Robert on 2018-02-08\n[805224] Medium CVE-2018-6139: Restrictions bypass in the debugger extension API. Reported by Rob Wu on 2018-01-24\n[798222] Medium CVE-2018-6140: Restrictions bypass in the debugger extension API. Reported by Rob Wu on 2018-01-01\n[796107] Medium CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang (@dnpushme) and Wanglu of Qihoo360 Qex Team on 2017-12-19\n[837939] Medium CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo Han of Naver Corporation on 2018-04-28\n[843022] Medium CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-15\n[828049] Low CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk on 2018-04-02\n[805924] Low CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato Kinugawa on 2018-01-25\n[818133] Low CVE-2018-6147: Password fields not taking advantage of OS protections in Views. Reported by Michail Pishchagin (Yandex) on 2018-03-02\n[847542] Various fixes from internal audits, fuzzing and other initiatives\n\n\n", "edition": 4, "modified": "2018-05-29T00:00:00", "published": "2018-05-29T00:00:00", "id": "427B0F58-644C-11E8-9E1B-E8E0B747A45A", "href": "https://vuxml.freebsd.org/freebsd/427b0f58-644c-11e8-9e1b-e8e0b747a45a.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6123", "CVE-2018-6124", "CVE-2018-6125", "CVE-2018-6126", "CVE-2018-6127", "CVE-2018-6128", "CVE-2018-6129", "CVE-2018-6130", "CVE-2018-6131", "CVE-2018-6132", "CVE-2018-6133", "CVE-2018-6134", "CVE-2018-6135", "CVE-2018-6136", "CVE-2018-6137", "CVE-2018-6138", "CVE-2018-6139", "CVE-2018-6140", "CVE-2018-6141", "CVE-2018-6142", "CVE-2018-6143", "CVE-2018-6144", "CVE-2018-6145", "CVE-2018-6147", "CVE-2018-6148"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2018-06-20T13:55:31", "published": "2018-06-20T13:55:31", "id": "FEDORA:8B0F360FAFF0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: chromium-67.0.3396.79-1.fc27", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6123", "CVE-2018-6124", "CVE-2018-6125", "CVE-2018-6126", "CVE-2018-6127", "CVE-2018-6128", "CVE-2018-6129", "CVE-2018-6130", "CVE-2018-6131", "CVE-2018-6132", "CVE-2018-6133", "CVE-2018-6134", "CVE-2018-6135", "CVE-2018-6136", "CVE-2018-6137", "CVE-2018-6138", "CVE-2018-6139", "CVE-2018-6140", "CVE-2018-6141", "CVE-2018-6142", "CVE-2018-6143", "CVE-2018-6144", "CVE-2018-6145", "CVE-2018-6147", "CVE-2018-6148"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2018-06-14T19:18:25", "published": "2018-06-14T19:18:25", "id": "FEDORA:0DA04613FFAC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: chromium-67.0.3396.79-1.fc28", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:32:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2018-05-30T00:00:00", "id": "OPENVAS:1361412562310813504", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813504", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop_29-2018-05)-Mac OS X", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop_29-2018-05)-Mac OS X\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813504\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\",\n \"CVE-2018-6127\", \"CVE-2018-6128\", \"CVE-2018-6129\", \"CVE-2018-6130\",\n \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\",\n \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\",\n \"CVE-2018-6139\", \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\",\n \"CVE-2018-6143\", \"CVE-2018-6144\", \"CVE-2018-6145\", \"CVE-2018-6147\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-30 11:46:46 +0530 (Wed, 30 May 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop_29-2018-05)-Mac OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An use after free in Blink.\n\n - Type confusion in Blink.\n\n - Overly permissive policy in WebUSB.\n\n - Heap buffer overflow in Skia.\n\n - Use after free in indexedDB.\n\n - uXSS in Chrome on iOS.\n\n - Out of bounds memory access in WebRTC, V8 and PDFium.\n\n - Incorrect mutability protection in WebAssembly.\n\n - Use of uninitialized memory in WebRTC.\n\n - URL spoof in Omnibox.\n\n - Referrer Policy bypass in Blink.\n\n - UI spoofing in Blink.\n\n - Leak of visited status of page in Blink.\n\n - Overly permissive policy in Extensions.\n\n - Restrictions bypass in the debugger extension API.\n\n - Incorrect escaping of MathML in Blink.\n\n - Password fields not taking advantage of OS protections in Views.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation can potentially\n result in the execution of arbitrary code or even enable full remote code\n execution capabilities and some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 67.0.3396.62\n on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 67.0.3396.62 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html\");\n script_xref(name:\"URL\", value:\"https://www.google.co.in/chrome\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"67.0.3396.62\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"67.0.3396.62\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2018-05-30T00:00:00", "id": "OPENVAS:1361412562310813503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813503", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop_29-2018-05)-Linux", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop_29-2018-05)-Linux\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813503\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\",\n \"CVE-2018-6127\", \"CVE-2018-6128\", \"CVE-2018-6129\", \"CVE-2018-6130\",\n \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\",\n \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\",\n \"CVE-2018-6139\", \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\",\n \"CVE-2018-6143\", \"CVE-2018-6144\", \"CVE-2018-6145\", \"CVE-2018-6147\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-30 11:46:15 +0530 (Wed, 30 May 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop_29-2018-05)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An use after free in Blink.\n\n - Type confusion in Blink.\n\n - Overly permissive policy in WebUSB.\n\n - Heap buffer overflow in Skia.\n\n - Use after free in indexedDB.\n\n - uXSS in Chrome on iOS.\n\n - Out of bounds memory access in WebRTC, V8 and PDFium.\n\n - Incorrect mutability protection in WebAssembly.\n\n - Use of uninitialized memory in WebRTC.\n\n - URL spoof in Omnibox.\n\n - Referrer Policy bypass in Blink.\n\n - UI spoofing in Blink.\n\n - Leak of visited status of page in Blink.\n\n - Overly permissive policy in Extensions.\n\n - Restrictions bypass in the debugger extension API.\n\n - Incorrect escaping of MathML in Blink.\n\n - Password fields not taking advantage of OS protections in Views.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation can potentially\n result in the execution of arbitrary code or even enable full remote code\n execution capabilities and some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 67.0.3396.62\n on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 67.0.3396.62 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html\");\n script_xref(name:\"URL\", value:\"https://www.google.co.in/chrome\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"67.0.3396.62\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"67.0.3396.62\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6148", "CVE-2018-6135", "CVE-2018-6143"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-15T00:00:00", "id": "OPENVAS:1361412562310874678", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874678", "type": "openvas", "title": "Fedora Update for chromium FEDORA-2018-7c80aaef26", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_7c80aaef26_chromium_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for chromium FEDORA-2018-7c80aaef26\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874678\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-15 05:59:24 +0200 (Fri, 15 Jun 2018)\");\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\",\n \"CVE-2018-6127\", \"CVE-2018-6128\", \"CVE-2018-6129\", \"CVE-2018-6130\",\n \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\",\n \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6148\",\n \"CVE-2018-6147\", \"CVE-2018-6145\", \"CVE-2018-6144\", \"CVE-2018-6143\",\n \"CVE-2018-6142\", \"CVE-2018-6141\", \"CVE-2018-6140\", \"CVE-2018-6139\",\n \"CVE-2018-6138\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for chromium FEDORA-2018-7c80aaef26\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"chromium on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7c80aaef26\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDQLVQB572536ED7VKYFV62WTSNYGL75\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~67.0.3396.79~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6148", "CVE-2018-6135", "CVE-2018-6143"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-21T00:00:00", "id": "OPENVAS:1361412562310874714", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874714", "type": "openvas", "title": "Fedora Update for chromium FEDORA-2018-09b59b0227", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_09b59b0227_chromium_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for chromium FEDORA-2018-09b59b0227\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874714\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-21 06:19:31 +0200 (Thu, 21 Jun 2018)\");\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\", \"CVE-2018-6127\", \"CVE-2018-6128\", \"CVE-2018-6129\", \"CVE-2018-6130\", \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\", \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6148\", \"CVE-2018-6147\", \"CVE-2018-6145\", \"CVE-2018-6144\", \"CVE-2018-6143\", \"CVE-2018-6142\", \"CVE-2018-6141\", \"CVE-2018-6140\", \"CVE-2018-6139\", \"CVE-2018-6138\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for chromium FEDORA-2018-09b59b0227\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"chromium on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-09b59b0227\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FIVPSE5MN6YAGKYNI4VQQ5QIKJ4ZMYZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~67.0.3396.79~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2018-05-30T00:00:00", "id": "OPENVAS:1361412562310813505", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813505", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop_29-2018-05)-Windows", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop_29-2018-05)-Windows\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813505\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\",\n \"CVE-2018-6127\", \"CVE-2018-6128\", \"CVE-2018-6129\", \"CVE-2018-6130\",\n \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\",\n \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\",\n \"CVE-2018-6139\", \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\",\n \"CVE-2018-6143\", \"CVE-2018-6144\", \"CVE-2018-6145\", \"CVE-2018-6147\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-30 10:55:29 +0530 (Wed, 30 May 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop_29-2018-05)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An use after free in Blink.\n\n - Type confusion in Blink.\n\n - Overly permissive policy in WebUSB.\n\n - Heap buffer overflow in Skia.\n\n - Use after free in indexedDB.\n\n - uXSS in Chrome on iOS.\n\n - Out of bounds memory access in WebRTC, V8 and PDFium.\n\n - Incorrect mutability protection in WebAssembly.\n\n - Use of uninitialized memory in WebRTC.\n\n - URL spoof in Omnibox.\n\n - Referrer Policy bypass in Blink.\n\n - UI spoofing in Blink.\n\n - Leak of visited status of page in Blink.\n\n - Overly permissive policy in Extensions.\n\n - Restrictions bypass in the debugger extension API.\n\n - Incorrect escaping of MathML in Blink.\n\n - Password fields not taking advantage of OS protections in Views.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation can potentially\n result in the execution of arbitrary code or even enable full remote code\n execution capabilities and some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 67.0.3396.62\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 67.0.3396.62 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html\");\n script_xref(name:\"URL\", value:\"https://www.google.co.in/chrome\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"67.0.3396.62\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"67.0.3396.62\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T16:44:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6135", "CVE-2018-6143"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2018-06-05T00:00:00", "id": "OPENVAS:1361412562310851772", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851772", "type": "openvas", "title": "openSUSE: Security Advisory for chromium (openSUSE-SU-2018:1484-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851772\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-05 14:03:22 +0530 (Tue, 05 Jun 2018)\");\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\",\n \"CVE-2018-6127\", \"CVE-2018-6128\", \"CVE-2018-6129\", \"CVE-2018-6130\",\n \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\",\n \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\",\n \"CVE-2018-6139\", \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\",\n \"CVE-2018-6143\", \"CVE-2018-6144\", \"CVE-2018-6145\", \"CVE-2018-6147\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for chromium (openSUSE-SU-2018:1484-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for chromium to version 66.0.3359.181 fixes the following\n issues:\n\n The following security issues were fixed (boo#1095163):\n\n * CVE-2018-6123: Use after free in Blink.\n\n * CVE-2018-6124: Type confusion in Blink.\n\n * CVE-2018-6125: Overly permissive policy in WebUSB.\n\n * CVE-2018-6126: Heap buffer overflow in Skia.\n\n * CVE-2018-6127: Use after free in indexedDB.\n\n * CVE-2018-6128: uXSS in Chrome on iOS.\n\n * CVE-2018-6129: Out of bounds memory access in WebRTC.\n\n * CVE-2018-6130: Out of bounds memory access in WebRTC.\n\n * CVE-2018-6131: Incorrect mutability protection in WebAssembly.\n\n * CVE-2018-6132: Use of uninitialized memory in WebRTC.\n\n * CVE-2018-6133: URL spoof in Omnibox.\n\n * CVE-2018-6134: Referrer Policy bypass in Blink.\n\n * CVE-2018-6135: UI spoofing in Blink.\n\n * CVE-2018-6136: Out of bounds memory access in V8.\n\n * CVE-2018-6137: Leak of visited status of page in Blink.\n\n * CVE-2018-6138: Overly permissive policy in Extensions.\n\n * CVE-2018-6139: Restrictions bypass in the debugger extension API.\n\n * CVE-2018-6140: Restrictions bypass in the debugger extension API.\n\n * CVE-2018-6141: Heap buffer overflow in Skia.\n\n * CVE-2018-6142: Out of bounds memory access in V8.\n\n * CVE-2018-6143: Out of bounds memory access in V8.\n\n * CVE-2018-6144: Out of bounds memory access in PDFium.\n\n * CVE-2018-6145: Incorrect escaping of MathML in Blink.\n\n * CVE-2018-6147: Password fields not taking advantage of OS protections in\n Views.\n\n Additional changes:\n\n * Autoplay: Force enable on desktop for Web Audio\n\n This update enables the 'Strict site isolation' feature for a larger\n percentage of users. This feature is a mitigation against the Spectre\n vulnerabilities. It can be turned on via:\n chrome://flags/#enable-site-per-process It can be disabled via:\n chrome://flags/#site-isolation-trial-opt-out\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-546=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-546=1\");\n\n script_tag(name:\"affected\", value:\"chromium on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1484-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00000.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~67.0.3396.62~161.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~67.0.3396.62~161.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~67.0.3396.62~161.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~67.0.3396.62~161.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~67.0.3396.62~161.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T16:43:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6128", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6149", "CVE-2018-6148", "CVE-2018-6135", "CVE-2018-6143"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2018-07-26T00:00:00", "id": "OPENVAS:1361412562310851821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851821", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:2055-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851821\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-26 06:00:59 +0200 (Thu, 26 Jul 2018)\");\n script_cve_id(\"CVE-2018-6123\", \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\",\n \"CVE-2018-6127\", \"CVE-2018-6128\", \"CVE-2018-6129\", \"CVE-2018-6130\",\n \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\",\n \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\",\n \"CVE-2018-6139\", \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\",\n \"CVE-2018-6143\", \"CVE-2018-6144\", \"CVE-2018-6145\", \"CVE-2018-6147\",\n \"CVE-2018-6148\", \"CVE-2018-6149\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:2055-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for Chromium to version 67.0.3396.99 fixes multiple issues.\n\n Security issues fixed (bsc#1095163):\n\n - CVE-2018-6123: Use after free in Blink\n\n - CVE-2018-6124: Type confusion in Blink\n\n - CVE-2018-6125: Overly permissive policy in WebUSB\n\n - CVE-2018-6126: Heap buffer overflow in Skia\n\n - CVE-2018-6127: Use after free in indexedDB\n\n - CVE-2018-6129: Out of bounds memory access in WebRTC\n\n - CVE-2018-6130: Out of bounds memory access in WebRTC\n\n - CVE-2018-6131: Incorrect mutability protection in WebAssembly\n\n - CVE-2018-6132: Use of uninitialized memory in WebRTC\n\n - CVE-2018-6133: URL spoof in Omnibox\n\n - CVE-2018-6134: Referrer Policy bypass in Blink\n\n - CVE-2018-6135: UI spoofing in Blink\n\n - CVE-2018-6136: Out of bounds memory access in V8\n\n - CVE-2018-6137: Leak of visited status of page in Blink\n\n - CVE-2018-6138: Overly permissive policy in Extensions\n\n - CVE-2018-6139: Restrictions bypass in the debugger extension API\n\n - CVE-2018-6140: Restrictions bypass in the debugger extension API\n\n - CVE-2018-6141: Heap buffer overflow in Skia\n\n - CVE-2018-6142: Out of bounds memory access in V8\n\n - CVE-2018-6143: Out of bounds memory access in V8\n\n - CVE-2018-6144: Out of bounds memory access in PDFium\n\n - CVE-2018-6145: Incorrect escaping of MathML in Blink\n\n - CVE-2018-6147: Password fields not taking advantage of OS protections in\n Views\n\n - CVE-2018-6148: Incorrect handling of CSP header (boo#1096508)\n\n - CVE-2018-6149: Out of bounds write in V8 (boo#1097452)\n\n The following tracked packaging changes are included:\n\n - Require ffmpeg = 4.0 (boo#1095545)\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-759=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-759=1\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2055-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-07/msg00032.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~67.0.3396.99~161.4\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~67.0.3396.99~161.4\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~67.0.3396.99~161.4\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~67.0.3396.99~161.4\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~67.0.3396.99~161.4\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-04T18:55:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6120", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6118", "CVE-2018-6122", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6121", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6149", "CVE-2018-6148", "CVE-2018-6135", "CVE-2018-6143"], "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-6118\nNed Williamson discovered a use-after-free issue.\n\nCVE-2018-6120\nZhou Aiting discovered a buffer overflow issue in the pdfium library.\n\nCVE-2018-6121\nIt was discovered that malicious extensions could escalate privileges.\n\nCVE-2018-6122\nA type confusion issue was discovered in the v8 javascript library.\n\nCVE-2018-6123\nLooben Yang discovered a use-after-free issue.\n\nCVE-2018-6124\nGuang Gong discovered a type confusion issue.\n\nCVE-2018-6125\nYubico discovered that the WebUSB implementation was too permissive.\n\nCVE-2018-6126\nIvan Fratric discovered a buffer overflow issue in the skia library.\n\nCVE-2018-6127\nLooben Yang discovered a use-after-free issue.\n\nCVE-2018-6129\nNatalie Silvanovich discovered an out-of-bounds read issue in WebRTC.\n\nCVE-2018-6130\nNatalie Silvanovich discovered an out-of-bounds read issue in WebRTC.\n\nCVE-2018-6131\nNatalie Silvanovich discovered an error in WebAssembly.\n\nCVE-2018-6132\nRonald E. Crane discovered an uninitialized memory issue.\n\nCVE-2018-6133\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-6134\nJun Kokatsu discovered a way to bypass the Referrer Policy.\n\nCVE-2018-6135\nJasper Rebane discovered a user interface spoofing issue.\n\nCVE-2018-6136\nPeter Wong discovered an out-of-bounds read issue in the v8 javascript\nlibrary.\n\nCVE-2018-6137\nMichael Smith discovered an information leak.\n\nCVE-2018-6138\nFran\u00e7ois Lajeunesse-Robert discovered that the extensions policy was\ntoo permissive.\n\nCVE-2018-6139\nRob Wu discovered a way to bypass restrictions in the debugger extension.\n\nCVE-2018-6140\nRob Wu discovered a way to bypass restrictions in the debugger extension.\n\nCVE-2018-6141\nYangkang discovered a buffer overflow issue in the skia library.\n\nCVE-2018-6142\nChoongwoo Han discovered an out-of-bounds read in the v8 javascript\nlibrary.\n\nCVE-2018-6143\nGuang Gong discovered an out-of-bounds read in the v8 javascript library.\n\nCVE-2018-6144\npdknsk discovered an out-of-bounds read in the pdfium library.\n\nCVE-2018-6145\nMasato Kinugawa discovered an error in the MathML implementation.\n\nCVE-2018-6147\nMichail Pishchagin discovered an error in password entry fields.\n\nCVE-2018-6148\nMicha? Bentkowski discovered that the Content Security Policy header\nwas handled incorrectly.\n\nCVE-2018-6149\nYu Zhou and Jundong Xie discovered an out-of-bounds write issue in the\nv8 javascript library.", "modified": "2019-07-04T00:00:00", "published": "2018-06-30T00:00:00", "id": "OPENVAS:1361412562310704237", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704237", "type": "openvas", "title": "Debian Security Advisory DSA 4237-1 (chromium-browser - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4237-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704237\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-6118\", \"CVE-2018-6120\", \"CVE-2018-6121\", \"CVE-2018-6122\", \"CVE-2018-6123\",\n \"CVE-2018-6124\", \"CVE-2018-6125\", \"CVE-2018-6126\", \"CVE-2018-6127\", \"CVE-2018-6129\",\n \"CVE-2018-6130\", \"CVE-2018-6131\", \"CVE-2018-6132\", \"CVE-2018-6133\", \"CVE-2018-6134\",\n \"CVE-2018-6135\", \"CVE-2018-6136\", \"CVE-2018-6137\", \"CVE-2018-6138\", \"CVE-2018-6139\",\n \"CVE-2018-6140\", \"CVE-2018-6141\", \"CVE-2018-6142\", \"CVE-2018-6143\", \"CVE-2018-6144\",\n \"CVE-2018-6145\", \"CVE-2018-6147\", \"CVE-2018-6148\", \"CVE-2018-6149\");\n script_name(\"Debian Security Advisory DSA 4237-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-30 00:00:00 +0200 (Sat, 30 Jun 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4237.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 67.0.3396.87-1~deb9u1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/chromium-browser\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-6118\nNed Williamson discovered a use-after-free issue.\n\nCVE-2018-6120\nZhou Aiting discovered a buffer overflow issue in the pdfium library.\n\nCVE-2018-6121\nIt was discovered that malicious extensions could escalate privileges.\n\nCVE-2018-6122\nA type confusion issue was discovered in the v8 javascript library.\n\nCVE-2018-6123\nLooben Yang discovered a use-after-free issue.\n\nCVE-2018-6124\nGuang Gong discovered a type confusion issue.\n\nCVE-2018-6125\nYubico discovered that the WebUSB implementation was too permissive.\n\nCVE-2018-6126\nIvan Fratric discovered a buffer overflow issue in the skia library.\n\nCVE-2018-6127\nLooben Yang discovered a use-after-free issue.\n\nCVE-2018-6129\nNatalie Silvanovich discovered an out-of-bounds read issue in WebRTC.\n\nCVE-2018-6130\nNatalie Silvanovich discovered an out-of-bounds read issue in WebRTC.\n\nCVE-2018-6131\nNatalie Silvanovich discovered an error in WebAssembly.\n\nCVE-2018-6132\nRonald E. Crane discovered an uninitialized memory issue.\n\nCVE-2018-6133\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-6134\nJun Kokatsu discovered a way to bypass the Referrer Policy.\n\nCVE-2018-6135\nJasper Rebane discovered a user interface spoofing issue.\n\nCVE-2018-6136\nPeter Wong discovered an out-of-bounds read issue in the v8 javascript\nlibrary.\n\nCVE-2018-6137\nMichael Smith discovered an information leak.\n\nCVE-2018-6138\nFran\u00e7ois Lajeunesse-Robert discovered that the extensions policy was\ntoo permissive.\n\nCVE-2018-6139\nRob Wu discovered a way to bypass restrictions in the debugger extension.\n\nCVE-2018-6140\nRob Wu discovered a way to bypass restrictions in the debugger extension.\n\nCVE-2018-6141\nYangkang discovered a buffer overflow issue in the skia library.\n\nCVE-2018-6142\nChoongwoo Han discovered an out-of-bounds read in the v8 javascript\nlibrary.\n\nCVE-2018-6143\nGuang Gong discovered an out-of-bounds read in the v8 javascript library.\n\nCVE-2018-6144\npdknsk discovered an out-of-bounds read in the pdfium library.\n\nCVE-2018-6145\nMasato Kinugawa discovered an error in the MathML implementation.\n\nCVE-2018-6147\nMichail Pishchagin discovered an error in password entry fields.\n\nCVE-2018-6148\nMicha? Bentkowski discovered that the Content Security Policy header\nwas handled incorrectly.\n\nCVE-2018-6149\nYu Zhou and Jundong Xie discovered an out-of-bounds write issue in the\nv8 javascript library.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"chromedriver\", ver:\"67.0.3396.87-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium\", ver:\"67.0.3396.87-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-driver\", ver:\"67.0.3396.87-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"67.0.3396.87-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-shell\", ver:\"67.0.3396.87-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-widevine\", ver:\"67.0.3396.87-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:23:01", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6130", "CVE-2018-6138", "CVE-2018-6125", "CVE-2018-6129", "CVE-2018-6120", "CVE-2018-6139", "CVE-2018-6144", "CVE-2018-6134", "CVE-2018-6131", "CVE-2018-6124", "CVE-2018-6142", "CVE-2018-6136", "CVE-2018-6133", "CVE-2018-6118", "CVE-2018-6122", "CVE-2018-6141", "CVE-2018-6140", "CVE-2018-6137", "CVE-2018-6127", "CVE-2018-6147", "CVE-2018-6123", "CVE-2018-6145", "CVE-2018-6121", "CVE-2018-6132", "CVE-2018-6126", "CVE-2018-6149", "CVE-2018-6148", "CVE-2018-6135", "CVE-2018-6143"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4237-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJune 30, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2018-6118 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122\n CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126\n CVE-2018-6127 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131\n CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135\n CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 CVE-2018-6139\n CVE-2018-6140 CVE-2018-6141 CVE-2018-6142 CVE-2018-6143\n CVE-2018-6144 CVE-2018-6145 CVE-2018-6147 CVE-2018-6148\n CVE-2018-6149\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-6118\n\n Ned Williamson discovered a use-after-free issue.\n\nCVE-2018-6120\n\n Zhou Aiting discovered a buffer overflow issue in the pdfium library.\n\nCVE-2018-6121\n\n It was discovered that malicious extensions could escalate privileges.\n\nCVE-2018-6122\n\n A type confusion issue was discovered in the v8 javascript library.\n\nCVE-2018-6123\n\n Looben Yang discovered a use-after-free issue.\n\nCVE-2018-6124\n\n Guang Gong discovered a type confusion issue.\n\nCVE-2018-6125\n\n Yubico discovered that the WebUSB implementation was too permissive.\n\nCVE-2018-6126\n\n Ivan Fratric discovered a buffer overflow issue in the skia library.\n\nCVE-2018-6127\n\n Looben Yang discovered a use-after-free issue.\n\nCVE-2018-6129\n\n Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.\n\nCVE-2018-6130\n\n Natalie Silvanovich discovered an out-of-bounds read issue in WebRTC.\n\nCVE-2018-6131\n\n Natalie Silvanovich discovered an error in WebAssembly.\n\nCVE-2018-6132\n\n Ronald E. Crane discovered an uninitialized memory issue.\n\nCVE-2018-6133\n\n Khalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-6134\n\n Jun Kokatsu discovered a way to bypass the Referrer Policy.\n\nCVE-2018-6135\n\n Jasper Rebane discovered a user interface spoofing issue.\n\nCVE-2018-6136\n\n Peter Wong discovered an out-of-bounds read issue in the v8 javascript\n library.\n\nCVE-2018-6137\n\n Michael Smith discovered an information leak.\n\nCVE-2018-6138\n\n Fran\u00e7ois Lajeunesse-Robert discovered that the extensions policy was\n too permissive.\n\nCVE-2018-6139\n\n Rob Wu discovered a way to bypass restrictions in the debugger extension.\n\nCVE-2018-6140\n\n Rob Wu discovered a way to bypass restrictions in the debugger extension.\n\nCVE-2018-6141\n\n Yangkang discovered a buffer overflow issue in the skia library.\n\nCVE-2018-6142\n\n Choongwoo Han discovered an out-of-bounds read in the v8 javascript\n library.\n\nCVE-2018-6143\n\n Guang Gong discovered an out-of-bounds read in the v8 javascript library.\n\nCVE-2018-6144\n\n pdknsk discovered an out-of-bounds read in the pdfium library.\n\nCVE-2018-6145\n\n Masato Kinugawa discovered an error in the MathML implementation.\n\nCVE-2018-6147\n\n Michail Pishchagin discovered an error in password entry fields.\n\nCVE-2018-6148\n\n Micha\u0142 Bentkowski discovered that the Content Security Policy header\n was handled incorrectly.\n\nCVE-2018-6149\n\n Yu Zhou and Jundong Xie discovered an out-of-bounds write issue in the\n v8 javascript library.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 67.0.3396.87-1~deb9u1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFor the detailed security status of chromium-browser please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium-browser\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 5, "modified": "2018-07-01T01:01:06", "published": "2018-07-01T01:01:06", "id": "DEBIAN:DSA-4237-1:5AD61", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00166.html", "title": "[SECURITY] [DSA 4237-1] chromium-browser security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
