Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-3637-1:68841
HistoryJul 31, 2016 - 9:08 p.m.

[SECURITY] [DSA 3637-1] chromium-browser security update

2016-07-3121:08:37
lists.debian.org
19

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.2%

JSON

Debian Security Advisory DSA-3637-1 [email protected]
https://www.debian.org/security/ Michael Gilbert
July 31, 2016 https://www.debian.org/security/faq

Package : chromium-browser
CVE ID : CVE-2016-1704 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707
CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711
CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130
CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134
CVE-2016-5135 CVE-2016-5136 CVE-2016-5137

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1704

The chrome development team found and fixed various issues during
internal auditing.

CVE-2016-1705

The chrome development team found and fixed various issues during
internal auditing.

CVE-2016-1706

Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox.

CVE-2016-1707

xisigr discovered a URL spoofing issue.

CVE-2016-1708

Adam Varsan discovered a use-after-free issue.

CVE-2016-1709

ChenQin a buffer overflow issue in the sfntly library.

CVE-2016-1710

Mariusz Mlynski discovered a same-origin bypass.

CVE-2016-1711

Mariusz Mlynski discovered another same-origin bypass.

CVE-2016-5127

cloudfuzzer discovered a use-after-free issue.

CVE-2016-5128

A same-origin bypass issue was discovered in the v8 javascript library.

CVE-2016-5129

Jeonghoon Shin discovered a memory corruption issue in the v8 javascript
library.

CVE-2016-5130

Widih Matar discovered a URL spoofing issue.

CVE-2016-5131

Nick Wellnhofer discovered a use-after-free issue in the libxml2 library.

CVE-2016-5132

Ben Kelly discovered a same-origin bypass.

CVE-2016-5133

Patch Eudor discovered an issue in proxy authentication.

CVE-2016-5134

Paul Stone discovered an information leak in the Proxy Auto-Config
feature.

CVE-2016-5135

ShenYeYinJiu discovered a way to bypass the Content Security Policy.

CVE-2016-5136

Rob Wu discovered a use-after-free issue.

CVE-2016-5137

Xiaoyin Liu discovered a way to discover whether an HSTS web side had been
visited.

For the stable distribution (jessie), these problems have been fixed in
version 52.0.2743.82-1~deb8u1.

For the testing (stretch) and unstable (sid) distributions, these problems
have been fixed in version 52.0.2743.82-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8allchromium-inspector< 52.0.2743.82-1~deb8u1chromium-inspector_52.0.2743.82-1~deb8u1_all.deb
Debian8allchromium-browser< 52.0.2743.82-1~deb8u1chromium-browser_52.0.2743.82-1~deb8u1_all.deb
Debian8i386chromium-dbg< 52.0.2743.82-1~deb8u1chromium-dbg_52.0.2743.82-1~deb8u1_i386.deb
Debian8amd64chromedriver< 52.0.2743.82-1~deb8u1chromedriver_52.0.2743.82-1~deb8u1_amd64.deb
Debian8allchromium-l10n< 52.0.2743.82-1~deb8u1chromium-l10n_52.0.2743.82-1~deb8u1_all.deb
Debian8i386chromedriver< 52.0.2743.82-1~deb8u1chromedriver_52.0.2743.82-1~deb8u1_i386.deb
Debian8amd64chromium< 52.0.2743.82-1~deb8u1chromium_52.0.2743.82-1~deb8u1_amd64.deb
Debian8amd64chromium-dbg< 52.0.2743.82-1~deb8u1chromium-dbg_52.0.2743.82-1~deb8u1_amd64.deb
Debian8i386chromium< 52.0.2743.82-1~deb8u1chromium_52.0.2743.82-1~deb8u1_i386.deb

Related

openvas 21
osv 3
nessus 32
suse 7
chrome 2
debian 4
threatpost 1
redhat 3
kaspersky 2
archlinux 3
freebsd 2
ubuntu 3
mageia 2
redhatcve 18
ubuntucve 19
debiancve 19
prion 19
cve 19
seebug 2
veracode 2
alpinelinux 2
cert 1
ibm 7
rubygems 1
gentoo 1
cloudfoundry 1
fedora 2
centos 1
openvas
openvas
Debian Security Advisory DSA 3637-1 (chromium-browser - security update)
2016-08-04 00:00:00
Debian Security Advisory DSA 3637-1 (chromium-browser - security update)
2016-08-04 00:00:00
Google Chrome Security Updates(stable-channel-update-2016-07)-MAC OS X
2016-07-22 00:00:00
osv
osv
chromium-browser - security update
2016-07-31 00:00:00
CVE-2016-5129
2016-07-23 19:59:00
libxml2 - security update
2016-10-31 00:00:00
nessus
nessus
Debian DSA-3637-1 : chromium-browser - security update
2016-08-02 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec)
2016-07-25 00:00:00
Google Chrome < 52.0.2743.82 Multiple Vulnerabilities
2016-07-29 00:00:00
suse
suse
Security update for Chromium (important)
2016-07-31 21:08:18
Security update for Chromium (important)
2016-07-25 15:10:21
Security update for Chromium (important)
2016-07-25 15:10:08
chrome
chrome
Stable Channel Update
2016-07-20 00:00:00
Stable Channel Update
2016-06-16 00:00:00
debian
debian
[SECURITY] [DSA 3637-1] chromium-browser security update
2016-07-31 21:08:37
[SECURITY] [DSA 3744-1] libxml2 security update
2016-12-23 18:31:42
[SECURITY] [DSA 3744-1] libxml2 security update
2016-12-23 18:31:42
threatpost
threatpost
Google Fixes 48 Bugs, Sandbox Escape, in Chrome
2016-07-21 17:04:50
redhat
redhat
(RHSA-2016:1485) Important: chromium-browser security update
2016-07-26 05:05:36
(RHSA-2016:1262) Important: chromium-browser security update
2016-06-20 19:18:07
(RHSA-2020:1190) Moderate: libxml2 security update
2020-03-31 09:30:25
kaspersky
kaspersky
KLA10846 Multiple vulnerabilities in Google Chrome
2016-07-20 00:00:00
KLA10833 Multiple unknown vulnerabilities in Google Chrome
2016-06-15 00:00:00
archlinux
archlinux
chromium: multiple issues
2016-07-24 00:00:00
chromium: arbitrary code execution
2016-06-25 00:00:00
[ASA-201611-2] libxml2: arbitrary code execution
2016-11-01 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2016-07-20 00:00:00
chromium -- multiple vulnerabilities
2016-06-16 00:00:00
ubuntu
ubuntu
Oxide vulnerabilities
2016-08-05 00:00:00
Oxide vulnerabilities
2016-06-30 00:00:00
libxml2 vulnerabilities
2017-03-16 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2016-08-03 13:57:01
Updated chromium-browser-stable packages fix security vulnerabilities
2016-06-22 19:36:39
redhatcve
redhatcve
CVE-2016-5136
2016-07-21 08:19:31
CVE-2016-5128
2016-07-21 08:18:30
CVE-2016-1706
2016-07-21 08:19:52
ubuntucve
ubuntucve
CVE-2016-5136
2016-07-23 00:00:00
CVE-2016-5133
2016-07-23 00:00:00
CVE-2016-5128
2016-07-23 00:00:00
debiancve
debiancve
CVE-2016-5136
2016-07-23 19:59:00
CVE-2016-5132
2016-07-23 19:59:00
CVE-2016-1704
2016-07-03 21:59:00
prion
prion
Design/Logic Flaw
2016-07-23 19:59:00
Information disclosure
2016-07-23 19:59:00
Code injection
2016-07-23 19:59:00
cve
cve
CVE-2016-5136
2016-07-23 19:59:00
CVE-2016-5128
2016-07-23 19:59:00
CVE-2016-5132
2016-07-23 19:59:00
seebug
seebug
Chrome Address Bar URL Spoofing on IOS
2016-10-11 00:00:00
Chrome Universal XSS via same document navigations (CVE-2016-1711)
2017-04-21 00:00:00
veracode
veracode
Use-after Free
2020-04-01 00:39:15
Copy-Paste Vulnerability (CPV) Through Libxml2
2017-03-23 01:10:27
alpinelinux
alpinelinux
CVE-2016-5131
2016-07-23 19:59:00
CVE-2016-5129
2016-07-23 19:59:00
cert
cert
Proxy auto-config (PAC) files have access to full HTTPS URLs
2016-08-04 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution and denial of service due to CVE-2017-15412 and CVE-2016-5131
2022-11-07 16:09:57
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libxml2 (CVE-2017-5130 CVE-2017-15412 CVE-2016-5131)
2023-12-07 22:31:02
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in libxml/libxml2
2023-12-07 22:31:02
rubygems
rubygems
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
2017-03-10 21:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2016-10-29 00:00:00
cloudfoundry
cloudfoundry
USN-3235-1: libxml2 vulnerabilities | Cloud Foundry
2017-03-31 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: libxml2-2.9.7-1.fc26
2018-02-14 17:11:02
[SECURITY] Fedora 27 Update: libxml2-2.9.7-1.fc27
2018-01-30 18:12:24
centos
centos
libxml2 security update
2020-04-08 18:42:56

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.2%

JSON
Related for DEBIAN:DSA-3637-1:68841
openvas21osv3nessus32suse7chrome2debian4threatpost1redhat3kaspersky2archlinux3freebsd2ubuntu3mageia2redhatcve18ubuntucve19debiancve19prion19cve19seebug2veracode2alpinelinux2cert1ibm7rubygems1gentoo1cloudfoundry1fedora2centos1