ID GLSA-201811-10 Type gentoo Reporter Gentoo Foundation Modified 2018-11-23T00:00:00
Description
Background
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Description
Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details.
Impact
A remote attacker could execute arbitrary code, escalate privileges, cause a heap buffer overflow, obtain sensitive information, or spoof a URL.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version:
{"nessus": [{"lastseen": "2021-02-13T11:07:34", "description": "The remote host is affected by the vulnerability described in GLSA-201811-10\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the referenced CVE identifiers and Google Chrome\n Releases for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code, escalate privileges,\n cause a heap buffer overflow, obtain sensitive information, or spoof a\n URL.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 13, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-11-26T00:00:00", "title": "GLSA-201811-10 : Chromium: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-17464", "CVE-2018-16080", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-16088", "CVE-2018-16087", "CVE-2018-16067", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-17463", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16072", "CVE-2018-16066", "CVE-2018-17477", "CVE-2018-16070", "CVE-2018-17469", "CVE-2018-16076", "CVE-2018-16074", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2018-11-26T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-201811-10.NASL", "href": "https://www.tenable.com/plugins/nessus/119130", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201811-10.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119130);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/12\");\n\n script_cve_id(\"CVE-2018-16065\", \"CVE-2018-16066\", \"CVE-2018-16067\", \"CVE-2018-16068\", \"CVE-2018-16069\", \"CVE-2018-16070\", \"CVE-2018-16071\", \"CVE-2018-16072\", \"CVE-2018-16073\", \"CVE-2018-16074\", \"CVE-2018-16075\", \"CVE-2018-16076\", \"CVE-2018-16077\", \"CVE-2018-16078\", \"CVE-2018-16079\", \"CVE-2018-16080\", \"CVE-2018-16081\", \"CVE-2018-16082\", \"CVE-2018-16083\", \"CVE-2018-16084\", \"CVE-2018-16085\", \"CVE-2018-16086\", \"CVE-2018-16087\", \"CVE-2018-16088\", \"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_xref(name:\"GLSA\", value:\"201811-10\");\n\n script_name(english:\"GLSA-201811-10 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201811-10\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the referenced CVE identifiers and Google Chrome\n Releases for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code, escalate privileges,\n cause a heap buffer overflow, obtain sensitive information, or spoof a\n URL.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201811-10\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-70.0.3538.67'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 70.0.3538.67\"), vulnerable:make_list(\"lt 70.0.3538.67\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T03:21:34", "description": "The version of Google Chrome installed on the remote Windows host is\nprior to 69.0.3497.81. It is, therefore, affected by multiple\nvulnerabilities as noted in Google Chrome stable channel update\nrelease notes for 2018/09/04. Please refer to the release notes for\nadditional information. Note that Nessus has not attempted to exploit\nthese issues but has instead relied only on the application's self-\nreported version number.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-09-06T00:00:00", "title": "Google Chrome < 69.0.3497.81 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16088", "CVE-2018-16087", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16084", "CVE-2018-16072", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_69_0_3497_81.NASL", "href": "https://www.tenable.com/plugins/nessus/117333", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117333);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-16065\",\n \"CVE-2018-16067\",\n \"CVE-2018-16068\",\n \"CVE-2018-16070\",\n \"CVE-2018-16071\",\n \"CVE-2018-16072\",\n \"CVE-2018-16073\",\n \"CVE-2018-16074\",\n \"CVE-2018-16075\",\n \"CVE-2018-16076\",\n \"CVE-2018-16077\",\n \"CVE-2018-16078\",\n \"CVE-2018-16079\",\n \"CVE-2018-16080\",\n \"CVE-2018-16081\",\n \"CVE-2018-16082\",\n \"CVE-2018-16083\",\n \"CVE-2018-16084\",\n \"CVE-2018-16085\",\n \"CVE-2018-16086\",\n \"CVE-2018-16087\",\n \"CVE-2018-16088\"\n );\n\n script_name(english:\"Google Chrome < 69.0.3497.81 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 69.0.3497.81. It is, therefore, affected by multiple\nvulnerabilities as noted in Google Chrome stable channel update\nrelease notes for 2018/09/04. Please refer to the release notes for\nadditional information. Note that Nessus has not attempted to exploit\nthese issues but has instead relied only on the application's self-\nreported version number.\");\n # https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?424454d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 69.0.3497.81 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16085\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'69.0.3497.81', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T03:49:07", "description": "The version of Google Chrome installed on the remote macOS host is\nprior to 69.0.3497.81. It is, therefore, affected by multiple\nvulnerabilities as noted in Google Chrome stable channel update\nrelease notes for 2018/09/04. Please refer to the release notes for\nadditional information. Note that Nessus has not attempted to exploit\nthese issues but has instead relied only on the application's self-\nreported version number.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-09-06T00:00:00", "title": "Google Chrome < 69.0.3497.81 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16088", "CVE-2018-16087", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16084", "CVE-2018-16072", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_69_0_3497_81.NASL", "href": "https://www.tenable.com/plugins/nessus/117332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117332);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-16065\",\n \"CVE-2018-16067\",\n \"CVE-2018-16068\",\n \"CVE-2018-16070\",\n \"CVE-2018-16071\",\n \"CVE-2018-16072\",\n \"CVE-2018-16073\",\n \"CVE-2018-16074\",\n \"CVE-2018-16075\",\n \"CVE-2018-16076\",\n \"CVE-2018-16077\",\n \"CVE-2018-16078\",\n \"CVE-2018-16079\",\n \"CVE-2018-16080\",\n \"CVE-2018-16081\",\n \"CVE-2018-16082\",\n \"CVE-2018-16083\",\n \"CVE-2018-16084\",\n \"CVE-2018-16085\",\n \"CVE-2018-16086\",\n \"CVE-2018-16087\",\n \"CVE-2018-16088\"\n );\n\n script_name(english:\"Google Chrome < 69.0.3497.81 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by\nmultiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is\nprior to 69.0.3497.81. It is, therefore, affected by multiple\nvulnerabilities as noted in Google Chrome stable channel update\nrelease notes for 2018/09/04. Please refer to the release notes for\nadditional information. Note that Nessus has not attempted to exploit\nthese issues but has instead relied only on the application's self-\nreported version number.\");\n # https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?424454d5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 69.0.3497.81 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16085\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'69.0.3497.81', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T20:17:34", "description": "An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 69.0.3497.81.\n\nSecurity Fix(es) :\n\n* chromium-browser: Out of bounds write in V8 (CVE-2018-16065)\n\n* chromium-browser: Out of bounds read in Blink (CVE-2018-16066)\n\n* chromium-browser: Out of bounds read in WebAudio (CVE-2018-16067)\n\n* chromium-browser: Out of bounds write in Mojo (CVE-2018-16068)\n\n* chromium-browser: Out of bounds read in SwiftShader (CVE-2018-16069)\n\n* chromium-browser: Integer overflow in Skia (CVE-2018-16070)\n\n* chromium-browser: Use after free in WebRTC (CVE-2018-16071)\n\n* chromium-browser: Site Isolation bypass after tab restore\n(CVE-2018-16073)\n\n* chromium-browser: Site Isolation bypass using Blob URLS\n(CVE-2018-16074)\n\n* chromium-browser: Local file access in Blink (CVE-2018-16075)\n\n* chromium-browser: Out of bounds read in PDFium (CVE-2018-16076)\n\n* chromium-browser: Content security policy bypass in Blink\n(CVE-2018-16077)\n\n* chromium-browser: Credit card information leak in Autofill\n(CVE-2018-16078)\n\n* chromium-browser: URL spoof in permission dialogs (CVE-2018-16079)\n\n* chromium-browser: URL spoof in full screen mode (CVE-2018-16080)\n\n* chromium-browser: Local file access in DevTools (CVE-2018-16081)\n\n* chromium-browser: Stack buffer overflow in SwiftShader\n(CVE-2018-16082)\n\n* chromium-browser: Out of bounds read in WebRTC (CVE-2018-16083)\n\n* chromium-browser: User confirmation bypass in external protocol\nhandling (CVE-2018-16084)\n\n* chromium-browser: Use after free in Memory Instrumentation\n(CVE-2018-16085)\n\n* chromium-browser: Script injection in New Tab Page (CVE-2018-16086)\n\n* chromium-browser: Multiple download restriction bypass\n(CVE-2018-16087)\n\n* chromium-browser: User gesture requirement bypass (CVE-2018-16088)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.", "edition": 16, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-09-12T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2018:2666)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16088", "CVE-2018-16087", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16066", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "modified": "2018-09-12T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "p-cpe:/a:redhat:enterprise_linux:chromium-browser", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-2666.NASL", "href": "https://www.tenable.com/plugins/nessus/117447", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2666. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117447);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2018-16065\", \"CVE-2018-16066\", \"CVE-2018-16067\", \"CVE-2018-16068\", \"CVE-2018-16069\", \"CVE-2018-16070\", \"CVE-2018-16071\", \"CVE-2018-16073\", \"CVE-2018-16074\", \"CVE-2018-16075\", \"CVE-2018-16076\", \"CVE-2018-16077\", \"CVE-2018-16078\", \"CVE-2018-16079\", \"CVE-2018-16080\", \"CVE-2018-16081\", \"CVE-2018-16082\", \"CVE-2018-16083\", \"CVE-2018-16084\", \"CVE-2018-16085\", \"CVE-2018-16086\", \"CVE-2018-16087\", \"CVE-2018-16088\");\n script_xref(name:\"RHSA\", value:\"2018:2666\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2018:2666)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 69.0.3497.81.\n\nSecurity Fix(es) :\n\n* chromium-browser: Out of bounds write in V8 (CVE-2018-16065)\n\n* chromium-browser: Out of bounds read in Blink (CVE-2018-16066)\n\n* chromium-browser: Out of bounds read in WebAudio (CVE-2018-16067)\n\n* chromium-browser: Out of bounds write in Mojo (CVE-2018-16068)\n\n* chromium-browser: Out of bounds read in SwiftShader (CVE-2018-16069)\n\n* chromium-browser: Integer overflow in Skia (CVE-2018-16070)\n\n* chromium-browser: Use after free in WebRTC (CVE-2018-16071)\n\n* chromium-browser: Site Isolation bypass after tab restore\n(CVE-2018-16073)\n\n* chromium-browser: Site Isolation bypass using Blob URLS\n(CVE-2018-16074)\n\n* chromium-browser: Local file access in Blink (CVE-2018-16075)\n\n* chromium-browser: Out of bounds read in PDFium (CVE-2018-16076)\n\n* chromium-browser: Content security policy bypass in Blink\n(CVE-2018-16077)\n\n* chromium-browser: Credit card information leak in Autofill\n(CVE-2018-16078)\n\n* chromium-browser: URL spoof in permission dialogs (CVE-2018-16079)\n\n* chromium-browser: URL spoof in full screen mode (CVE-2018-16080)\n\n* chromium-browser: Local file access in DevTools (CVE-2018-16081)\n\n* chromium-browser: Stack buffer overflow in SwiftShader\n(CVE-2018-16082)\n\n* chromium-browser: Out of bounds read in WebRTC (CVE-2018-16083)\n\n* chromium-browser: User confirmation bypass in external protocol\nhandling (CVE-2018-16084)\n\n* chromium-browser: Use after free in Memory Instrumentation\n(CVE-2018-16085)\n\n* chromium-browser: Script injection in New Tab Page (CVE-2018-16086)\n\n* chromium-browser: Multiple download restriction bypass\n(CVE-2018-16087)\n\n* chromium-browser: User gesture requirement bypass (CVE-2018-16088)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16088\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2666\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-69.0.3497.81-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-69.0.3497.81-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-69.0.3497.81-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-69.0.3497.81-1.el6_10\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T01:53:29", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2018-16065\n Brendon Tiszka discovered an out-of-bounds write issue\n in the v8 JavaScript library.\n\n - CVE-2018-16066\n cloudfuzzer discovered an out-of-bounds read issue in\n blink/webkit.\n\n - CVE-2018-16067\n Zhe Jin discovered an out-of-bounds read issue in the\n WebAudio implementation.\n\n - CVE-2018-16068\n Mark Brand discovered an out-of-bounds write issue in\n the Mojo message passing library.\n\n - CVE-2018-16069\n Mark Brand discovered an out-of-bounds read issue in the\n swiftshader library.\n\n - CVE-2018-16070\n Ivan Fratric discovered an integer overflow issue in the\n skia library.\n\n - CVE-2018-16071\n Natalie Silvanovich discovered a use-after-free issue in\n the WebRTC implementation.\n\n - CVE-2018-16073\n Jun Kokatsu discovered an error in the Site Isolation\n feature when restoring browser tabs.\n\n - CVE-2018-16074\n Jun Kokatsu discovered an error in the Site Isolation\n feature when using a Blob URL.\n\n - CVE-2018-16075\n Pepe Vila discovered an error that could allow remote\n sites to access local files.\n\n - CVE-2018-16076\n Aseksandar Nikolic discovered an out-of-bounds read\n issue in the pdfium library.\n\n - CVE-2018-16077\n Manuel Caballero discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2018-16078\n Cailan Sacks discovered that the Autofill feature could\n leak saved credit card information.\n\n - CVE-2018-16079\n Markus Vervier and Michele Orru discovered a URL\n spoofing issue.\n\n - CVE-2018-16080\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-16081\n Jann Horn discovered that local files could be accessed\n in the developer tools.\n\n - CVE-2018-16082\n Omair discovered a buffer overflow issue in the\n swiftshader library.\n\n - CVE-2018-16083\n Natalie Silvanovich discovered an out-of-bounds read\n issue in the WebRTC implementation.\n\n - CVE-2018-16084\n Jun Kokatsu discovered a way to bypass a user\n confirmation dialog.\n\n - CVE-2018-16085\n Roman Kuksin discovered a use-after-free issue.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-09-10T00:00:00", "title": "Debian DSA-4289-1 : chromium-browser - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16066", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4289.NASL", "href": "https://www.tenable.com/plugins/nessus/117370", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4289. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117370);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/01/17 10:53:30\");\n\n script_cve_id(\"CVE-2018-16065\", \"CVE-2018-16066\", \"CVE-2018-16067\");\n script_xref(name:\"DSA\", value:\"4289\");\n\n script_name(english:\"Debian DSA-4289-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2018-16065\n Brendon Tiszka discovered an out-of-bounds write issue\n in the v8 JavaScript library.\n\n - CVE-2018-16066\n cloudfuzzer discovered an out-of-bounds read issue in\n blink/webkit.\n\n - CVE-2018-16067\n Zhe Jin discovered an out-of-bounds read issue in the\n WebAudio implementation.\n\n - CVE-2018-16068\n Mark Brand discovered an out-of-bounds write issue in\n the Mojo message passing library.\n\n - CVE-2018-16069\n Mark Brand discovered an out-of-bounds read issue in the\n swiftshader library.\n\n - CVE-2018-16070\n Ivan Fratric discovered an integer overflow issue in the\n skia library.\n\n - CVE-2018-16071\n Natalie Silvanovich discovered a use-after-free issue in\n the WebRTC implementation.\n\n - CVE-2018-16073\n Jun Kokatsu discovered an error in the Site Isolation\n feature when restoring browser tabs.\n\n - CVE-2018-16074\n Jun Kokatsu discovered an error in the Site Isolation\n feature when using a Blob URL.\n\n - CVE-2018-16075\n Pepe Vila discovered an error that could allow remote\n sites to access local files.\n\n - CVE-2018-16076\n Aseksandar Nikolic discovered an out-of-bounds read\n issue in the pdfium library.\n\n - CVE-2018-16077\n Manuel Caballero discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2018-16078\n Cailan Sacks discovered that the Autofill feature could\n leak saved credit card information.\n\n - CVE-2018-16079\n Markus Vervier and Michele Orru discovered a URL\n spoofing issue.\n\n - CVE-2018-16080\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-16081\n Jann Horn discovered that local files could be accessed\n in the developer tools.\n\n - CVE-2018-16082\n Omair discovered a buffer overflow issue in the\n swiftshader library.\n\n - CVE-2018-16083\n Natalie Silvanovich discovered an out-of-bounds read\n issue in the WebRTC implementation.\n\n - CVE-2018-16084\n Jun Kokatsu discovered a way to bypass a user\n confirmation dialog.\n\n - CVE-2018-16085\n Roman Kuksin discovered a use-after-free issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16085\"\n );\n # https://security-tracker.debian.org/tracker/source-package/chromium-browser\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e33901a2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4289\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 69.0.3497.81-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"chromedriver\", reference:\"69.0.3497.81-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium\", reference:\"69.0.3497.81-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-driver\", reference:\"69.0.3497.81-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-l10n\", reference:\"69.0.3497.81-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-shell\", reference:\"69.0.3497.81-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-widevine\", reference:\"69.0.3497.81-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:40:04", "description": "This update for Chromium to version 69.0.3497.81 fixes multiple\nissues.\n\nSecurity issues fixed (boo#1107235) :\n\n - CVE-2018-16065: Out of bounds write in V8\n\n - CVE-2018-16066:Out of bounds read in Blink\n\n - CVE-2018-16067: Out of bounds read in WebAudio\n\n - CVE-2018-16068: Out of bounds write in Mojo\n\n - CVE-2018-16069:Out of bounds read in SwiftShader\n\n - CVE-2018-16070: Integer overflow in Skia\n\n - CVE-2018-16071: Use after free in WebRTC\n\n - CVE-2018-16073: Site Isolation bypass after tab restore\n\n - CVE-2018-16074: Site Isolation bypass using Blob URLS\n\n - Out of bounds read in Little-CMS\n\n - CVE-2018-16075: Local file access in Blink\n\n - CVE-2018-16076: Out of bounds read in PDFium\n\n - CVE-2018-16077: Content security policy bypass in Blink\n\n - CVE-2018-16078: Credit card information leak in Autofill\n\n - CVE-2018-16079: URL spoof in permission dialogs\n\n - CVE-2018-16080: URL spoof in full screen mode\n\n - CVE-2018-16081: Local file access in DevTools\n\n - CVE-2018-16082: Stack-based buffer overflow in\n SwiftShader\n\n - CVE-2018-16083: Out of bounds read in WebRTC\n\n - CVE-2018-16084: User confirmation bypass in external\n protocol handling\n\n - CVE-2018-16085: Use after free in Memory Instrumentation\n\n - CVE-2017-15430: Unsafe navigation in Chromecast\n (boo#1106341)\n\n - CVE-2018-16086: Script injection in New Tab Page\n\n - CVE-2018-16087: Multiple download restriction bypass\n\n - CVE-2018-16088: User gesture requirement bypass The re2\n regular expression library was updated to the current\n version 2018-09-01.", "edition": 18, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-09-10T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-2018-979)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16088", "CVE-2018-16087", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16066", "CVE-2017-15430", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "modified": "2018-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libre2-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:libre2-0-32bit-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:re2-devel", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:libre2-0-32bit", "p-cpe:/a:novell:opensuse:libre2-0", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:re2-debugsource", "p-cpe:/a:novell:opensuse:libre2-0-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2018-979.NASL", "href": "https://www.tenable.com/plugins/nessus/117380", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-979.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117380);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-15430\", \"CVE-2018-16065\", \"CVE-2018-16066\", \"CVE-2018-16067\", \"CVE-2018-16068\", \"CVE-2018-16069\", \"CVE-2018-16070\", \"CVE-2018-16071\", \"CVE-2018-16073\", \"CVE-2018-16074\", \"CVE-2018-16075\", \"CVE-2018-16076\", \"CVE-2018-16077\", \"CVE-2018-16078\", \"CVE-2018-16079\", \"CVE-2018-16080\", \"CVE-2018-16081\", \"CVE-2018-16082\", \"CVE-2018-16083\", \"CVE-2018-16084\", \"CVE-2018-16085\", \"CVE-2018-16086\", \"CVE-2018-16087\", \"CVE-2018-16088\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2018-979)\");\n script_summary(english:\"Check for the openSUSE-2018-979 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for Chromium to version 69.0.3497.81 fixes multiple\nissues.\n\nSecurity issues fixed (boo#1107235) :\n\n - CVE-2018-16065: Out of bounds write in V8\n\n - CVE-2018-16066:Out of bounds read in Blink\n\n - CVE-2018-16067: Out of bounds read in WebAudio\n\n - CVE-2018-16068: Out of bounds write in Mojo\n\n - CVE-2018-16069:Out of bounds read in SwiftShader\n\n - CVE-2018-16070: Integer overflow in Skia\n\n - CVE-2018-16071: Use after free in WebRTC\n\n - CVE-2018-16073: Site Isolation bypass after tab restore\n\n - CVE-2018-16074: Site Isolation bypass using Blob URLS\n\n - Out of bounds read in Little-CMS\n\n - CVE-2018-16075: Local file access in Blink\n\n - CVE-2018-16076: Out of bounds read in PDFium\n\n - CVE-2018-16077: Content security policy bypass in Blink\n\n - CVE-2018-16078: Credit card information leak in Autofill\n\n - CVE-2018-16079: URL spoof in permission dialogs\n\n - CVE-2018-16080: URL spoof in full screen mode\n\n - CVE-2018-16081: Local file access in DevTools\n\n - CVE-2018-16082: Stack-based buffer overflow in\n SwiftShader\n\n - CVE-2018-16083: Out of bounds read in WebRTC\n\n - CVE-2018-16084: User confirmation bypass in external\n protocol handling\n\n - CVE-2018-16085: Use after free in Memory Instrumentation\n\n - CVE-2017-15430: Unsafe navigation in Chromecast\n (boo#1106341)\n\n - CVE-2018-16086: Script injection in New Tab Page\n\n - CVE-2018-16087: Multiple download restriction bypass\n\n - CVE-2018-16088: User gesture requirement bypass The re2\n regular expression library was updated to the current\n version 2018-09-01.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107235\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libre2-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libre2-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libre2-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libre2-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libre2-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:re2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:re2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libre2-0-20180901-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libre2-0-debuginfo-20180901-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"re2-debugsource-20180901-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"re2-devel-20180901-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"chromedriver-69.0.3497.81-lp150.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"chromedriver-debuginfo-69.0.3497.81-lp150.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"chromium-69.0.3497.81-lp150.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"chromium-debuginfo-69.0.3497.81-lp150.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"chromium-debugsource-69.0.3497.81-lp150.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libre2-0-32bit-20180901-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libre2-0-32bit-debuginfo-20180901-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libre2-0-20180901-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libre2-0-debuginfo-20180901-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"re2-debugsource-20180901-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"re2-devel-20180901-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"chromedriver-69.0.3497.81-168.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"chromedriver-debuginfo-69.0.3497.81-168.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"chromium-69.0.3497.81-168.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"chromium-debuginfo-69.0.3497.81-168.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"chromium-debugsource-69.0.3497.81-168.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libre2-0-32bit-20180901-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libre2-0-debuginfo-32bit-20180901-18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:53:07", "description": "This update for Chromium to version 69.0.3497.81 fixes multiple\nissues.\n\nSecurity issues fixed (boo#1107235) :\n\n - CVE-2018-16065: Out of bounds write in V8\n\n - CVE-2018-16066:Out of bounds read in Blink\n\n - CVE-2018-16067: Out of bounds read in WebAudio\n\n - CVE-2018-16068: Out of bounds write in Mojo\n\n - CVE-2018-16069:Out of bounds read in SwiftShader\n\n - CVE-2018-16070: Integer overflow in Skia\n\n - CVE-2018-16071: Use after free in WebRTC\n\n - CVE-2018-16073: Site Isolation bypass after tab restore\n\n - CVE-2018-16074: Site Isolation bypass using Blob URLS\n\n - Out of bounds read in Little-CMS\n\n - CVE-2018-16075: Local file access in Blink\n\n - CVE-2018-16076: Out of bounds read in PDFium\n\n - CVE-2018-16077: Content security policy bypass in Blink\n\n - CVE-2018-16078: Credit card information leak in Autofill\n\n - CVE-2018-16079: URL spoof in permission dialogs\n\n - CVE-2018-16080: URL spoof in full screen mode\n\n - CVE-2018-16081: Local file access in DevTools\n\n - CVE-2018-16082: Stack-based buffer overflow in\n SwiftShader\n\n - CVE-2018-16083: Out of bounds read in WebRTC\n\n - CVE-2018-16084: User confirmation bypass in external\n protocol handling\n\n - CVE-2018-16085: Use after free in Memory Instrumentation\n\n - CVE-2017-15430: Unsafe navigation in Chromecast\n (boo#1106341)\n\n - CVE-2018-16086: Script injection in New Tab Page\n\n - CVE-2018-16087: Multiple download restriction bypass\n\n - CVE-2018-16088: User gesture requirement bypass The re2\n regular expression library was updated to the current\n version 2018-09-01.", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-2019-674)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16088", "CVE-2018-16087", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16066", "CVE-2017-15430", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "modified": "2019-03-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:libre2-0-32bit-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:re2-devel", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:libre2-0-32bit", "p-cpe:/a:novell:opensuse:libre2-0", "p-cpe:/a:novell:opensuse:re2-debugsource", "p-cpe:/a:novell:opensuse:libre2-0-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2019-674.NASL", "href": "https://www.tenable.com/plugins/nessus/123291", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-674.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123291);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-15430\", \"CVE-2018-16065\", \"CVE-2018-16066\", \"CVE-2018-16067\", \"CVE-2018-16068\", \"CVE-2018-16069\", \"CVE-2018-16070\", \"CVE-2018-16071\", \"CVE-2018-16073\", \"CVE-2018-16074\", \"CVE-2018-16075\", \"CVE-2018-16076\", \"CVE-2018-16077\", \"CVE-2018-16078\", \"CVE-2018-16079\", \"CVE-2018-16080\", \"CVE-2018-16081\", \"CVE-2018-16082\", \"CVE-2018-16083\", \"CVE-2018-16084\", \"CVE-2018-16085\", \"CVE-2018-16086\", \"CVE-2018-16087\", \"CVE-2018-16088\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2019-674)\");\n script_summary(english:\"Check for the openSUSE-2019-674 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for Chromium to version 69.0.3497.81 fixes multiple\nissues.\n\nSecurity issues fixed (boo#1107235) :\n\n - CVE-2018-16065: Out of bounds write in V8\n\n - CVE-2018-16066:Out of bounds read in Blink\n\n - CVE-2018-16067: Out of bounds read in WebAudio\n\n - CVE-2018-16068: Out of bounds write in Mojo\n\n - CVE-2018-16069:Out of bounds read in SwiftShader\n\n - CVE-2018-16070: Integer overflow in Skia\n\n - CVE-2018-16071: Use after free in WebRTC\n\n - CVE-2018-16073: Site Isolation bypass after tab restore\n\n - CVE-2018-16074: Site Isolation bypass using Blob URLS\n\n - Out of bounds read in Little-CMS\n\n - CVE-2018-16075: Local file access in Blink\n\n - CVE-2018-16076: Out of bounds read in PDFium\n\n - CVE-2018-16077: Content security policy bypass in Blink\n\n - CVE-2018-16078: Credit card information leak in Autofill\n\n - CVE-2018-16079: URL spoof in permission dialogs\n\n - CVE-2018-16080: URL spoof in full screen mode\n\n - CVE-2018-16081: Local file access in DevTools\n\n - CVE-2018-16082: Stack-based buffer overflow in\n SwiftShader\n\n - CVE-2018-16083: Out of bounds read in WebRTC\n\n - CVE-2018-16084: User confirmation bypass in external\n protocol handling\n\n - CVE-2018-16085: Use after free in Memory Instrumentation\n\n - CVE-2017-15430: Unsafe navigation in Chromecast\n (boo#1106341)\n\n - CVE-2018-16086: Script injection in New Tab Page\n\n - CVE-2018-16087: Multiple download restriction bypass\n\n - CVE-2018-16088: User gesture requirement bypass The re2\n regular expression library was updated to the current\n version 2018-09-01.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107235\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16085\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libre2-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libre2-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libre2-0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libre2-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:re2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:re2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libre2-0-20180901-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libre2-0-debuginfo-20180901-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"re2-debugsource-20180901-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"re2-devel-20180901-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"chromedriver-69.0.3497.81-lp150.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"chromedriver-debuginfo-69.0.3497.81-lp150.2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"chromium-69.0.3497.81-lp150.2.10.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"chromium-debuginfo-69.0.3497.81-lp150.2.10.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"chromium-debugsource-69.0.3497.81-lp150.2.10.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libre2-0-32bit-20180901-lp150.7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libre2-0-32bit-debuginfo-20180901-lp150.7.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:16:08", "description": "Update to Chromium 69. (EPEL-7 update is blocked by a GCC bug:\n1629813, so as soon as devtoolset-8 arrives...)\n\nFixes a lot of security issues, like every major release of Chromium,\nincluding CVE-2018-16087 CVE-2018-16088 CVE-2018-16086CVE-2018-16065\nCVE-2018-16066 CVE-2018-16067 CVE-2018-16068 CVE-2018-16069\nCVE-2018-16070 CVE-2018-16071 CVE-2018-16072 CVE-2018-16073\nCVE-2018-16074 CVE-2018-16075 CVE-2018-16076 CVE-2018-16077\nCVE-2018-16078\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 13, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : chromium (2018-13d8c35127)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-17459", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16088", "CVE-2018-16087", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-17458", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16072", "CVE-2018-16066", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-13D8C35127.NASL", "href": "https://www.tenable.com/plugins/nessus/120245", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-13d8c35127.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120245);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-16065\", \"CVE-2018-16066\", \"CVE-2018-16067\", \"CVE-2018-16068\", \"CVE-2018-16069\", \"CVE-2018-16070\", \"CVE-2018-16071\", \"CVE-2018-16072\", \"CVE-2018-16073\", \"CVE-2018-16074\", \"CVE-2018-16075\", \"CVE-2018-16076\", \"CVE-2018-16077\", \"CVE-2018-16078\", \"CVE-2018-16079\", \"CVE-2018-16080\", \"CVE-2018-16081\", \"CVE-2018-16082\", \"CVE-2018-16083\", \"CVE-2018-16084\", \"CVE-2018-16085\", \"CVE-2018-16086\", \"CVE-2018-16087\", \"CVE-2018-16088\", \"CVE-2018-17458\", \"CVE-2018-17459\");\n script_xref(name:\"FEDORA\", value:\"2018-13d8c35127\");\n\n script_name(english:\"Fedora 28 : chromium (2018-13d8c35127)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Chromium 69. (EPEL-7 update is blocked by a GCC bug:\n1629813, so as soon as devtoolset-8 arrives...)\n\nFixes a lot of security issues, like every major release of Chromium,\nincluding CVE-2018-16087 CVE-2018-16088 CVE-2018-16086CVE-2018-16065\nCVE-2018-16066 CVE-2018-16067 CVE-2018-16068 CVE-2018-16069\nCVE-2018-16070 CVE-2018-16071 CVE-2018-16072 CVE-2018-16073\nCVE-2018-16074 CVE-2018-16075 CVE-2018-16076 CVE-2018-16077\nCVE-2018-16078\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-13d8c35127\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17458\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"chromium-69.0.3497.92-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:34:21", "description": "This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware\n accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes", "edition": 17, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-23T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2018-1208)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2018-10-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2018-1208.NASL", "href": "https://www.tenable.com/plugins/nessus/118317", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1208.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118317);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2018-1208)\");\n script_summary(english:\"Check for the openSUSE-2018-1208 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware\n accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112111\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-debuginfo-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debuginfo-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debugsource-70.0.3538.67-lp150.2.20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:34:27", "description": "This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\nVAAPI hardware accelerated rendering is now enabled by default. This\nupdate contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes", "edition": 14, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-25T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2018-1253)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2018-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2018-1253.NASL", "href": "https://www.tenable.com/plugins/nessus/118386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1253.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118386);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2018-1253)\");\n script_summary(english:\"Check for the openSUSE-2018-1253 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\nVAAPI hardware accelerated rendering is now enabled by default. This\nupdate contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112111\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-debuginfo-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debuginfo-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debugsource-70.0.3538.67-179.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-07-30T13:57:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16066", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-30T00:00:00", "published": "2018-09-05T00:00:00", "id": "OPENVAS:1361412562310813886", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813886", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2018-09)-MAC OS X", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2018-09)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813886\");\n script_version(\"2019-07-30T06:12:43+0000\");\n script_cve_id(\"CVE-2018-16066\", \"CVE-2018-16067\", \"CVE-2018-16068\", \"CVE-2018-16065\",\n \"CVE-2018-16069\", \"CVE-2018-16070\", \"CVE-2018-16071\", \"CVE-2018-16085\",\n \"CVE-2018-16073\", \"CVE-2018-16074\", \"CVE-2018-16075\", \"CVE-2018-16076\",\n \"CVE-2018-16077\", \"CVE-2018-16078\", \"CVE-2018-16079\", \"CVE-2018-16080\",\n \"CVE-2018-16081\", \"CVE-2018-16082\", \"CVE-2018-16083\", \"CVE-2018-16084\",\n \"CVE-2018-16086\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-30 06:12:43 +0000 (Tue, 30 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-09-05 11:42:16 +0530 (Wed, 05 Sep 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2018-09)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple out of bounds write errors in V8 and Mojo.\n\n - Multiple out of bounds read errors in Blink, WebAudio, SwiftShader, Little-CMS,\n PDFium and WebRTC.\n\n - An integer overflow error in Skia.\n\n - Multiple use after free errors in WebRTC and Memory Instrumentation.\n\n - An user confirmation bypass error in external protocol handling.\n\n - A stack buffer overflow error in SwiftShader.\n\n - An improper file access control in DevTools and Blink.\n\n - Multiple url spoofing errors.\n\n - The content security policy bypass error in Blink.\n\n - A security bypass error in Autofill.\n\n - An insufficient policy enforcement in extensions API in Google Chrome.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass security restrictions, cause denial of service condition,\n disclose sensitive information and conduct spoofing attack.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 69.0.3497.81\n on MacOSX.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 69.0.3497.81\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"69.0.3497.81\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"69.0.3497.81\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-30T13:58:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16066", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-30T00:00:00", "published": "2018-09-05T00:00:00", "id": "OPENVAS:1361412562310813884", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813884", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2018-09)-Windows", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2018-09)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813884\");\n script_version(\"2019-07-30T06:12:43+0000\");\n script_cve_id(\"CVE-2018-16066\", \"CVE-2018-16067\", \"CVE-2018-16068\", \"CVE-2018-16065\",\n \"CVE-2018-16069\", \"CVE-2018-16070\", \"CVE-2018-16071\", \"CVE-2018-16085\",\n \"CVE-2018-16073\", \"CVE-2018-16074\", \"CVE-2018-16075\", \"CVE-2018-16076\",\n \"CVE-2018-16077\", \"CVE-2018-16078\", \"CVE-2018-16079\", \"CVE-2018-16080\",\n \"CVE-2018-16081\", \"CVE-2018-16082\", \"CVE-2018-16083\", \"CVE-2018-16084\",\n \"CVE-2018-16086\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-30 06:12:43 +0000 (Tue, 30 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-09-05 11:42:16 +0530 (Wed, 05 Sep 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2018-09)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple out of bounds write errors in V8 and Mojo.\n\n - Multiple out of bounds read errors in Blink, WebAudio, SwiftShader, Little-CMS,\n PDFium and WebRTC.\n\n - An integer overflow error in Skia.\n\n - Multiple use after free errors in WebRTC and Memory Instrumentation.\n\n - An user confirmation bypass error in external protocol handling.\n\n - A stack buffer overflow error in SwiftShader.\n\n - An improper file access control in DevTools and Blink.\n\n - Multiple url spoofing errors.\n\n - The content security policy bypass error in Blink.\n\n - A security bypass error in Autofill.\n\n - An insufficient policy enforcement in extensions API in Google Chrome.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass security restrictions, cause denial of service condition,\n disclose sensitive information and conduct spoofing attack.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 69.0.3497.81\n on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 69.0.3497.81\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"69.0.3497.81\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"69.0.3497.81\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16088", "CVE-2018-16087", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16072", "CVE-2018-16066", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-09-22T00:00:00", "id": "OPENVAS:1361412562310875090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875090", "type": "openvas", "title": "Fedora Update for chromium FEDORA-2018-13d8c35127", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_13d8c35127_chromium_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for chromium FEDORA-2018-13d8c35127\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875090\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-22 08:14:48 +0200 (Sat, 22 Sep 2018)\");\n script_cve_id(\"CVE-2018-16087\", \"CVE-2018-16088\", \"CVE-2018-16086\", \"CVE-2018-16065\",\n \"CVE-2018-16066\", \"CVE-2018-16067\", \"CVE-2018-16068\", \"CVE-2018-16069\",\n \"CVE-2018-16070\", \"CVE-2018-16071\", \"CVE-2018-16072\", \"CVE-2018-16073\",\n \"CVE-2018-16074\", \"CVE-2018-16075\", \"CVE-2018-16076\", \"CVE-2018-16077\",\n \"CVE-2018-16078\", \"CVE-2018-16085\", \"CVE-2018-16084\", \"CVE-2018-16083\",\n \"CVE-2018-16082\", \"CVE-2018-16081\", \"CVE-2018-16080\", \"CVE-2018-16079\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for chromium FEDORA-2018-13d8c35127\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"chromium on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-13d8c35127\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7HTLQRJ655AZ5TRDNCFDLBQ7BIAMB24\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~69.0.3497.92~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T21:53:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16066", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2018-09-05T00:00:00", "id": "OPENVAS:1361412562310813885", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813885", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2018-09)-Linux", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2018-09)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813885\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2018-16066\", \"CVE-2018-16067\", \"CVE-2018-16068\", \"CVE-2018-16065\",\n \"CVE-2018-16069\", \"CVE-2018-16070\", \"CVE-2018-16071\", \"CVE-2018-16085\",\n \"CVE-2018-16073\", \"CVE-2018-16074\", \"CVE-2018-16075\", \"CVE-2018-16076\",\n \"CVE-2018-16077\", \"CVE-2018-16078\", \"CVE-2018-16079\", \"CVE-2018-16080\",\n \"CVE-2018-16081\", \"CVE-2018-16082\", \"CVE-2018-16083\", \"CVE-2018-16084\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-09-05 11:42:16 +0530 (Wed, 05 Sep 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2018-09)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple out of bounds write errors in V8 and Mojo.\n\n - Multiple out of bounds read errors in Blink, WebAudio, SwiftShader, Little-CMS,\n PDFium and WebRTC.\n\n - An integer overflow error in Skia.\n\n - Multiple use after free errors in WebRTC and Memory Instrumentation.\n\n - An user confirmation bypass error in external protocol handling.\n\n - A stack buffer overflow error in SwiftShader.\n\n - An improper file access control in DevTools and Blink.\n\n - Multiple url spoofing errors.\n\n - The content security policy bypass error in Blink.\n\n - A security bypass error in Autofill.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass security restrictions, cause denial of service condition,\n disclose sensitive information and conduct spoofing attack.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 69.0.3497.81\n on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 69.0.3497.81\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"69.0.3497.81\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"69.0.3497.81\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:56:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-1606", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16066", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-16065\nBrendon Tiszka discovered an out-of-bounds write issue in the v8\njavascript library.\n\nCVE-2018-16066\ncloudfuzzer discovered an out-of-bounds read issue in blink/webkit.\n\nCVE-2018-16067\nZhe Jin discovered an out-of-bounds read issue in the WebAudio\nimplementation.\n\nCVE-2018-16068\nMark Brand discovered an out-of-bounds write issue in the Mojo\nmessage passing library.\n\nCVE-2018-16069\nMark Brand discovered an out-of-bounds read issue in the swiftshader\nlibrary.\n\nCVE-2018-16070\nIvan Fratric discovered an integer overflow issue in the skia library.\n\nCVE-2018-16071\nNatalie Silvanovich discovered a use-after-free issue in the WebRTC\nimplementation.\n\nCVE-2018-16073\nJun Kokatsu discovered an error in the Site Isolation feature when\nrestoring browser tabs.\n\nCVE-2018-16074\nJun Kokatsu discovered an error in the Site Isolation feature when\nusing a Blob URL.\n\nCVE-2018-16075\nPepe Vila discovered an error that could allow remote sites to access\nlocal files.\n\nCVE-2018-16076\nAseksandar Nikolic discovered an out-of-bounds read issue in the pdfium\nlibrary.\n\nCVE-2018-16077\nManuel Caballero discovered a way to bypass the Content Security Policy.\n\nCVE-2018-16078\nCailan Sacks discovered that the Autofill feature could leak saved\ncredit card information.\n\nCVE-2018-16079\nMarkus Vervier and Michele Orr\u00f9 discovered a URL spoofing issue.\n\nCVE-2018-16080\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-16081\nJann Horn discovered that local files could be accessed in the developer\ntools.\n\nCVE-2018-16082\nOmair discovered a buffer overflow issue in the swiftshader library.\n\nCVE-2018-16083\nNatalie Silvanovich discovered an out-of-bounds read issue in the WebRTC\nimplementation.\n\nCVE-2018-16084\nJun Kokatsu discovered a way to bypass a user confirmation dialog.\n\nCVE-2018-16085\nRoman Kuksin discovered a use-after-free issue.", "modified": "2019-07-04T00:00:00", "published": "2018-09-07T00:00:00", "id": "OPENVAS:1361412562310704289", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704289", "type": "openvas", "title": "Debian Security Advisory DSA 4289-1 (chromium-browser - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4289-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704289\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-1606\", \"CVE-2018-16065\", \"CVE-2018-16066\", \"CVE-2018-16067\", \"CVE-2018-16070\",\n \"CVE-2018-16071\", \"CVE-2018-16073\", \"CVE-2018-16074\", \"CVE-2018-16075\", \"CVE-2018-16076\",\n \"CVE-2018-16077\", \"CVE-2018-16078\", \"CVE-2018-16079\", \"CVE-2018-16080\", \"CVE-2018-16081\",\n \"CVE-2018-16082\", \"CVE-2018-16083\", \"CVE-2018-16084\", \"CVE-2018-16085\");\n script_name(\"Debian Security Advisory DSA 4289-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-09-07 00:00:00 +0200 (Fri, 07 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4289.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 69.0.3497.81-1~deb9u1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/chromium-browser\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-16065\nBrendon Tiszka discovered an out-of-bounds write issue in the v8\njavascript library.\n\nCVE-2018-16066\ncloudfuzzer discovered an out-of-bounds read issue in blink/webkit.\n\nCVE-2018-16067\nZhe Jin discovered an out-of-bounds read issue in the WebAudio\nimplementation.\n\nCVE-2018-16068\nMark Brand discovered an out-of-bounds write issue in the Mojo\nmessage passing library.\n\nCVE-2018-16069\nMark Brand discovered an out-of-bounds read issue in the swiftshader\nlibrary.\n\nCVE-2018-16070\nIvan Fratric discovered an integer overflow issue in the skia library.\n\nCVE-2018-16071\nNatalie Silvanovich discovered a use-after-free issue in the WebRTC\nimplementation.\n\nCVE-2018-16073\nJun Kokatsu discovered an error in the Site Isolation feature when\nrestoring browser tabs.\n\nCVE-2018-16074\nJun Kokatsu discovered an error in the Site Isolation feature when\nusing a Blob URL.\n\nCVE-2018-16075\nPepe Vila discovered an error that could allow remote sites to access\nlocal files.\n\nCVE-2018-16076\nAseksandar Nikolic discovered an out-of-bounds read issue in the pdfium\nlibrary.\n\nCVE-2018-16077\nManuel Caballero discovered a way to bypass the Content Security Policy.\n\nCVE-2018-16078\nCailan Sacks discovered that the Autofill feature could leak saved\ncredit card information.\n\nCVE-2018-16079\nMarkus Vervier and Michele Orr\u00f9 discovered a URL spoofing issue.\n\nCVE-2018-16080\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-16081\nJann Horn discovered that local files could be accessed in the developer\ntools.\n\nCVE-2018-16082\nOmair discovered a buffer overflow issue in the swiftshader library.\n\nCVE-2018-16083\nNatalie Silvanovich discovered an out-of-bounds read issue in the WebRTC\nimplementation.\n\nCVE-2018-16084\nJun Kokatsu discovered a way to bypass a user confirmation dialog.\n\nCVE-2018-16085\nRoman Kuksin discovered a use-after-free issue.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"chromedriver\", ver:\"69.0.3497.81-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium\", ver:\"69.0.3497.81-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-driver\", ver:\"69.0.3497.81-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"69.0.3497.81-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-shell\", ver:\"69.0.3497.81-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-widevine\", ver:\"69.0.3497.81-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-04T16:44:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16088", "CVE-2018-16087", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16066", "CVE-2017-15430", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "description": "The remote host is missing an update for the ", "modified": "2020-06-03T00:00:00", "published": "2018-09-09T00:00:00", "id": "OPENVAS:1361412562310851883", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851883", "type": "openvas", "title": "openSUSE: Security Advisory for chromium (openSUSE-SU-2018:2664-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851883\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-09-09 07:06:26 +0200 (Sun, 09 Sep 2018)\");\n script_cve_id(\"CVE-2017-15430\", \"CVE-2018-16065\", \"CVE-2018-16066\", \"CVE-2018-16067\",\n \"CVE-2018-16068\", \"CVE-2018-16069\", \"CVE-2018-16070\", \"CVE-2018-16071\",\n \"CVE-2018-16073\", \"CVE-2018-16074\", \"CVE-2018-16075\", \"CVE-2018-16076\",\n \"CVE-2018-16077\", \"CVE-2018-16078\", \"CVE-2018-16079\", \"CVE-2018-16080\",\n \"CVE-2018-16081\", \"CVE-2018-16082\", \"CVE-2018-16083\", \"CVE-2018-16084\",\n \"CVE-2018-16085\", \"CVE-2018-16086\", \"CVE-2018-16087\", \"CVE-2018-16088\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for chromium (openSUSE-SU-2018:2664-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for Chromium to version 69.0.3497.81 fixes multiple issues.\n\n Security issues fixed (boo#1107235):\n\n - CVE-2018-16065: Out of bounds write in V8\n\n - CVE-2018-16066:Out of bounds read in Blink\n\n - CVE-2018-16067: Out of bounds read in WebAudio\n\n - CVE-2018-16068: Out of bounds write in Mojo\n\n - CVE-2018-16069:Out of bounds read in SwiftShader\n\n - CVE-2018-16070: Integer overflow in Skia\n\n - CVE-2018-16071: Use after free in WebRTC\n\n - CVE-2018-16073: Site Isolation bypass after tab restore\n\n - CVE-2018-16074: Site Isolation bypass using Blob URLS\n\n - Out of bounds read in Little-CMS\n\n - CVE-2018-16075: Local file access in Blink\n\n - CVE-2018-16076: Out of bounds read in PDFium\n\n - CVE-2018-16077: Content security policy bypass in Blink\n\n - CVE-2018-16078: Credit card information leak in Autofill\n\n - CVE-2018-16079: URL spoof in permission dialogs\n\n - CVE-2018-16080: URL spoof in full screen mode\n\n - CVE-2018-16081: Local file access in DevTools\n\n - CVE-2018-16082: Stack buffer overflow in SwiftShader\n\n - CVE-2018-16083: Out of bounds read in WebRTC\n\n - CVE-2018-16084: User confirmation bypass in external protocol handling\n\n - CVE-2018-16085: Use after free in Memory Instrumentation\n\n - CVE-2017-15430: Unsafe navigation in Chromecast (boo#1106341)\n\n - CVE-2018-16086: Script injection in New Tab Page\n\n - CVE-2018-16087: Multiple download restriction bypass\n\n - CVE-2018-16088: User gesture requirement bypass\n\n The re2 regular expression library was updated to the current version\n 2018-09-01.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-979=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-979=1\");\n\n script_tag(name:\"affected\", value:\"chromium on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2664-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00017.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libre2-0\", rpm:\"libre2-0~20180901~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libre2-0-debuginfo\", rpm:\"libre2-0-debuginfo~20180901~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"re2-debugsource\", rpm:\"re2-debugsource~20180901~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"re2-devel\", rpm:\"re2-devel~20180901~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~69.0.3497.81~168.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~69.0.3497.81~168.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~69.0.3497.81~168.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~69.0.3497.81~168.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~69.0.3497.81~168.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libre2-0-32bit\", rpm:\"libre2-0-32bit~20180901~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libre2-0-debuginfo-32bit\", rpm:\"libre2-0-debuginfo-32bit~20180901~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:34:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310851995", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851995", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:3273-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851995\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:30:34 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:3273-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3273-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the openSUSE-SU-2018:3273-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\n Security issues fixed (bsc#1112111):\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen mode\n\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\n VAAPI hardware accelerated rendering is now enabled by default.\n\n This update contains the following packaging changes:\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1208=1\n\n - openSUSE Backports SLE-15:\n\n zypper in -t patch openSUSE-2018-1208=1\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:34:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-10-25T00:00:00", "id": "OPENVAS:1361412562310851948", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851948", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:3396-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851948\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-25 06:00:36 +0200 (Thu, 25 Oct 2018)\");\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:3396-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\n Security issues fixed (bsc#1112111):\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen mode\n\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\n VAAPI hardware accelerated rendering is now enabled by default.\n\n This update contains the following packaging changes:\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1253=1\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3396-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00062.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T21:52:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2018-10-17T00:00:00", "id": "OPENVAS:1361412562310814096", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814096", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Mac OS X", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Mac OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814096\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17476\", \"CVE-2018-17475\",\n \"CVE-2018-17474\", \"CVE-2018-17473\", \"CVE-2018-17462\", \"CVE-2018-17471\",\n \"CVE-2018-17470\", \"CVE-2018-17469\", \"CVE-2018-17468\", \"CVE-2018-17467\",\n \"CVE-2018-17466\", \"CVE-2018-17465\", \"CVE-2018-17464\", \"CVE-2018-17463\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 11:15:41 +0530 (Wed, 17 Oct 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Mac OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Sandbox escape in AppCache.\n\n - An input validation error in V8.\n\n - Heap buffer overflow error in Little CMS in PDFium.\n\n - Multiple URL and UI spoofing errors in Omnibox and Extensions.\n\n - Multiple memory corruption errors in Angle and GPU Internals.\n\n - Multiple use after free errors in V8 and Blink.\n\n - Lack of limits on 'update' function in ServiceWorker.\n\n - Security UI occlusion in full screen mode.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attackers\n to bypass security restrictions, execute arbitrary code, conduct spoofing attack\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 70.0.3538.67 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 70.0.3538.67\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"70.0.3538.67\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"70.0.3538.67\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:55:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-5179\nYannic Boneberger discovered an error in the ServiceWorker implementation.\n\nCVE-2018-17462\nNed Williamson and Niklas Baumstark discovered a way to escape the sandbox.\n\nCVE-2018-17463\nNed Williamson and Niklas Baumstark discovered a remote code execution\nissue in the v8 javascript library.\n\nCVE-2018-17464\nxisigr discovered a URL spoofing issue.\n\nCVE-2018-17465\nLin Zuojian discovered a use-after-free issue in the v8 javascript\nlibrary.\n\nCVE-2018-17466\nOmair discovered a memory corruption issue in the angle library.\n\nCVE-2018-17467\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17468\nJams Lee discovered an information disclosure issue.\n\nCVE-2018-17469\nZhen Zhou discovered a buffer overflow issue in the pdfium library.\n\nCVE-2018-17470\nZhe Jin discovered a memory corruption issue in the GPU backend\nimplementation.\n\nCVE-2018-17471\nLnyas Zhang discovered an issue with the full screen user interface.\n\nCVE-2018-17473\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17474\nZhe Jin discovered a use-after-free issue.\n\nCVE-2018-17475\nVladimir Metnew discovered a URL spoofing issue.\n\nCVE-2018-17476\nKhalil Zhani discovered an issue with the full screen user interface.\n\nCVE-2018-17477\nAaron Muir Hamilton discovered a user interface spoofing issue in the\nextensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library included\nwith chromium.", "modified": "2019-07-04T00:00:00", "published": "2018-11-02T00:00:00", "id": "OPENVAS:1361412562310704330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704330", "type": "openvas", "title": "Debian Security Advisory DSA 4330-1 (chromium-browser - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4330-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704330\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\",\n \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\",\n \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\",\n \"CVE-2018-5179\");\n script_name(\"Debian Security Advisory DSA 4330-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-02 00:00:00 +0100 (Fri, 02 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4330.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 70.0.3538.67-1~deb9u1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/chromium-browser\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-5179\nYannic Boneberger discovered an error in the ServiceWorker implementation.\n\nCVE-2018-17462\nNed Williamson and Niklas Baumstark discovered a way to escape the sandbox.\n\nCVE-2018-17463\nNed Williamson and Niklas Baumstark discovered a remote code execution\nissue in the v8 javascript library.\n\nCVE-2018-17464\nxisigr discovered a URL spoofing issue.\n\nCVE-2018-17465\nLin Zuojian discovered a use-after-free issue in the v8 javascript\nlibrary.\n\nCVE-2018-17466\nOmair discovered a memory corruption issue in the angle library.\n\nCVE-2018-17467\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17468\nJams Lee discovered an information disclosure issue.\n\nCVE-2018-17469\nZhen Zhou discovered a buffer overflow issue in the pdfium library.\n\nCVE-2018-17470\nZhe Jin discovered a memory corruption issue in the GPU backend\nimplementation.\n\nCVE-2018-17471\nLnyas Zhang discovered an issue with the full screen user interface.\n\nCVE-2018-17473\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17474\nZhe Jin discovered a use-after-free issue.\n\nCVE-2018-17475\nVladimir Metnew discovered a URL spoofing issue.\n\nCVE-2018-17476\nKhalil Zhani discovered an issue with the full screen user interface.\n\nCVE-2018-17477\nAaron Muir Hamilton discovered a user interface spoofing issue in the\nextensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library included\nwith chromium.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"chromedriver\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-driver\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-shell\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-widevine\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:23", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16065", "CVE-2018-16066", "CVE-2018-16067", "CVE-2018-16068", "CVE-2018-16069", "CVE-2018-16070", "CVE-2018-16071", "CVE-2018-16073", "CVE-2018-16074", "CVE-2018-16075", "CVE-2018-16076", "CVE-2018-16077", "CVE-2018-16078", "CVE-2018-16079", "CVE-2018-16080", "CVE-2018-16081", "CVE-2018-16082", "CVE-2018-16083", "CVE-2018-16084", "CVE-2018-16085", "CVE-2018-16086", "CVE-2018-16087", "CVE-2018-16088"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 69.0.3497.81.\n\nSecurity Fix(es):\n\n* chromium-browser: Out of bounds write in V8 (CVE-2018-16065)\n\n* chromium-browser: Out of bounds read in Blink (CVE-2018-16066)\n\n* chromium-browser: Out of bounds read in WebAudio (CVE-2018-16067)\n\n* chromium-browser: Out of bounds write in Mojo (CVE-2018-16068)\n\n* chromium-browser: Out of bounds read in SwiftShader (CVE-2018-16069)\n\n* chromium-browser: Integer overflow in Skia (CVE-2018-16070)\n\n* chromium-browser: Use after free in WebRTC (CVE-2018-16071)\n\n* chromium-browser: Site Isolation bypass after tab restore (CVE-2018-16073)\n\n* chromium-browser: Site Isolation bypass using Blob URLS (CVE-2018-16074)\n\n* chromium-browser: Local file access in Blink (CVE-2018-16075)\n\n* chromium-browser: Out of bounds read in PDFium (CVE-2018-16076)\n\n* chromium-browser: Content security policy bypass in Blink (CVE-2018-16077)\n\n* chromium-browser: Credit card information leak in Autofill (CVE-2018-16078)\n\n* chromium-browser: URL spoof in permission dialogs (CVE-2018-16079)\n\n* chromium-browser: URL spoof in full screen mode (CVE-2018-16080)\n\n* chromium-browser: Local file access in DevTools (CVE-2018-16081)\n\n* chromium-browser: Stack buffer overflow in SwiftShader (CVE-2018-16082)\n\n* chromium-browser: Out of bounds read in WebRTC (CVE-2018-16083)\n\n* chromium-browser: User confirmation bypass in external protocol handling (CVE-2018-16084)\n\n* chromium-browser: Use after free in Memory Instrumentation (CVE-2018-16085)\n\n* chromium-browser: Script injection in New Tab Page (CVE-2018-16086)\n\n* chromium-browser: Multiple download restriction bypass (CVE-2018-16087)\n\n* chromium-browser: User gesture requirement bypass (CVE-2018-16088)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-09-11T01:20:27", "published": "2018-09-11T01:18:34", "id": "RHSA-2018:2666", "href": "https://access.redhat.com/errata/RHSA-2018:2666", "type": "redhat", "title": "(RHSA-2018:2666) Important: chromium-browser security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 70.0.3538.67.\n\nSecurity Fix(es):\n\n* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)\n\n* chromium-browser: Remote code execution in V8 (CVE-2018-17463)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)\n\n* chromium-browser: Use after free in V8 (CVE-2018-17465)\n\n* chromium-browser: Memory corruption in Angle (CVE-2018-17466)\n\n* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)\n\n* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)\n\n* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)\n\n* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)\n\n* chromium-browser: Use after free in Blink (CVE-2018-17474)\n\n* chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476)\n\n* chromium-browser: UI spoof in Extensions (CVE-2018-17477)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-10-25T00:57:50", "published": "2018-10-25T00:52:49", "id": "RHSA-2018:3004", "href": "https://access.redhat.com/errata/RHSA-2018:3004", "type": "redhat", "title": "(RHSA-2018:3004) Important: chromium-browser security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:49:30", "bulletinFamily": "info", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-17457", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16088", "CVE-2018-16087", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16072", "CVE-2018-16066", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "description": "### *Detect date*:\n09/04/2018\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions and spoof user interface. Below is a complete list of vulnerabilities:\n\n### *Affected products*:\nGoogle Chrome ealier than 69.0.3497.81\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Google Chrome download page](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2018-16065](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16065>)0.0Unknown \n[CVE-2018-16066](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16066>)0.0Unknown \n[CVE-2018-16067](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16067>)0.0Unknown \n[CVE-2018-16068](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16068>)0.0Unknown \n[CVE-2018-16069](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16069>)0.0Unknown \n[CVE-2018-16070](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16070>)0.0Unknown \n[CVE-2018-16071](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16071>)0.0Unknown \n[CVE-2018-16072](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16072>)0.0Unknown \n[CVE-2018-16073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16073>)0.0Unknown \n[CVE-2018-16074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16074>)0.0Unknown \n[CVE-2018-16075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16075>)0.0Unknown \n[CVE-2018-16076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16076>)0.0Unknown \n[CVE-2018-16077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16077>)0.0Unknown \n[CVE-2018-16078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16078>)0.0Unknown \n[CVE-2018-16079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16079>)0.0Unknown \n[CVE-2018-16080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16080>)0.0Unknown \n[CVE-2018-16081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16081>)0.0Unknown \n[CVE-2018-16082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16082>)0.0Unknown \n[CVE-2018-16083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16083>)0.0Unknown \n[CVE-2018-16084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16084>)0.0Unknown \n[CVE-2018-16085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16085>)0.0Unknown \n[CVE-2018-16087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16087>)0.0Unknown \n[CVE-2018-17457](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17457>)0.0Unknown \n[CVE-2018-16088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16088>)0.0Unknown \n[CVE-2018-16086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16086>)0.0Unknown\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 27, "modified": "2020-06-18T00:00:00", "published": "2018-09-04T00:00:00", "id": "KLA11312", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11312", "title": "\r KLA11312Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-02T12:04:26", "bulletinFamily": "info", "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "description": "### *Detect date*:\n10/16/2018\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service and obtain sensitive information.\n\n### *Affected products*:\nGoogle Chrome earlier than 70.0.3538.67\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Google Chrome download page](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2018-17462](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17462>)6.5High \n[CVE-2018-17463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17463>)8.8Critical \n[CVE-2018-17464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17464>)4.3Warning \n[CVE-2018-17465](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17465>)8.8Critical \n[CVE-2018-17466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466>)0.0Unknown \n[CVE-2018-17467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17467>)4.3Warning \n[CVE-2018-17468](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17468>)6.5High \n[CVE-2018-17469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17469>)8.8Critical \n[CVE-2018-17470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17470>)0.0Unknown \n[CVE-2018-17471](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17471>)4.3Warning \n[CVE-2018-17472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17472>)9.6Critical \n[CVE-2018-17473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17473>)4.3Warning \n[CVE-2018-17474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17474>)8.8Critical \n[CVE-2018-17475](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17475>)4.3Warning \n[CVE-2018-17476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17476>)4.3Warning \n[CVE-2018-5179](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5179>)0.0Unknown \n[CVE-2018-17477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17477>)4.3Warning", "edition": 21, "modified": "2020-05-22T00:00:00", "published": "2018-10-16T00:00:00", "id": "KLA11338", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11338", "title": "\r KLA11338Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16065", "CVE-2018-16066", "CVE-2018-16067", "CVE-2018-16068", "CVE-2018-16069", "CVE-2018-16070", "CVE-2018-16071", "CVE-2018-16072", "CVE-2018-16073", "CVE-2018-16074", "CVE-2018-16075", "CVE-2018-16076", "CVE-2018-16077", "CVE-2018-16078", "CVE-2018-16079", "CVE-2018-16080", "CVE-2018-16081", "CVE-2018-16082", "CVE-2018-16083", "CVE-2018-16084", "CVE-2018-16085", "CVE-2018-16086", "CVE-2018-16087", "CVE-2018-16088"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2018-09-20T14:10:41", "published": "2018-09-20T14:10:41", "id": "FEDORA:DFC7860745B7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: chromium-69.0.3497.92-1.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2018-11-23T02:32:21", "published": "2018-11-23T02:32:21", "id": "FEDORA:532F960CF00C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: chromium-70.0.3538.77-4.fc29", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16065", "CVE-2018-16066", "CVE-2018-16067", "CVE-2018-16068", "CVE-2018-16069", "CVE-2018-16070", "CVE-2018-16071", "CVE-2018-16072", "CVE-2018-16073", "CVE-2018-16074", "CVE-2018-16075", "CVE-2018-16076", "CVE-2018-16077", "CVE-2018-16078", "CVE-2018-16079", "CVE-2018-16080", "CVE-2018-16081", "CVE-2018-16082", "CVE-2018-16083", "CVE-2018-16084", "CVE-2018-16085", "CVE-2018-16086", "CVE-2018-16087", "CVE-2018-16088", "CVE-2018-16428", "CVE-2018-16429", "CVE-2018-17458", "CVE-2018-17459", "CVE-2018-6055", "CVE-2018-6119"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2018-10-30T17:43:16", "published": "2018-10-30T17:43:16", "id": "FEDORA:68D4566AD26B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: chromium-69.0.3497.100-1.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-17478", "CVE-2018-17479", "CVE-2018-5179"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2018-11-30T02:14:11", "published": "2018-11-30T02:14:11", "id": "FEDORA:DA59A6087D6C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: chromium-70.0.3538.110-1.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16065", "CVE-2018-16066", "CVE-2018-16067", "CVE-2018-16068", "CVE-2018-16069", "CVE-2018-16070", "CVE-2018-16071", "CVE-2018-16072", "CVE-2018-16073", "CVE-2018-16074", "CVE-2018-16075", "CVE-2018-16076", "CVE-2018-16077", "CVE-2018-16078", "CVE-2018-16079", "CVE-2018-16080", "CVE-2018-16081", "CVE-2018-16082", "CVE-2018-16083", "CVE-2018-16084", "CVE-2018-16085", "CVE-2018-16086", "CVE-2018-16087", "CVE-2018-16088", "CVE-2018-4117", "CVE-2018-6044", "CVE-2018-6149", "CVE-2018-6150", "CVE-2018-6151", "CVE-2018-6152", "CVE-2018-6153", "CVE-2018-6154", "CVE-2018-6155", "CVE-2018-6156", "CVE-2018-6157", "CVE-2018-6158", "CVE-2018-6159", "CVE-2018-6160", "CVE-2018-6161", "CVE-2018-6162", "CVE-2018-6163", "CVE-2018-6164", "CVE-2018-6165", "CVE-2018-6166", "CVE-2018-6167", "CVE-2018-6168", "CVE-2018-6169", "CVE-2018-6170", "CVE-2018-6171", "CVE-2018-6172", "CVE-2018-6173", "CVE-2018-6174", "CVE-2018-6175", "CVE-2018-6176", "CVE-2018-6177", "CVE-2018-6178", "CVE-2018-6179"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2018-09-21T06:45:01", "published": "2018-09-21T06:45:01", "id": "FEDORA:5F80C60AEBEC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: chromium-69.0.3497.92-1.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:44", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16066", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4289-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nSeptember 07, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2018-16065 CVE-2018-16066 CVE-2018-16067 CVE-2018-16068\n CVE-2018-16069 CVE-2018-16070 CVE-2018-16071 CVE-2018-16073\n CVE-2018-16074 CVE-2018-16075 CVE-2018-16076 CVE-2018-16077\n CVE-2018-16078 CVE-2018-16079 CVE-2018-16080 CVE-2018-16081\n CVE-2018-16082 CVE-2018-16083 CVE-2018-16084 CVE-2018-16085\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-16065\n\n Brendon Tiszka discovered an out-of-bounds write issue in the v8\n javascript library.\n\nCVE-2018-16066\n\n cloudfuzzer discovered an out-of-bounds read issue in blink/webkit.\n\nCVE-2018-16067\n\n Zhe Jin discovered an out-of-bounds read issue in the WebAudio\n implementation.\n\nCVE-2018-16068\n\n Mark Brand discovered an out-of-bounds write issue in the Mojo\n message passing library.\n\nCVE-2018-16069\n\n Mark Brand discovered an out-of-bounds read issue in the swiftshader\n library.\n\nCVE-2018-16070\n\n Ivan Fratric discovered an integer overflow issue in the skia library.\n\nCVE-2018-16071\n\n Natalie Silvanovich discovered a use-after-free issue in the WebRTC\n implementation.\n\nCVE-2018-16073\n\n Jun Kokatsu discovered an error in the Site Isolation feature when\n restoring browser tabs.\n\nCVE-2018-16074\n\n Jun Kokatsu discovered an error in the Site Isolation feature when\n using a Blob URL.\n\nCVE-2018-16075\n\n Pepe Vila discovered an error that could allow remote sites to access\n local files.\n\nCVE-2018-16076\n\n Aseksandar Nikolic discovered an out-of-bounds read issue in the pdfium\n library.\n\nCVE-2018-16077\n\n Manuel Caballero discovered a way to bypass the Content Security Policy.\n\nCVE-2018-16078\n\n Cailan Sacks discovered that the Autofill feature could leak saved\n credit card information.\n\nCVE-2018-16079\n\n Markus Vervier and Michele Orr\u00f9 discovered a URL spoofing issue.\n\nCVE-2018-16080\n\n Khalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-16081\n\n Jann Horn discovered that local files could be accessed in the developer\n tools.\n\nCVE-2018-16082\n\n Omair discovered a buffer overflow issue in the swiftshader library.\n\nCVE-2018-16083\n\n Natalie Silvanovich discovered an out-of-bounds read issue in the WebRTC\n implementation.\n\nCVE-2018-16084\n\n Jun Kokatsu discovered a way to bypass a user confirmation dialog.\n\nCVE-2018-16085\n\n Roman Kuksin discovered a use-after-free issue.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 69.0.3497.81-1~deb9u1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFor the detailed security status of chromium-browser please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium-browser\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2018-09-08T03:17:32", "published": "2018-09-08T03:17:32", "id": "DEBIAN:DSA-4289-1:93A0F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00219.html", "title": "[SECURITY] [DSA 4289-1] chromium-browser security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4330-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nNovember 02, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464\n CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468\n CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473\n CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-5179\n\n Yannic Boneberger discovered an error in the ServiceWorker implementation.\n\nCVE-2018-17462\n\n Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox.\n\nCVE-2018-17463\n\n Ned Williamson and Niklas Baumstark discovered a remote code execution\n issue in the v8 javascript library.\n\nCVE-2018-17464\n\n xisigr discovered a URL spoofing issue.\n\nCVE-2018-17465\n\n Lin Zuojian discovered a use-after-free issue in the v8 javascript\n library.\n\nCVE-2018-17466\n\n Omair discovered a memory corruption issue in the angle library.\n\nCVE-2018-17467\n\n Khalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17468\n\n Jams Lee discovered an information disclosure issue.\n\nCVE-2018-17469\n\n Zhen Zhou discovered a buffer overflow issue in the pdfium library.\n\nCVE-2018-17470\n\n Zhe Jin discovered a memory corruption issue in the GPU backend\n implementation.\n\nCVE-2018-17471\n\n Lnyas Zhang discovered an issue with the full screen user interface.\n\nCVE-2018-17473\n\n Khalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17474\n\n Zhe Jin discovered a use-after-free issue.\n\nCVE-2018-17475\n\n Vladimir Metnew discovered a URL spoofing issue.\n\nCVE-2018-17476\n\n Khalil Zhani discovered an issue with the full screen user interface.\n\nCVE-2018-17477\n\n Aaron Muir Hamilton discovered a user interface spoofing issue in the\n extensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library included\nwith chromium.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 70.0.3538.67-1~deb9u1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFor the detailed security status of chromium-browser please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium-browser\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2018-11-02T11:43:56", "published": "2018-11-02T11:43:56", "id": "DEBIAN:DSA-4330-1:C6D67", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00262.html", "title": "[SECURITY] [DSA 4330-1] chromium-browser security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-09-08T13:50:15", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16088", "CVE-2018-16087", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16066", "CVE-2017-15430", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "description": "This update for Chromium to version 69.0.3497.81 fixes multiple issues.\n\n Security issues fixed (boo#1107235):\n\n - CVE-2018-16065: Out of bounds write in V8\n - CVE-2018-16066:Out of bounds read in Blink\n - CVE-2018-16067: Out of bounds read in WebAudio\n - CVE-2018-16068: Out of bounds write in Mojo\n - CVE-2018-16069:Out of bounds read in SwiftShader\n - CVE-2018-16070: Integer overflow in Skia\n - CVE-2018-16071: Use after free in WebRTC\n - CVE-2018-16073: Site Isolation bypass after tab restore\n - CVE-2018-16074: Site Isolation bypass using Blob URLS\n - Out of bounds read in Little-CMS\n - CVE-2018-16075: Local file access in Blink\n - CVE-2018-16076: Out of bounds read in PDFium\n - CVE-2018-16077: Content security policy bypass in Blink\n - CVE-2018-16078: Credit card information leak in Autofill\n - CVE-2018-16079: URL spoof in permission dialogs\n - CVE-2018-16080: URL spoof in full screen mode\n - CVE-2018-16081: Local file access in DevTools\n - CVE-2018-16082: Stack buffer overflow in SwiftShader\n - CVE-2018-16083: Out of bounds read in WebRTC\n - CVE-2018-16084: User confirmation bypass in external protocol handling\n - CVE-2018-16085: Use after free in Memory Instrumentation\n - CVE-2017-15430: Unsafe navigation in Chromecast (boo#1106341)\n - CVE-2018-16086: Script injection in New Tab Page\n - CVE-2018-16087: Multiple download restriction bypass\n - CVE-2018-16088: User gesture requirement bypass\n\n The re2 regular expression library was updated to the current version\n 2018-09-01.\n\n", "edition": 1, "modified": "2018-09-08T12:11:04", "published": "2018-09-08T12:11:04", "id": "OPENSUSE-SU-2018:2659-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00016.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-08T13:50:15", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16088", "CVE-2018-16087", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16066", "CVE-2017-15430", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "description": "This update for Chromium to version 69.0.3497.81 fixes multiple issues.\n\n Security issues fixed (boo#1107235):\n\n - CVE-2018-16065: Out of bounds write in V8\n - CVE-2018-16066:Out of bounds read in Blink\n - CVE-2018-16067: Out of bounds read in WebAudio\n - CVE-2018-16068: Out of bounds write in Mojo\n - CVE-2018-16069:Out of bounds read in SwiftShader\n - CVE-2018-16070: Integer overflow in Skia\n - CVE-2018-16071: Use after free in WebRTC\n - CVE-2018-16073: Site Isolation bypass after tab restore\n - CVE-2018-16074: Site Isolation bypass using Blob URLS\n - Out of bounds read in Little-CMS\n - CVE-2018-16075: Local file access in Blink\n - CVE-2018-16076: Out of bounds read in PDFium\n - CVE-2018-16077: Content security policy bypass in Blink\n - CVE-2018-16078: Credit card information leak in Autofill\n - CVE-2018-16079: URL spoof in permission dialogs\n - CVE-2018-16080: URL spoof in full screen mode\n - CVE-2018-16081: Local file access in DevTools\n - CVE-2018-16082: Stack buffer overflow in SwiftShader\n - CVE-2018-16083: Out of bounds read in WebRTC\n - CVE-2018-16084: User confirmation bypass in external protocol handling\n - CVE-2018-16085: Use after free in Memory Instrumentation\n - CVE-2017-15430: Unsafe navigation in Chromecast (boo#1106341)\n - CVE-2018-16086: Script injection in New Tab Page\n - CVE-2018-16087: Multiple download restriction bypass\n - CVE-2018-16088: User gesture requirement bypass\n\n The re2 regular expression library was updated to the current version\n 2018-09-01.\n\n", "edition": 1, "modified": "2018-09-08T12:13:32", "published": "2018-09-08T12:13:32", "id": "OPENSUSE-SU-2018:2664-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00017.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-09-22T12:05:19", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16085", "CVE-2018-16082", "CVE-2018-16080", "CVE-2018-16079", "CVE-2018-16075", "CVE-2018-16068", "CVE-2018-16081", "CVE-2018-16086", "CVE-2018-16088", "CVE-2018-16087", "CVE-2018-16067", "CVE-2018-16083", "CVE-2018-16071", "CVE-2018-16077", "CVE-2018-16065", "CVE-2018-16078", "CVE-2018-16073", "CVE-2018-16069", "CVE-2018-16084", "CVE-2018-16066", "CVE-2017-15430", "CVE-2018-16070", "CVE-2018-16076", "CVE-2018-16074"], "description": "This update for Chromium to version 69.0.3497.81 fixes multiple issues.\n\n Security issues fixed (boo#1107235):\n\n - CVE-2018-16065: Out of bounds write in V8\n - CVE-2018-16066:Out of bounds read in Blink\n - CVE-2018-16067: Out of bounds read in WebAudio\n - CVE-2018-16068: Out of bounds write in Mojo\n - CVE-2018-16069:Out of bounds read in SwiftShader\n - CVE-2018-16070: Integer overflow in Skia\n - CVE-2018-16071: Use after free in WebRTC\n - CVE-2018-16073: Site Isolation bypass after tab restore\n - CVE-2018-16074: Site Isolation bypass using Blob URLS\n - Out of bounds read in Little-CMS\n - CVE-2018-16075: Local file access in Blink\n - CVE-2018-16076: Out of bounds read in PDFium\n - CVE-2018-16077: Content security policy bypass in Blink\n - CVE-2018-16078: Credit card information leak in Autofill\n - CVE-2018-16079: URL spoof in permission dialogs\n - CVE-2018-16080: URL spoof in full screen mode\n - CVE-2018-16081: Local file access in DevTools\n - CVE-2018-16082: Stack buffer overflow in SwiftShader\n - CVE-2018-16083: Out of bounds read in WebRTC\n - CVE-2018-16084: User confirmation bypass in external protocol handling\n - CVE-2018-16085: Use after free in Memory Instrumentation\n - CVE-2017-15430: Unsafe navigation in Chromecast (boo#1106341)\n - CVE-2018-16086: Script injection in New Tab Page\n - CVE-2018-16087: Multiple download restriction bypass\n - CVE-2018-16088: User gesture requirement bypass\n\n The re2 regular expression library was updated to the current version\n 2018-09-01.\n\n", "edition": 1, "modified": "2018-09-22T09:28:43", "published": "2018-09-22T09:28:43", "id": "OPENSUSE-SU-2018:2664-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00056.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-10-24T22:31:11", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "description": "This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\n Security issues fixed (bsc#1112111):\n\n - CVE-2018-17462: Sandbox escape in AppCache\n - CVE-2018-17463: Remote code execution in V8\n - Heap buffer overflow in Little CMS in PDFium\n - CVE-2018-17464: URL spoof in Omnibox\n - CVE-2018-17465: Use after free in V8\n - CVE-2018-17466: Memory corruption in Angle\n - CVE-2018-17467: URL spoof in Omnibox\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n - CVE-2018-17469: Heap buffer overflow in PDFium\n - CVE-2018-17470: Memory corruption in GPU Internals\n - CVE-2018-17471: Security UI occlusion in full screen mode\n - CVE-2018-17473: URL spoof in Omnibox\n - CVE-2018-17474: Use after free in Blink\n - CVE-2018-17475: URL spoof in Omnibox\n - CVE-2018-17476: Security UI occlusion in full screen mode\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n - CVE-2018-17477: UI spoof in Extensions\n\n VAAPI hardware accelerated rendering is now enabled by default.\n\n This update contains the following packaging changes:\n\n - Use the system libusb-1.0 library\n - Use bundled harfbuzz library\n - Disable gnome-keyring to avoid crashes\n\n", "edition": 1, "modified": "2018-10-24T21:09:13", "published": "2018-10-24T21:09:13", "id": "OPENSUSE-SU-2018:3396-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00062.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-10-22T16:31:01", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "description": "This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\n Security issues fixed (bsc#1112111):\n\n - CVE-2018-17462: Sandbox escape in AppCache\n - CVE-2018-17463: Remote code execution in V8\n - Heap buffer overflow in Little CMS in PDFium\n - CVE-2018-17464: URL spoof in Omnibox\n - CVE-2018-17465: Use after free in V8\n - CVE-2018-17466: Memory corruption in Angle\n - CVE-2018-17467: URL spoof in Omnibox\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n - CVE-2018-17469: Heap buffer overflow in PDFium\n - CVE-2018-17470: Memory corruption in GPU Internals\n - CVE-2018-17471: Security UI occlusion in full screen mode\n - CVE-2018-17473: URL spoof in Omnibox\n - CVE-2018-17474: Use after free in Blink\n - CVE-2018-17475: URL spoof in Omnibox\n - CVE-2018-17476: Security UI occlusion in full screen mode\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n - CVE-2018-17477: UI spoof in Extensions\n\n VAAPI hardware accelerated rendering is now enabled by default.\n\n This update contains the following packaging changes:\n\n - Use the system libusb-1.0 library\n - Use bundled harfbuzz library\n - Disable gnome-keyring to avoid crashes\n\n", "edition": 1, "modified": "2018-10-22T15:16:54", "published": "2018-10-22T15:16:54", "id": "OPENSUSE-SU-2018:3273-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-11-21T03:16:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17478", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "description": "This update contains Chromium 70.0.3538.102 and fixes security issues and\n bugs.\n\n Vulnerabilities fixed in 70.0.3538.102:\n\n - CVE-2018-17478: Out of bounds memory access in V8 (boo#1115537)\n\n Vulnerabilities fixed in 70.0.3538.67 (bsc#1112111):\n\n - CVE-2018-17462: Sandbox escape in AppCache\n - CVE-2018-17463: Remote code execution in V8\n - Heap buffer overflow in Little CMS in PDFium\n - CVE-2018-17464: URL spoof in Omnibox\n - CVE-2018-17465: Use after free in V8\n - CVE-2018-17466: Memory corruption in Angle\n - CVE-2018-17467: URL spoof in Omnibox\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n - CVE-2018-17469: Heap buffer overflow in PDFium\n - CVE-2018-17470: Memory corruption in GPU Internals\n - CVE-2018-17471: Security UI occlusion in full screen mode\n - CVE-2018-17473: URL spoof in Omnibox\n - CVE-2018-17474: Use after free in Blink\n - CVE-2018-17475: URL spoof in Omnibox\n - CVE-2018-17476: Security UI occlusion in full screen mode\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n - CVE-2018-17477: UI spoof in Extensions\n\n This update contains the following packaging changes:\n\n - VAAPI hardware accelerated rendering is now enabled by default.\n - Use the system libusb-1.0 library\n - Use bundled harfbuzz library\n - Disable gnome-keyring to avoid crashes\n - noto-emoji-fonts is no longer a recommended dependency\n\n", "edition": 1, "modified": "2018-11-21T00:11:39", "published": "2018-11-21T00:11:39", "id": "OPENSUSE-SU-2018:3835-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00035.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "description": "Arch Linux Security Advisory ASA-201810-12\n==========================================\n\nSeverity: Critical\nDate : 2018-10-17\nCVE-ID : CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464\nCVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468\nCVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473\nCVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-781\n\nSummary\n=======\n\nThe package chromium before version 70.0.3538.67-1 is vulnerable to\nmultiple issues including arbitrary code execution, content spoofing,\nsandbox escape, information disclosure and denial of service.\n\nResolution\n==========\n\nUpgrade to 70.0.3538.67-1.\n\n# pacman -Syu \"chromium>=70.0.3538.67-1\"\n\nThe problems have been fixed upstream in version 70.0.3538.67.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-5179 (denial of service)\n\nA security issue has been found in the ServiceWorker component of the\nchromium browser before 70.0.3538.67, due to a lack of limits on the\nupdate() function.\n\n- CVE-2018-17462 (sandbox escape)\n\nA sandbox escape has been found in the AppCache component of the\nchromium browser before 70.0.3538.67.\n\n- CVE-2018-17463 (arbitrary code execution)\n\nA remote code execution issue has been found in the V8 component of the\nchromium browser before 70.0.3538.67.\n\n- CVE-2018-17464 (content spoofing)\n\nA URL spoofing issue has been found in the Omnibox component of the\nchromium browser before 70.0.3538.67.\n\n- CVE-2018-17465 (arbitrary code execution)\n\nA use-after-free issue has been found in the V8 component of the\nchromium browser before 70.0.3538.67.\n\n- CVE-2018-17466 (arbitrary code execution)\n\nA memory corruption issue has been found in the Angle component of the\nchromium browser before 70.0.3538.67.\n\n- CVE-2018-17467 (content spoofing)\n\nA URL spoofing issue has been found in the Omnibox component of the\nchromium browser before 70.0.3538.67.\n\n- CVE-2018-17468 (information disclosure)\n\nA cross-origin URL disclosure issue has been found in the Blink\ncomponent of the chromium browser before 70.0.3538.67.\n\n- CVE-2018-17469 (arbitrary code execution)\n\nA heap-based buffer overflow has been found in the PDFium component of\nthe chromium browser before 70.0.3538.67.\n\n- CVE-2018-17470 (arbitrary code execution)\n\nA memory corruption issue has been found in the GPU internals component\nof the chromium browser before 70.0.3538.67.\n\n- CVE-2018-17471 (content spoofing)\n\nA security UI occlusion has been found in the the full screen mode of\nthe chromium browser before 70.0.3538.67.\n\n- CVE-2018-17473 (content spoofing)\n\nA URL spoofing issue has been found in the Omnibox component of the\nchromium browser before 70.0.3538.67.\n\n- CVE-2018-17474 (arbitrary code execution)\n\nA use-after-free has been found in the Blink component of the chromium\nbrowser before 70.0.3538.67.\n\n- CVE-2018-17475 (content spoofing)\n\nA URL spoofing issue has been found in the Omnibox component of the\nchromium browser before 70.0.3538.67.\n\n- CVE-2018-17476 (content spoofing)\n\nA security UI occlusion has been found in the the full screen mode of\nthe chromium browser before 70.0.3538.67.\n\n- CVE-2018-17477 (content spoofing)\n\nA UI spoofing issue has been found in the Extensions component of the\nchromium browser before 70.0.3538.67.\n\nImpact\n======\n\nA remote attacker can spoof the URL or the security status of a page,\naccess sensitive information, crash the browser or execute arbitrary\ncode on the affected host.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=805496\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=888926\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=888923\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=887273\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=870226\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=880906\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=844881\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=876822\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=880675\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=877874\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=873080\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=882078\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=843151\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=852634\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=812769\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=863703\nhttps://security.archlinux.org/CVE-2018-5179\nhttps://security.archlinux.org/CVE-2018-17462\nhttps://security.archlinux.org/CVE-2018-17463\nhttps://security.archlinux.org/CVE-2018-17464\nhttps://security.archlinux.org/CVE-2018-17465\nhttps://security.archlinux.org/CVE-2018-17466\nhttps://security.archlinux.org/CVE-2018-17467\nhttps://security.archlinux.org/CVE-2018-17468\nhttps://security.archlinux.org/CVE-2018-17469\nhttps://security.archlinux.org/CVE-2018-17470\nhttps://security.archlinux.org/CVE-2018-17471\nhttps://security.archlinux.org/CVE-2018-17473\nhttps://security.archlinux.org/CVE-2018-17474\nhttps://security.archlinux.org/CVE-2018-17475\nhttps://security.archlinux.org/CVE-2018-17476\nhttps://security.archlinux.org/CVE-2018-17477", "modified": "2018-10-17T00:00:00", "published": "2018-10-17T00:00:00", "id": "ASA-201810-12", "href": "https://security.archlinux.org/ASA-201810-12", "type": "archlinux", "title": "[ASA-201810-12] chromium: multiple issues", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2019-05-30T05:51:13", "bulletinFamily": "info", "cvelist": ["CVE-2018-16065", "CVE-2018-16066", "CVE-2018-16067", "CVE-2018-16068", "CVE-2018-16069", "CVE-2018-16070", "CVE-2018-16071"], "description": "Google has officially lifted the curtain on Chrome 69 for Windows, Mac and Linux this week. The tech giant\u2019s latest browser version comes loaded with new security features and a slew of patches.\n\nOverall, the update included 40 security [fixes](<https://chromium.googlesource.com/chromium/src/+log/68.0.3440.106..69.0.3497.81?pretty=fuller&n=10000>). Several of those were rated \u201chigh,\u201d including five out-of-bounds flaws (CVE-2018-16065, CVE-2018-16066, CVE-2018-16067, CVE-2018-16068 and CVE-2018-16069), an integer-overflow glitch (CVE-2018-16070) and a use-after-free vulnerability (CVE-2018-16071).\n\n\u201cChrome 69.0.3497.81 contains a number of fixes and improvements\u2026The Chrome team is delighted to announce the promotion of Chrome 69 to the stable channel for Windows, Mac and Linux,\u201d Google said in a [post](<https://chromereleases.googleblog.com/search/label/Stable%20updates>) Tuesday about the updates. \u201cThis will roll out over the coming days/weeks.\u201d\n\nAlso notable in Google\u2019 latest Chrome release is the beginning of its [flagging](<https://threatpost.com/google-starts-labeling-all-http-sites-as-not-secure/134363/>) of less-secure HTTP websites. When users visit an HTTP page, they will no longer be labeled as \u201csecure\u201d on the navigation bar. And later, starting with Chrome 70, Google plans to take that a step further by actively labeling HTTP sites as \u201cnot secure\u201d on the navigation bar.\n\nThe move comes as Google hopes to prompt a continued shift from HTTP pages to the more secure HTTPS websites, which encrypt traffic flowing to and from a website.\n\nChrome 69 also comes with a revamped password manager. When a user needs to create a new password, the desktop edition of Chrome will generate a unique password and enable that password for login on laptops and phones.\n\nEven beyond Chrome 69, Google has been rolling out a range of security [features](<https://threatpost.com/chrome-now-features-site-isolation-to-defend-against-spectre/133902/>) this summer.\n\nThat includes pushing out new security mitigations for Chrome 67 users to defend against recently discovered Spectre variants. That\u2019s via a fresh security feature called [site isolation](<https://threatpost.com/google-patches-34-browser-bugs-in-chrome-67-adds-spectre-fixes/132370/>), which essentially isolates different browser work processes between various browser tabs.\n\nOverall, the update contains significant changes to the user experience.\n\n\u201cWe launched an ad blocker to keep you safe from malicious and annoying ads, helped move the web to HTTPS to keep you secure online, launched site isolation which provides deeper defense against many types of attacks including Spectre, and brought virtual reality and augmented reality browsing to Chrome,\u201d Chrome product management desktop lead Ellie Powers said in a [post](<https://www.blog.google/products/chrome/chromes-turning-10-heres-whats-new/>) on Tuesday. \u201cAnd we\u2019re now rolling out a set of new experiments to improve Chrome\u2019s startup time, latency, usage of memory and usability.\u201d\n", "modified": "2018-09-05T18:34:46", "published": "2018-09-05T18:34:46", "id": "THREATPOST:35F527401E3A9BAB4C09F2A8DA097443", "href": "https://threatpost.com/google-rolls-out-40-fixes-with-chrome-69/137210/", "type": "threatpost", "title": "Google Rolls Out 40 Fixes with Chrome 69", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T05:50:38", "bulletinFamily": "info", "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466"], "description": "Google has lifted the curtain on its latest version of Chrome, which the tech giant has pledged touts more data privacy features, as well as fixes for high-priority vulnerabilities.\n\nThe release comes after Google had promised updates in Chrome 70 to \u201cbetter communicate our changes and offer more control over the experience.\u201d\n\nChrome 70 for Windows, Mac and Linux will roll out over the coming days and weeks, Google said in a Tuesday [posting](<https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html>).\n\n## New Privacy Feature\n\nMost notably, Chrome 70 includes a panel enabling users to have more control over how the browser behaves when they log into their Google accounts.\n\nThe pressure is on Google to prioritize privacy policies after the tech giant came under fire for a change in Chrome 69, launched [earlier in September](<https://threatpost.com/google-rolls-out-40-fixes-with-chrome-69/137210/>). After that release, an update to the browser\u2019s sign-in mechanism [automatically signed users into Chrome](<https://threatpost.com/googles-forced-sign-in-to-chrome-raises-privacy-red-flags/137651/>) when they signed into any other Google service.\n\nDigs at Google increased when a separate researcher also found that when he deleted the cookies.txt files in Chrome, the browser clears all cookies \u2013 except for Google cookies.\n\nBut the new control panel means that users have the option to turn off the automatic sign-in, Zach Koch, Chrome product manager, said in a [post](<https://www.blog.google/products/chrome/product-updates-based-your-feedback/>) on the matter.\n\n\u201cWhile we think sign-in consistency will help many of our users, we\u2019re adding a control that allows users to turn off linking web-based sign-in with browser-based sign-in\u2014that way users have more control over their experience,\u201d he said. \u201cFor users that disable this feature, signing into a Google website will not sign them into Chrome.\n\n## Fixed Vulnerabilities\n\nIn addition to new privacy features, Chrome 70 also [packs](<https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html>) 23 security fixes, including both \u201chigh\u201d and \u201cmedium\u201d priority bugs; as well as new security features.\n\nOf note are patches for a high-priority sandbox escape vulnerability (CVE-2018-17462) in AppCache; a high-priority remote code-execution flaw (CVE-2018-17463) in V8; a \u201chigh\u201d priority URL spoof bug (CVE-2018-17464) in Omnibox; and a \u201chigh\u201d memory corruption glitch (CVE-2018-17466) in Angle.\n\nOther bugs include a high-priority use-after-free flaw (CVE-2018-17465) in V8, and a high-priority heap buffer overflow vulnerability in Little CMS in PDFium (no CVE assigned yet).\n\nA full list of the security bugs and fixes are [here](<https://chromium.googlesource.com/chromium/src/+log/69.0.3497.100..70.0.3538.67?pretty=fuller&n=10000>).\n\nChrome 70 also features Web Bluetooth, which is also available in Windows 10, which allows sites to communicate with user-selected Bluetooth devices in a \u201csecure and privacy-preserving\u201d ways.\n\nAnd finally, Google released support for public key credentials in Chrome 70, which enables strong authentication to websites with public key cryptography, enabling password-less authentication and/or secure second-factor authentication without SMS texts.\n\n\u201cI\u2019m pretty excited about it because it allows sites to use my fingerprint for two-factor authentication,\u201d Pete LePage, developer advocate, said in a Tuesday [post](<https://developers.google.com/web/updates/2018/10/nic70>). \u201cBut, it also adds support for additional types of security keys and better security on the web.\u201d\n", "modified": "2018-10-17T14:04:48", "published": "2018-10-17T14:04:48", "id": "THREATPOST:2EA02E029D18D4A6E2F53BF8057CCD57", "href": "https://threatpost.com/on-heels-of-criticism-newly-released-google-chrome-70-prioritizes-privacy/138368/", "type": "threatpost", "title": "On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T06:52:30", "description": "Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.", "edition": 16, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2019-01-09T19:29:00", "title": "CVE-2018-16087", "type": "cve", "cwe": ["CWE-732"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16087"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2018-16087", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16087", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:52:30", "description": "A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.", "edition": 16, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-01-09T19:29:00", "title": "CVE-2018-16072", "type": "cve", "cwe": ["CWE-346"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16072"], "modified": "2019-10-03T00:03:00", "cpe": [], "id": "CVE-2018-16072", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16072", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:52:32", "description": "Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.", "edition": 16, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2018-11-14T15:29:00", "title": "CVE-2018-17471", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17471"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-17471", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17471", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:30", "description": "Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.", "edition": 15, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-09T19:29:00", "title": "CVE-2018-16076", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16076"], "modified": "2019-01-15T12:48:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0"], "id": "CVE-2018-16076", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16076", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:32", "description": "Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.", "edition": 16, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-11-14T15:29:00", "title": "CVE-2018-17472", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17472"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-17472", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17472", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:30", "description": "An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.", "edition": 15, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-01-09T19:29:00", "title": "CVE-2018-16082", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16082"], "modified": "2019-01-15T17:58:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0"], "id": "CVE-2018-16082", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16082", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:30", "description": "A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "edition": 15, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-01-09T19:29:00", "title": "CVE-2018-16080", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16080"], "modified": "2019-01-18T15:21:00", "cpe": [], "id": "CVE-2018-16080", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16080", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:52:30", "description": "Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "edition": 15, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-01-09T19:29:00", "title": "CVE-2018-16078", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16078"], "modified": "2019-01-29T19:21:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0"], "id": "CVE-2018-16078", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16078", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:30", "description": "The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.", "edition": 15, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-01-09T19:29:00", "title": "CVE-2018-16084", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16084"], "modified": "2019-01-29T18:44:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0"], "id": "CVE-2018-16084", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16084", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:30", "description": "Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page.", "edition": 14, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-06-27T17:15:00", "title": "CVE-2018-16077", "type": "cve", "cwe": ["CWE-285"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16077"], "modified": "2019-07-03T19:55:00", "cpe": [], "id": "CVE-2018-16077", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16077", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "talosblog": [{"lastseen": "2018-10-03T16:22:08", "bulletinFamily": "blog", "cvelist": ["CVE-2018-16076"], "description": "[](<https://2.bp.blogspot.com/-FCZuuOkQcJU/W7TSxxBOUbI/AAAAAAAAAz8/_LMUrwG_OA8RO6saLCcpnXHbDsoKOj4LwCLcBGAs/s1600/image2.png>)\n\n \n_Discovered by Aleksandar Nikolic of Cisco Talos_ \n \n\n\n## Overview\n\n \nCisco Talos is releasing details of a new vulnerability in Google PDFium's JBIG2 library. An exploitable out-of-bounds read on the heap vulnerability exists in the JBIG2-parsing code in Google Chrome, version 67.0.3396.99. A specially crafted PDF document can trigger an out-of-bounds read, which can possibly lead to an information leak. That leak could be used as part of an exploit. An attacker needs to trick the user into visiting a malicious site to trigger the vulnerability. \n \nIn accordance with our coordinated disclosure policy, Cisco Talos has worked with Google to ensure that these issues have been resolved and that an [update](<https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html>) has been made available for affected users. It is recommended that this update is applied as quickly as possible to ensure that systems are no longer affected by this vulnerability. \n \n\n\n## Vulnerability Details\n\n### Google PDFium JBIG2 Image ComposeToOpt2WithRect Information Disclosure Vulnerability (TALOS-2018-0639 / CVE-2018-16076)\n\n### \n\nPDFium is an open-source PDF renderer developed by Google and used extensively in the Chrome browser, as well as other online services and standalone applications. This bug was fixed in the latest Git version, as well as the latest Chromium address sanitizer build available. \n \nA heap buffer overflow is present in the code responsible for decoding a JBIG2 image stream. An attacker needs to provide a specific PDF that describes the JBIG2 image details in order to exploit this vulnerability. Detailed vulnerability information can be found [here](<https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0639>). \n\n\n### Known vulnerable versions\n\n \nGoogle Chrome version 67.0.3396.99 \n \n\n\n[](<https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html>)\n\n \n \n\n\n### Coverage\n\n \nThe following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org. \n \nSnort Rules: [47340 - 47341](<https://snort.org/advisories/585>) \n \n", "modified": "2018-10-03T14:38:17", "published": "2018-10-03T07:38:00", "id": "TALOSBLOG:422DFC1EDEFA7E1E3C3C82D3AD7BD414", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/sgllF6hYC4A/google-pdfium-vuln.html", "type": "talosblog", "title": "Vulnerability Spotlight: Google PDFium JBIG2 Image ComposeToOpt2WithRect Information Disclosure Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "exploitdb": [{"lastseen": "2018-10-07T14:34:27", "description": "WebRTC - FEC Out-of-Bounds Read. CVE-2018-16083. Dos exploit for Multiple platform. Tags: Out Of Bounds", "published": "2018-09-21T00:00:00", "type": "exploitdb", "title": "WebRTC - FEC Out-of-Bounds Read", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-16083"], "modified": "2018-09-21T00:00:00", "id": "EDB-ID:45444", "href": "https://www.exploit-db.com/exploits/45444/", "sourceData": "There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer.\r\n\r\nThis bug causes the following ASAN crash:\r\n\r\n==109993==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61b003b7ff70 at pc 0x55e01a250cd1 bp 0x7fa3af7abc40 sp 0x7fa3af7abc38\r\nREAD of size 1 at 0x61b003b7ff70 thread T15 (Chrome_libJingl)\r\n #0 0x55e01a250cd0 in XorPayloads third_party/webrtc/modules/rtp_rtcp/source/forward_error_correction.cc:615:34\r\n #1 0x55e01a250cd0 in webrtc::ForwardErrorCorrection::RecoverPacket(webrtc::ForwardErrorCorrection::ReceivedFecPacket const&, webrtc::ForwardErrorCorrection::RecoveredPacket*) third_party/webrtc/modules/rtp_rtcp/source/forward_error_correction.cc:630\r\n #2 0x55e01a251162 in webrtc::ForwardErrorCorrection::AttemptRecovery(std::__1::list<std::__1::unique_ptr<webrtc::ForwardErrorCorrection::RecoveredPacket, std::__1::default_delete<webrtc::ForwardErrorCorrection::RecoveredPacket> >, std::__1::allocator<std::__1::unique_ptr<webrtc::ForwardErrorCorrection::RecoveredPacket, std::__1::default_delete<webrtc::ForwardErrorCorrection::RecoveredPacket> > > >*) third_party/webrtc/modules/rtp_rtcp/source/forward_error_correction.cc:652:12\r\n #3 0x55e01a251b12 in webrtc::ForwardErrorCorrection::DecodeFec(webrtc::ForwardErrorCorrection::ReceivedPacket const&, std::__1::list<std::__1::unique_ptr<webrtc::ForwardErrorCorrection::RecoveredPacket, std::__1::default_delete<webrtc::ForwardErrorCorrection::RecoveredPacket> >, std::__1::allocator<std::__1::unique_ptr<webrtc::ForwardErrorCorrection::RecoveredPacket, std::__1::default_delete<webrtc::ForwardErrorCorrection::RecoveredPacket> > > >*) third_party/webrtc/modules/rtp_rtcp/source/forward_error_correction.cc:739:3\r\n #4 0x55e01a4c5595 in webrtc::UlpfecReceiverImpl::ProcessReceivedFec() third_party/webrtc/modules/rtp_rtcp/source/ulpfec_receiver_impl.cc:248:11\r\n #5 0x55e01a4a1bb9 in webrtc::RtpVideoStreamReceiver::ParseAndHandleEncapsulatingHeader(unsigned char const*, unsigned long, webrtc::RTPHeader const&) third_party/webrtc/video/rtp_video_stream_receiver.cc:419:23\r\n #6 0x55e01a49f05b in webrtc::RtpVideoStreamReceiver::ReceivePacket(unsigned char const*, unsigned long, webrtc::RTPHeader const&) third_party/webrtc/video/rtp_video_stream_receiver.cc:390:5\r\n #7 0x55e01a49fcf2 in webrtc::RtpVideoStreamReceiver::OnRtpPacket(webrtc::RtpPacketReceived const&) third_party/webrtc/video/rtp_video_stream_receiver.cc:290:3\r\n #8 0x55e009a368a1 in webrtc::RtpDemuxer::OnRtpPacket(webrtc::RtpPacketReceived const&) third_party/webrtc/call/rtp_demuxer.cc:157:11\r\n #9 0x55e009a3b6e1 in webrtc::RtpStreamReceiverController::OnRtpPacket(webrtc::RtpPacketReceived const&) third_party/webrtc/call/rtp_stream_receiver_controller.cc:55:19\r\n #10 0x55e01a231339 in webrtc::internal::Call::DeliverRtp(webrtc::MediaType, rtc::CopyOnWriteBuffer, webrtc::PacketTime const&) third_party/webrtc/call/call.cc:1321:36\r\n #11 0x55e01a232300 in webrtc::internal::Call::DeliverPacket(webrtc::MediaType, rtc::CopyOnWriteBuffer, webrtc::PacketTime const&) third_party/webrtc/call/call.cc:1361:10\r\n #12 0x55e01a95d341 in cricket::WebRtcVideoChannel::OnPacketReceived(rtc::CopyOnWriteBuffer*, rtc::PacketTime const&) third_party/webrtc/media/engine/webrtcvideoengine.cc:1441:26\r\n #13 0x55e01a1d8dc2 in cricket::BaseChannel::ProcessPacket(bool, rtc::CopyOnWriteBuffer const&, rtc::PacketTime const&) third_party/webrtc/pc/channel.cc\r\n #14 0x55e01a1f6760 in rtc::AsyncInvoker::OnMessage(rtc::Message*) third_party/webrtc/rtc_base/asyncinvoker.cc:45:22\r\n #15 0x55e01a0a6aa1 in jingle_glue::JingleThreadWrapper::Dispatch(rtc::Message*) jingle/glue/thread_wrapper.cc:157:22\r\n #16 0x55e01a0a7d7e in jingle_glue::JingleThreadWrapper::RunTask(int) jingle/glue/thread_wrapper.cc:279:7\r\n #17 0x55e00d52b6f5 in Run base/callback.h:96:12\r\n #18 0x55e00d52b6f5 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101\r\n #19 0x55e00d5881d5 in base::MessageLoop::RunTask(base::PendingTask*) base/message_loop/message_loop.cc:319:25\r\n #20 0x55e00d589444 in DeferOrRunPendingTask base/message_loop/message_loop.cc:329:5\r\n #21 0x55e00d589444 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:373\r\n #22 0x55e00d591acf in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:37:31\r\n #23 0x55e00d600551 in base::RunLoop::Run() base/run_loop.cc:102:14\r\n #24 0x55e00d6878b4 in base::Thread::ThreadMain() base/threading/thread.cc:337:3\r\n #25 0x55e00d73c694 in base::(anonymous namespace)::ThreadFunc(void*) base/threading/platform_thread_posix.cc:76:13\r\n #26 0x7fa3d586f493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)\r\n\r\n0x61b003b7ff70 is located 0 bytes to the right of 1520-byte region [0x61b003b7f980,0x61b003b7ff70)\r\nallocated by thread T15 (Chrome_libJingl) here:\r\n #0 0x55e00607ef92 in operator new(unsigned long) /b/build/slave/linux_upload_clang/build/src/third_party/llvm/compiler-rt/lib/asan/asan_new_delete.cc:93:3\r\n #1 0x55e01a4c3eeb in webrtc::UlpfecReceiverImpl::AddReceivedRedPacket(webrtc::RTPHeader const&, unsigned char const*, unsigned long, unsigned char) third_party/webrtc/modules/rtp_rtcp/source/ulpfec_receiver_impl.cc:101:26\r\n #2 0x55e01a4a1b6f in webrtc::RtpVideoStreamReceiver::ParseAndHandleEncapsulatingHeader(unsigned char const*, unsigned long, webrtc::RTPHeader const&) third_party/webrtc/video/rtp_video_stream_receiver.cc:414:27\r\n #3 0x55e01a49f05b in webrtc::RtpVideoStreamReceiver::ReceivePacket(unsigned char const*, unsigned long, webrtc::RTPHeader const&) third_party/webrtc/video/rtp_video_stream_receiver.cc:390:5\r\n #4 0x55e01a49fcf2 in webrtc::RtpVideoStreamReceiver::OnRtpPacket(webrtc::RtpPacketReceived const&) third_party/webrtc/video/rtp_video_stream_receiver.cc:290:3\r\n #5 0x55e009a368a1 in webrtc::RtpDemuxer::OnRtpPacket(webrtc::RtpPacketReceived const&) third_party/webrtc/call/rtp_demuxer.cc:157:11\r\n #6 0x55e009a3b6e1 in webrtc::RtpStreamReceiverController::OnRtpPacket(webrtc::RtpPacketReceived const&) third_party/webrtc/call/rtp_stream_receiver_controller.cc:55:19\r\n #7 0x55e01a231339 in webrtc::internal::Call::DeliverRtp(webrtc::MediaType, rtc::CopyOnWriteBuffer, webrtc::PacketTime const&) third_party/webrtc/call/call.cc:1321:36\r\n #8 0x55e01a232300 in webrtc::internal::Call::DeliverPacket(webrtc::MediaType, rtc::CopyOnWriteBuffer, webrtc::PacketTime const&) third_party/webrtc/call/call.cc:1361:10\r\n #9 0x55e01a95d341 in cricket::WebRtcVideoChannel::OnPacketReceived(rtc::CopyOnWriteBuffer*, rtc::PacketTime const&) third_party/webrtc/media/engine/webrtcvideoengine.cc:1441:26\r\n #10 0x55e01a1d8dc2 in cricket::BaseChannel::ProcessPacket(bool, rtc::CopyOnWriteBuffer const&, rtc::PacketTime const&) third_party/webrtc/pc/channel.cc\r\n #11 0x55e01a1f6760 in rtc::AsyncInvoker::OnMessage(rtc::Message*) third_party/webrtc/rtc_base/asyncinvoker.cc:45:22\r\n #12 0x55e01a0a6aa1 in jingle_glue::JingleThreadWrapper::Dispatch(rtc::Message*) jingle/glue/thread_wrapper.cc:157:22\r\n #13 0x55e01a0a7d7e in jingle_glue::JingleThreadWrapper::RunTask(int) jingle/glue/thread_wrapper.cc:279:7\r\n #14 0x55e00d52b6f5 in Run base/callback.h:96:12\r\n #15 0x55e00d52b6f5 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101\r\n #16 0x55e00d5881d5 in base::MessageLoop::RunTask(base::PendingTask*) base/message_loop/message_loop.cc:319:25\r\n #17 0x55e00d589444 in DeferOrRunPendingTask base/message_loop/message_loop.cc:329:5\r\n #18 0x55e00d589444 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:373\r\n #19 0x55e00d591acf in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:37:31\r\n #20 0x55e00d600551 in base::RunLoop::Run() base/run_loop.cc:102:14\r\n #21 0x55e00d6878b4 in base::Thread::ThreadMain() base/threading/thread.cc:337:3\r\n #22 0x55e00d73c694 in base::(anonymous namespace)::ThreadFunc(void*) base/threading/platform_thread_posix.cc:76:13\r\n #23 0x7fa3d586f493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)\r\n\r\nThread T15 (Chrome_libJingl) created by T0 (chrome) here:\r\n #0 0x55e00603bb7d in __interceptor_pthread_create /b/build/slave/linux_upload_clang/build/src/third_party/llvm/compiler-rt/lib/asan/asan_interceptors.cc:210:3\r\n #1 0x55e00d73b99e in base::(anonymous namespace)::CreateThread(unsigned long, bool, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) base/threading/platform_thread_posix.cc:115:13\r\n #2 0x55e00d686be9 in base::Thread::StartWithOptions(base::Thread::Options const&) base/threading/thread.cc:112:15\r\n #3 0x55e00d68684b in base::Thread::Start() base/threading/thread.cc:75:10\r\n #4 0x55e01a09ba37 in content::PeerConnectionDependencyFactory::CreatePeerConnectionFactory() content/renderer/media/webrtc/peer_connection_dependency_factory.cc:177:3\r\n #5 0x55e01a09b4d0 in content::PeerConnectionDependencyFactory::GetPcFactory() content/renderer/media/webrtc/peer_connection_dependency_factory.cc:139:5\r\n #6 0x55e01a09df09 in content::PeerConnectionDependencyFactory::CreatePeerConnection(webrtc::PeerConnectionInterface::RTCConfiguration const&, blink::WebLocalFrame*, webrtc::PeerConnectionObserver*) content/renderer/media/webrtc/peer_connection_dependency_factory.cc:340:8\r\n #7 0x55e01aa63b1b in content::RTCPeerConnectionHandler::Initialize(blink::WebRTCConfiguration const&, blink::WebMediaConstraints const&) content/renderer/media/webrtc/rtc_peer_connection_handler.cc:1333:50\r\n #8 0x55e01baafde2 in blink::RTCPeerConnection::RTCPeerConnection(blink::ExecutionContext*, blink::WebRTCConfiguration const&, blink::WebMediaConstraints, blink::ExceptionState&) third_party/blink/renderer/modules/peerconnection/rtc_peer_connection.cc:585:23\r\n #9 0x55e01baaaedc in blink::RTCPeerConnection::Create(blink::ExecutionContext*, blink::RTCConfiguration const&, blink::Dictionary const&, blink::ExceptionState&) third_party/blink/renderer/modules/peerconnection/rtc_peer_connection.cc:518:44\r\n #10 0x55e01bb1ad0b in constructor gen/third_party/blink/renderer/bindings/modules/v8/v8_rtc_peer_connection.cc:1317:29\r\n #11 0x55e01bb1ad0b in blink::V8RTCPeerConnection::constructorCallback(v8::FunctionCallbackInfo<v8::Value> const&) gen/third_party/blink/renderer/bindings/modules/v8/v8_rtc_peer_connection.cc:1667\r\n #12 0x55e00ab4db49 in v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo*) v8/src/api-arguments-inl.h:94:3\r\n #13 0x55e00ab4a4c4 in v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<true>(v8::internal::Isolate*, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::FunctionTemplateInfo>, v8::internal::Handle<v8::internal::Object>, v8::internal::BuiltinArguments) v8/src/builtins/builtins-api.cc:109:36\r\n #14 0x55e00ab48eb3 in v8::internal::Builtin_Impl_HandleApiCall(v8::internal::BuiltinArguments, v8::internal::Isolate*) v8/src/builtins/builtins-api.cc:135:5\r\n #15 0x55e00c2fce0d (/usr/local/google/home/natashenka/chromium3/src/out/asan/chrome+0xde74e0d)\r\n #16 0x55e00c263d3f (/usr/local/google/home/natashenka/chromium3/src/out/asan/chrome+0xdddbd3f)\r\n #17 0x7e9c7b70dd69 (<unknown module>)\r\n #18 0x7e9c7b68868f (<unknown module>)\r\n #19 0x55e00c2618a5 (/usr/local/google/home/natashenka/chromium3/src/out/asan/chrome+0xddd98a5)\r\n #20 0x55e00c263c60 (/usr/local/google/home/natashenka/chromium3/src/out/asan/chrome+0xdddbc60)\r\n #21 0x7e9c7b70dd69 (<unknown module>)\r\n #22 0x7e9c7b68868f (<unknown module>)\r\n #23 0x7e9c7b68868f (<unknown module>)\r\n #24 0x7e9c7b68868f (<unknown module>)\r\n #25 0x55e00c2618a5 (/usr/local/google/home/natashenka/chromium3/src/out/asan/chrome+0xddd98a5)\r\n #26 0x55e00c265722 (/usr/local/google/home/natashenka/chromium3/src/out/asan/chrome+0xdddd722)\r\n #27 0x7e9c7b684820 (<unknown module>)\r\n #28 0x55e00b3b4130 in Call v8/src/simulator.h:113:12\r\n #29 0x55e00b3b4130 in v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::Object>, v8::internal::Execution::MessageHandling, v8::internal::Execution::Target) v8/src/execution.cc:155\r\n #30 0x55e00b3b3993 in CallInternal v8/src/execution.cc:191:10\r\n #31 0x55e00b3b3993 in v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) v8/src/execution.cc:202\r\n #32 0x55e00aa107b4 in v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) v8/src/api.cc:5218:7\r\n #33 0x55e015fe0a61 in blink::V8ScriptRunner::CallFunction(v8::Local<v8::Function>, blink::ExecutionContext*, v8::Local<v8::Value>, int, v8::Local<v8::Value>*, v8::Isolate*) third_party/blink/renderer/bindings/core/v8/v8_script_runner.cc:386:17\r\n #34 0x55e016028398 in blink::V8EventListener::CallListenerFunction(blink::ScriptState*, v8::Local<v8::Value>, blink::Event*) third_party/blink/renderer/bindings/core/v8/v8_event_listener.cc:115:8\r\n #35 0x55e016029a54 in blink::V8AbstractEventListener::InvokeEventHandler(blink::ScriptState*, blink::Event*, v8::Local<v8::Value>) third_party/blink/renderer/bindings/core/v8/v8_abstract_event_listener.cc:171:20\r\n #36 0x55e01602942b in blink::V8AbstractEventListener::HandleEvent(blink::ScriptState*, blink::Event*) third_party/blink/renderer/bindings/core/v8/v8_abstract_event_listener.cc:120:3\r\n #37 0x55e016029103 in blink::V8AbstractEventListener::handleEvent(blink::ExecutionContext*, blink::Event*) third_party/blink/renderer/bindings/core/v8/v8_abstract_event_listener.cc:108:3\r\n #38 0x55e017446ebe in blink::EventTarget::FireEventListeners(blink::Event*, blink::EventTargetData*, blink::HeapVector<blink::RegisteredEventListener, 1ul>&) third_party/blink/renderer/core/dom/events/event_target.cc:804:15\r\n #39 0x55e017445121 in blink::EventTarget::FireEventListeners(blink::Event*) third_party/blink/renderer/core/dom/events/event_target.cc:656:29\r\n #40 0x55e017444d5b in blink::EventTarget::DispatchEventInternal(blink::Event*) third_party/blink/renderer/core/dom/events/event_target.cc:560:41\r\n #41 0x55e017a0de87 in Create third_party/blink/renderer/core/events/progress_event.h:44:16\r\n #42 0x55e017a0de87 in blink::FileReader::FireEvent(WTF::AtomicString const&) third_party/blink/renderer/core/fileapi/file_reader.cc:471\r\n #43 0x55e017a0e6d4 in blink::FileReader::DidFinishLoading() third_party/blink/renderer/core/fileapi/file_reader.cc:427:3\r\n #44 0x55e00a9494ef in blink::mojom::blink::BlobReaderClientStubDispatch::Accept(blink::mojom::blink::BlobReaderClient*, mojo::Message*) gen/third_party/blink/public/mojom/blob/blob.mojom-blink.cc:168:13\r\n #45 0x55e00ea14f7e in mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) mojo/public/cpp/bindings/lib/interface_endpoint_client.cc:419:32\r\n #46 0x55e00ea258b3 in mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::internal::MultiplexRouter::MessageWrapper*, mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*) mojo/public/cpp/bindings/lib/multiplex_router.cc:865:42\r\n #47 0x55e00ea2409e in mojo::internal::MultiplexRouter::Accept(mojo::Message*) mojo/public/cpp/bindings/lib/multiplex_router.cc:589:38\r\n #48 0x55e00ea0efa7 in mojo::Connector::ReadSingleMessage(unsigned int*) mojo/public/cpp/bindings/lib/connector.cc:443:51\r\n #49 0x55e00ea1081c in mojo::Connector::ReadAllAvailableMessages() mojo/public/cpp/bindings/lib/connector.cc:472:10\r\n #50 0x55e00ea00642 in Run base/callback.h:125:12\r\n #51 0x55e00ea00642 in mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) mojo/public/cpp/system/simple_watcher.cc:274\r\n #52 0x55e00d52b6f5 in Run base/callback.h:96:12\r\n #53 0x55e00d52b6f5 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101\r\n #54 0x55e00c4afc95 in base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType) third_party/blink/renderer/platform/scheduler/base/thread_controller_impl.cc:166:21\r\n #55 0x55e00d52b6f5 in Run base/callback.h:96:12\r\n #56 0x55e00d52b6f5 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101\r\n #57 0x55e00d5881d5 in base::MessageLoop::RunTask(base::PendingTask*) base/message_loop/message_loop.cc:319:25\r\n #58 0x55e00d589444 in DeferOrRunPendingTask base/message_loop/message_loop.cc:329:5\r\n #59 0x55e00d589444 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:373\r\n #60 0x55e00d591acf in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:37:31\r\n #61 0x55e00d600551 in base::RunLoop::Run() base/run_loop.cc:102:14\r\n #62 0x55e01bfb0599 in content::RendererMain(content::MainFunctionParams const&) content/renderer/renderer_main.cc:218:23\r\n #63 0x55e00cafbca5 in content::RunZygote(content::ContentMainDelegate*) content/app/content_main_runner_impl.cc:567:14\r\n #64 0x55e00caff751 in content::ContentMainRunnerImpl::Run() content/app/content_main_runner_impl.cc:969:10\r\n #65 0x55e00cb1e6c3 in service_manager::Main(service_manager::MainParams const&) services/service_manager/embedder/main.cc:459:29\r\n #66 0x55e00cafa2d0 in content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:19:10\r\n #67 0x55e006081fe3 in ChromeMain chrome/app/chrome_main.cc:101:12\r\n #68 0x7fa3ceac32b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)\r\n\r\nSUMMARY: AddressSanitizer: heap-buffer-overflow third_party/webrtc/modules/rtp_rtcp/source/forward_error_correction.cc:615:34 in XorPayloads\r\nShadow bytes around the buggy address:\r\n 0x0c3680767f90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c3680767fa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c3680767fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c3680767fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c3680767fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n=>0x0c3680767fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa\r\n 0x0c3680767ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c3680768000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c3680768010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x0c3680768020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x0c3680768030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n Container overflow: fc\r\n Array cookie: ac\r\n Intra object redzone: bb\r\n ASan internal: fe\r\n Left alloca redzone: ca\r\n Right alloca redzone: cb\r\n Shadow gap: cc\r\n==109993==ABORTING\r\n\r\nTo reproduce this issue:\r\n\r\n1) Apply new.patch to a fresh WebRTC tree\r\n2) Build video_replay\r\n3) Download the attached files and run ./video_replay --input_file fec\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/45444.zip", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/45444/"}], "zdt": [{"lastseen": "2018-09-22T13:48:28", "description": "Exploit for multiple platform in category dos / poc", "edition": 1, "published": "2018-09-22T00:00:00", "title": "WebRTC - FEC Out-of-Bounds Read Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-16083"], "modified": "2018-09-22T00:00:00", "id": "1337DAY-ID-31144", "href": "https://0day.today/exploit/description/31144", "sourceData": "There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer.\r\n \r\nThis bug causes the following ASAN crash:\r\n \r\n==109993==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61b003b7ff70 at pc 0x55e01a250cd1 bp 0x7fa3af7abc40 sp 0x7fa3af7abc38\r\nREAD of size 1 at 0x61b003b7ff70 thread T15 (Chrome_libJingl)\r\n #0 0x55e01a250cd0 in XorPayloads third_party/webrtc/modules/rtp_rtcp/source/forward_error_correction.cc:615:34\r\n #1 0x55e01a250cd0 in webrtc::ForwardErrorCorrection::RecoverPacket(webrtc::ForwardErrorCorrection::ReceivedFecPacket const&, webrtc::ForwardErrorCorrection::RecoveredPacket*) third_party/webrtc/modules/rtp_rtcp/source/forward_error_correction.cc:630\r\n #2 0x55e01a251162 in webrtc::ForwardErrorCorrection::AttemptRecovery(std::__1::list<std::__1::unique_ptr<webrtc::ForwardErrorCorrection::RecoveredPacket, std::__1::default_delete<webrtc::ForwardErrorCorrection::RecoveredPacket> >, std::__1::allocator<std::__1::unique_ptr<webrtc::ForwardErrorCorrection::RecoveredPacket, std::__1::default_delete<webrtc::ForwardErrorCorrection::RecoveredPacket> > > >*) third_party/webrtc/modules/rtp_rtcp/source/forward_error_correction.cc:652:12\r\n #3 0x55e01a251b12 in webrtc::ForwardErrorCorrection::DecodeFec(webrtc::ForwardErrorCorrection::ReceivedPacket const&, std::__1::list<std::__1::unique_ptr<webrtc::ForwardErrorCorrection::RecoveredPacket, std::__1::default_delete<webrtc::ForwardErrorCorrection::RecoveredPacket> >, std::__1::allocator<std::__1::unique_ptr<webrtc::ForwardErrorCorrection::RecoveredPacket, std::__1::default_delete<webrtc::ForwardErrorCorrection::RecoveredPacket> > > >*) third_party/webrtc/modules/rtp_rtcp/source/forward_error_correction.cc:739:3\r\n #4 0x55e01a4c5595 in webrtc::UlpfecReceiverImpl::ProcessReceivedFec() third_party/webrtc/modules/rtp_rtcp/source/ulpfec_receiver_impl.cc:248:11\r\n #5 0x55e01a4a1bb9 in webrtc::RtpVideoStreamReceiver::ParseAndHandleEncapsulatingHeader(unsigned char const*, unsigned long, webrtc::RTPHeader const&) third_party/webrtc/video/rtp_video_stream_receiver.cc:419:23\r\n #6 0x55e01a49f05b in webrtc::RtpVideoStreamReceiver::ReceivePacket(unsigned char const*, unsigned long, webrtc::RTPHeader const&) third_party/webrtc/video/rtp_video_stream_receiver.cc:390:5\r\n #7 0x55e01a49fcf2 in webrtc::RtpVideoStreamReceiver::OnRtpPacket(webrtc::RtpPacketReceived const&) third_party/webrtc/video/rtp_video_stream_receiver.cc:290:3\r\n #8 0x55e009a368a1 in webrtc::RtpDemuxer::OnRtpPacket(webrtc::RtpPacketReceived const&) third_party/webrtc/call/rtp_demuxer.cc:157:11\r\n #9 0x55e009a3b6e1 in webrtc::RtpStreamReceiverController::OnRtpPacket(webrtc::RtpPacketReceived const&) third_party/webrtc/call/rtp_stream_receiver_controller.cc:55:19\r\n #10 0x55e01a231339 in webrtc::internal::Call::DeliverRtp(webrtc::MediaType, rtc::CopyOnWriteBuffer, webrtc::PacketTime const&) third_party/webrtc/call/call.cc:1321:36\r\n #11 0x55e01a232300 in webrtc::internal::Call::DeliverPacket(webrtc::MediaType, rtc::CopyOnWriteBuffer, webrtc::PacketTime const&) third_party/webrtc/call/call.cc:1361:10\r\n #12 0x55e01a95d341 in cricket::WebRtcVideoChannel::OnPacketReceived(rtc::CopyOnWriteBuffer*, rtc::PacketTime const&) third_party/webrtc/media/engine/webrtcvideoengine.cc:1441:26\r\n #13 0x55e01a1d8dc2 in cricket::BaseChannel::ProcessPacket(bool, rtc::CopyOnWriteBuffer const&, rtc::PacketTime const&) third_party/webrtc/pc/channel.cc\r\n #14 0x55e01a1f6760 in rtc::AsyncInvoker::OnMessage(rtc::Message*) third_party/webrtc/rtc_base/asyncinvoker.cc:45:22\r\n #15 0x55e01a0a6aa1 in jingle_glue::JingleThreadWrapper::Dispatch(rtc::Message*) jingle/glue/thread_wrapper.cc:157:22\r\n #16 0x55e01a0a7d7e in jingle_glue::JingleThreadWrapper::RunTask(int) jingle/glue/thread_wrapper.cc:279:7\r\n #17 0x55e00d52b6f5 in Run base/callback.h:96:12\r\n #18 0x55e00d52b6f5 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101\r\n #19 0x55e00d5881d5 in base::MessageLoop::RunTask(base::PendingTask*) base/message_loop/message_loop.cc:319:25\r\n #20 0x55e00d589444 in DeferOrRunPendingTask base/message_loop/message_loop.cc:329:5\r\n #21 0x55e00d589444 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:373\r\n #22 0x55e00d591acf in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:37:31\r\n #23 0x55e00d600551 in base::RunLoop::Run() base/run_loop.cc:102:14\r\n #24 0x55e00d6878b4 in base::Thread::ThreadMain() base/threading/thread.cc:337:3\r\n #25 0x55e00d73c694 in base::(anonymous namespace)::ThreadFunc(void*) base/threading/platform_thread_posix.cc:76:13\r\n #26 0x7fa3d586f493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)\r\n \r\n0x61b003b7ff70 is located 0 bytes to the right of 1520-byte region [0x61b003b7f980,0x61b003b7ff70)\r\nallocated by thread T15 (Chrome_libJingl) here:\r\n #0 0x55e00607ef92 in operator new(unsigned long) /b/build/slave/linux_upload_clang/build/src/third_party/llvm/compiler-rt/lib/asan/asan_new_delete.cc:93:3\r\n #1 0x55e01a4c3eeb in webrtc::UlpfecReceiverImpl::AddReceivedRedPacket(webrtc::RTPHeader const&, unsigned char const*, unsigned long, unsigned char) third_party/webrtc/modules/rtp_rtcp/source/ulpfec_receiver_impl.cc:101:26\r\n #2 0x55e01a4a1b6f in webrtc::RtpVideoStreamReceiver::ParseAndHandleEncapsulatingHeader(unsigned char const*, unsigned long, webrtc::RTPHeader const&) third_party/webrtc/video/rtp_video_stream_receiver.cc:414:27\r\n #3 0x55e01a49f05b in webrtc::RtpVideoStreamReceiver::ReceivePacket(unsigned char const*, unsigned long, webrtc::RTPHeader const&) third_party/webrtc/video/rtp_video_stream_receiver.cc:390:5\r\n #4 0x55e01a49fcf2 in webrtc::RtpVideoStreamReceiver::OnRtpPacket(webrtc::RtpPacketReceived const&) third_party/webrtc/video/rtp_video_stream_receiver.cc:290:3\r\n #5 0x55e009a368a1 in webrtc::RtpDemuxer::OnRtpPacket(webrtc::RtpPacketReceived const&) third_party/webrtc/call/rtp_demuxer.cc:157:11\r\n #6 0x55e009a3b6e1 in webrtc::RtpStreamReceiverController::OnRtpPacket(webrtc::RtpPacketReceived const&) third_party/webrtc/call/rtp_stream_receiver_controller.cc:55:19\r\n #7 0x55e01a231339 in webrtc::internal::Call::DeliverRtp(webrtc::MediaType, rtc::CopyOnWriteBuffer, webrtc::PacketTime const&) third_party/webrtc/call/call.cc:1321:36\r\n #8 0x55e01a232300 in webrtc::internal::Call::DeliverPacket(webrtc::MediaType, rtc::CopyOnWriteBuffer, webrtc::PacketTime const&) third_party/webrtc/call/call.cc:1361:10\r\n #9 0x55e01a95d341 in cricket::WebRtcVideoChannel::OnPacketReceived(rtc::CopyOnWriteBuffer*, rtc::PacketTime const&) third_party/webrtc/media/engine/webrtcvideoengine.cc:1441:26\r\n #10 0x55e01a1d8dc2 in cricket::BaseChannel::ProcessPacket(bool, rtc::CopyOnWriteBuffer const&, rtc::PacketTime const&) third_party/webrtc/pc/channel.cc\r\n #11 0x55e01a1f6760 in rtc::AsyncInvoker::OnMessage(rtc::Message*) third_party/webrtc/rtc_base/asyncinvoker.cc:45:22\r\n #12 0x55e01a0a6aa1 in jingle_glue::JingleThreadWrapper::Dispatch(rtc::Message*) jingle/glue/thread_wrapper.cc:157:22\r\n #13 0x55e01a0a7d7e in jingle_glue::JingleThreadWrapper::RunTask(int) jingle/glue/thread_wrapper.cc:279:7\r\n #14 0x55e00d52b6f5 in Run base/callback.h:96:12\r\n #15 0x55e00d52b6f5 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101\r\n #16 0x55e00d5881d5 in base::MessageLoop::RunTask(base::PendingTask*) base/message_loop/message_loop.cc:319:25\r\n #17 0x55e00d589444 in DeferOrRunPendingTask base/message_loop/message_loop.cc:329:5\r\n #18 0x55e00d589444 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:373\r\n #19 0x55e00d591acf in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:37:31\r\n #20 0x55e00d600551 in base::RunLoop::Run() base/run_loop.cc:102:14\r\n #21 0x55e00d6878b4 in base::Thread::ThreadMain() base/threading/thread.cc:337:3\r\n #22 0x55e00d73c694 in base::(anonymous namespace)::ThreadFunc(void*) base/threading/platform_thread_posix.cc:76:13\r\n #23 0x7fa3d586f493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)\r\n \r\nThread T15 (Chrome_libJingl) created by T0 (chrome) here:\r\n #0 0x55e00603bb7d in __interceptor_pthread_create /b/build/slave/linux_upload_clang/build/src/third_party/llvm/compiler-rt/lib/asan/asan_interceptors.cc:210:3\r\n #1 0x55e00d73b99e in base::(anonymous namespace)::CreateThread(unsigned long, bool, base::PlatformThread::Delegate*, base::PlatformThreadHandle*, base::ThreadPriority) base/threading/platform_thread_posix.cc:115:13\r\n #2 0x55e00d686be9 in base::Thread::StartWithOptions(base::Thread::Options const&) base/threading/thread.cc:112:15\r\n #3 0x55e00d68684b in base::Thread::Start() base/threading/thread.cc:75:10\r\n #4 0x55e01a09ba37 in content::PeerConnectionDependencyFactory::CreatePeerConnectionFactory() content/renderer/media/webrtc/peer_connection_dependency_factory.cc:177:3\r\n #5 0x55e01a09b4d0 in content::PeerConnectionDependencyFactory::GetPcFactory() content/renderer/media/webrtc/peer_connection_dependency_factory.cc:139:5\r\n #6 0x55e01a09df09 in content::PeerConnectionDependencyFactory::CreatePeerConnection(webrtc::PeerConnectionInterface::RTCConfiguration const&, blink::WebLocalFrame*, webrtc::PeerConnectionObserver*) content/renderer/media/webrtc/peer_connection_dependency_factory.cc:340:8\r\n #7 0x55e01aa63b1b in content::RTCPeerConnectionHandler::Initialize(blink::WebRTCConfiguration const&, blink::WebMediaConstraints const&) content/renderer/media/webrtc/rtc_peer_connection_handler.cc:1333:50\r\n #8 0x55e01baafde2 in blink::RTCPeerConnection::RTCPeerConnection(blink::ExecutionContext*, blink::WebRTCConfiguration const&, blink::WebMediaConstraints, blink::ExceptionState&) third_party/blink/renderer/modules/peerconnection/rtc_peer_connection.cc:585:23\r\n #9 0x55e01baaaedc in blink::RTCPeerConnection::Create(blink::ExecutionContext*, blink::RTCConfiguration const&, blink::Dictionary const&, blink::ExceptionState&) third_party/blink/renderer/modules/peerconnection/rtc_peer_connection.cc:518:44\r\n #10 0x55e01bb1ad0b in constructor gen/third_party/blink/renderer/bindings/modules/v8/v8_rtc_peer_connection.cc:1317:29\r\n #11 0x55e01bb1ad0b in blink::V8RTCPeerConnection::constructorCallback(v8::FunctionCallbackInfo<v8::Value> const&) gen/third_party/blink/renderer/bindings/modules/v8/v8_rtc_peer_connection.cc:1667\r\n #12 0x55e00ab4db49 in v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo*) v8/src/api-arguments-inl.h:94:3\r\n #13 0x55e00ab4a4c4 in v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<true>(v8::internal::Isolate*, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::FunctionTemplateInfo>, v8::internal::Handle<v8::internal::Object>, v8::internal::BuiltinArguments) v8/src/builtins/builtins-api.cc:109:36\r\n #14 0x55e00ab48eb3 in v8::internal::Builtin_Impl_HandleApiCall(v8::internal::BuiltinArguments, v8::internal::Isolate*) v8/src/builtins/builtins-api.cc:135:5\r\n #15 0x55e00c2fce0d (/usr/local/google/home/natashenka/chromium3/src/out/asan/chrome+0xde74e0d)\r\n #16 0x55e00c263d3f (/usr/local/google/home/natashenka/chromium3/src/out/asan/chrome+0xdddbd3f)\r\n #17 0x7e9c7b70dd69 (<unknown module>)\r\n #18 0x7e9c7b68868f (<unknown module>)\r\n #19 0x55e00c2618a5 (/usr/local/google/home/natashenka/chromium3/src/out/asan/chrome+0xddd98a5)\r\n #20 0x55e00c263c60 (/usr/local/google/home/natashenka/chromium3/src/out/asan/chrome+0xdddbc60)\r\n #21 0x7e9c7b70dd69 (<unknown module>)\r\n #22 0x7e9c7b68868f (<unknown module>)\r\n #23 0x7e9c7b68868f (<unknown module>)\r\n #24 0x7e9c7b68868f (<unknown module>)\r\n #25 0x55e00c2618a5 (/usr/local/google/home/natashenka/chromium3/src/out/asan/chrome+0xddd98a5)\r\n #26 0x55e00c265722 (/usr/local/google/home/natashenka/chromium3/src/out/asan/chrome+0xdddd722)\r\n #27 0x7e9c7b684820 (<unknown module>)\r\n #28 0x55e00b3b4130 in Call v8/src/simulator.h:113:12\r\n #29 0x55e00b3b4130 in v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::Object>, v8::internal::Execution::MessageHandling, v8::internal::Execution::Target) v8/src/execution.cc:155\r\n #30 0x55e00b3b3993 in CallInternal v8/src/execution.cc:191:10\r\n #31 0x55e00b3b3993 in v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) v8/src/execution.cc:202\r\n #32 0x55e00aa107b4 in v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) v8/src/api.cc:5218:7\r\n #33 0x55e015fe0a61 in blink::V8ScriptRunner::CallFunction(v8::Local<v8::Function>, blink::ExecutionContext*, v8::Local<v8::Value>, int, v8::Local<v8::Value>*, v8::Isolate*) third_party/blink/renderer/bindings/core/v8/v8_script_runner.cc:386:17\r\n #34 0x55e016028398 in blink::V8EventListener::CallListenerFunction(blink::ScriptState*, v8::Local<v8::Value>, blink::Event*) third_party/blink/renderer/bindings/core/v8/v8_event_listener.cc:115:8\r\n #35 0x55e016029a54 in blink::V8AbstractEventListener::InvokeEventHandler(blink::ScriptState*, blink::Event*, v8::Local<v8::Value>) third_party/blink/renderer/bindings/core/v8/v8_abstract_event_listener.cc:171:20\r\n #36 0x55e01602942b in blink::V8AbstractEventListener::HandleEvent(blink::ScriptState*, blink::Event*) third_party/blink/renderer/bindings/core/v8/v8_abstract_event_listener.cc:120:3\r\n #37 0x55e016029103 in blink::V8AbstractEventListener::handleEvent(blink::ExecutionContext*, blink::Event*) third_party/blink/renderer/bindings/core/v8/v8_abstract_event_listener.cc:108:3\r\n #38 0x55e017446ebe in blink::EventTarget::FireEventListeners(blink::Event*, blink::EventTargetData*, blink::HeapVector<blink::RegisteredEventListener, 1ul>&) third_party/blink/renderer/core/dom/events/event_target.cc:804:15\r\n #39 0x55e017445121 in blink::EventTarget::FireEventListeners(blink::Event*) third_party/blink/renderer/core/dom/events/event_target.cc:656:29\r\n #40 0x55e017444d5b in blink::EventTarget::DispatchEventInternal(blink::Event*) third_party/blink/renderer/core/dom/events/event_target.cc:560:41\r\n #41 0x55e017a0de87 in Create third_party/blink/renderer/core/events/progress_event.h:44:16\r\n #42 0x55e017a0de87 in blink::FileReader::FireEvent(WTF::AtomicString const&) third_party/blink/renderer/core/fileapi/file_reader.cc:471\r\n #43 0x55e017a0e6d4 in blink::FileReader::DidFinishLoading() third_party/blink/renderer/core/fileapi/file_reader.cc:427:3\r\n #44 0x55e00a9494ef in blink::mojom::blink::BlobReaderClientStubDispatch::Accept(blink::mojom::blink::BlobReaderClient*, mojo::Message*) gen/third_party/blink/public/mojom/blob/blob.mojom-blink.cc:168:13\r\n #45 0x55e00ea14f7e in mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) mojo/public/cpp/bindings/lib/interface_endpoint_client.cc:419:32\r\n #46 0x55e00ea258b3 in mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::internal::MultiplexRouter::MessageWrapper*, mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*) mojo/public/cpp/bindings/lib/multiplex_router.cc:865:42\r\n #47 0x55e00ea2409e in mojo::internal::MultiplexRouter::Accept(mojo::Message*) mojo/public/cpp/bindings/lib/multiplex_router.cc:589:38\r\n #48 0x55e00ea0efa7 in mojo::Connector::ReadSingleMessage(unsigned int*) mojo/public/cpp/bindings/lib/connector.cc:443:51\r\n #49 0x55e00ea1081c in mojo::Connector::ReadAllAvailableMessages() mojo/public/cpp/bindings/lib/connector.cc:472:10\r\n #50 0x55e00ea00642 in Run base/callback.h:125:12\r\n #51 0x55e00ea00642 in mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) mojo/public/cpp/system/simple_watcher.cc:274\r\n #52 0x55e00d52b6f5 in Run base/callback.h:96:12\r\n #53 0x55e00d52b6f5 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101\r\n #54 0x55e00c4afc95 in base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType) third_party/blink/renderer/platform/scheduler/base/thread_controller_impl.cc:166:21\r\n #55 0x55e00d52b6f5 in Run base/callback.h:96:12\r\n #56 0x55e00d52b6f5 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) base/debug/task_annotator.cc:101\r\n #57 0x55e00d5881d5 in base::MessageLoop::RunTask(base::PendingTask*) base/message_loop/message_loop.cc:319:25\r\n #58 0x55e00d589444 in DeferOrRunPendingTask base/message_loop/message_loop.cc:329:5\r\n #59 0x55e00d589444 in base::MessageLoop::DoWork() base/message_loop/message_loop.cc:373\r\n #60 0x55e00d591acf in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) base/message_loop/message_pump_default.cc:37:31\r\n #61 0x55e00d600551 in base::RunLoop::Run() base/run_loop.cc:102:14\r\n #62 0x55e01bfb0599 in content::RendererMain(content::MainFunctionParams const&) content/renderer/renderer_main.cc:218:23\r\n #63 0x55e00cafbca5 in content::RunZygote(content::ContentMainDelegate*) content/app/content_main_runner_impl.cc:567:14\r\n #64 0x55e00caff751 in content::ContentMainRunnerImpl::Run() content/app/content_main_runner_impl.cc:969:10\r\n #65 0x55e00cb1e6c3 in service_manager::Main(service_manager::MainParams const&) services/service_manager/embedder/main.cc:459:29\r\n #66 0x55e00cafa2d0 in content::ContentMain(content::ContentMainParams const&) content/app/content_main.cc:19:10\r\n #67 0x55e006081fe3 in ChromeMain chrome/app/chrome_main.cc:101:12\r\n #68 0x7fa3ceac32b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)\r\n \r\nSUMMARY: AddressSanitizer: heap-buffer-overflow third_party/webrtc/modules/rtp_rtcp/source/forward_error_correction.cc:615:34 in XorPayloads\r\nShadow bytes around the buggy address:\r\n 0x0c3680767f90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c3680767fa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c3680767fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c3680767fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x0c3680767fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n=>0x0c3680767fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa\r\n 0x0c3680767ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c3680768000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c3680768010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x0c3680768020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x0c3680768030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n Container overflow: fc\r\n Array cookie: ac\r\n Intra object redzone: bb\r\n ASan internal: fe\r\n Left alloca redzone: ca\r\n Right alloca redzone: cb\r\n Shadow gap: cc\r\n==109993==ABORTING\r\n \r\nTo reproduce this issue:\r\n \r\n1) Apply new.patch to a fresh WebRTC tree\r\n2) Build video_replay\r\n3) Download the attached files and run ./video_replay --input_file fec\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/45444.zip\n\n# 0day.today [2018-09-22] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/31144"}]}
