Search...

Ubuntu 14.04 LTS / 16.04 LTS : oxide-qt vulnerabilities (USN-3058-1)

2016-09-15T00:00:00

ID UBUNTU_USN-3058-1.NASL
Type nessus
Reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

An issue was discovered in Blink involving the provisional URL for an initially empty document. An attacker could potentially exploit this to spoof the currently displayed URL. (CVE-2016-5141)

A use-after-free was discovered in the WebCrypto implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5142)

It was discovered that the devtools subsystem in Blink mishandles various parameters. An attacker could exploit this to bypass intended access restrictions. (CVE-2016-5143, CVE-2016-5144)

It was discovered that Blink does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5145)

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5146, CVE-2016-5167)

It was discovered that Blink mishandles deferred page loads. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5147)

An issue was discovered in Blink related to widget updates. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5148)

A use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5150)

A use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5153)

It was discovered that Chromium does not correctly validate access to the initial document. An attacker could potentially exploit this to spoof the currently displayed URL. (CVE-2016-5155)

A use-after-free was discovered in the event bindings in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5156)

A type confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5161)

An issue was discovered with the devtools implementation. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5164)

An issue was discovered with the devtools implementation. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-5165).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3058-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# &lt;http://www.ubuntu.com/usn/&gt;. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(93509);
  script_version("2.8");
  script_cvs_date("Date: 2019/09/18 12:31:46");

  script_cve_id("CVE-2016-5141", "CVE-2016-5142", "CVE-2016-5143", "CVE-2016-5144", "CVE-2016-5145", "CVE-2016-5146", "CVE-2016-5147", "CVE-2016-5148", "CVE-2016-5150", "CVE-2016-5153", "CVE-2016-5155", "CVE-2016-5156", "CVE-2016-5161", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5167");
  script_xref(name:"USN", value:"3058-1");

  script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS : oxide-qt vulnerabilities (USN-3058-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An issue was discovered in Blink involving the provisional URL for an
initially empty document. An attacker could potentially exploit this
to spoof the currently displayed URL. (CVE-2016-5141)

A use-after-free was discovered in the WebCrypto implementation in
Blink. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2016-5142)

It was discovered that the devtools subsystem in Blink mishandles
various parameters. An attacker could exploit this to bypass intended
access restrictions. (CVE-2016-5143, CVE-2016-5144)

It was discovered that Blink does not ensure that a taint property is
preserved after a structure-clone operation on an ImageBitmap object
derived from a cross-origin image. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to bypass same origin restrictions. (CVE-2016-5145)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2016-5146, CVE-2016-5167)

It was discovered that Blink mishandles deferred page loads. If a user
were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2016-5147)

An issue was discovered in Blink related to widget updates. If a user
were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2016-5148)

A use-after-free was discovered in Blink. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code. (CVE-2016-5150)

A use-after-free was discovered in Blink. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code. (CVE-2016-5153)

It was discovered that Chromium does not correctly validate access to
the initial document. An attacker could potentially exploit this to
spoof the currently displayed URL. (CVE-2016-5155)

A use-after-free was discovered in the event bindings in Blink. If a
user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service
via application crash, or execute arbitrary code. (CVE-2016-5156)

A type confusion bug was discovered in Blink. If a user were tricked
in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-5161)

An issue was discovered with the devtools implementation. An attacker
could potentially exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2016-5164)

An issue was discovered with the devtools implementation. An attacker
could potentially exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2016-5165).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3058-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected liboxideqtcore0 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(14\.04|16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"14.04", pkgname:"liboxideqtcore0", pkgver:"1.17.7-0ubuntu0.14.04.1")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"liboxideqtcore0", pkgver:"1.17.7-0ubuntu0.16.04.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "liboxideqtcore0");
}

JSON Vulners Source

Initial Source

{"id": "UBUNTU_USN-3058-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 14.04 LTS / 16.04 LTS : oxide-qt vulnerabilities (USN-3058-1)", "description": "An issue was discovered in Blink involving the provisional URL for an\ninitially empty document. An attacker could potentially exploit this\nto spoof the currently displayed URL. (CVE-2016-5141)\n\nA use-after-free was discovered in the WebCrypto implementation in\nBlink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5142)\n\nIt was discovered that the devtools subsystem in Blink mishandles\nvarious parameters. An attacker could exploit this to bypass intended\naccess restrictions. (CVE-2016-5143, CVE-2016-5144)\n\nIt was discovered that Blink does not ensure that a taint property is\npreserved after a structure-clone operation on an ImageBitmap object\nderived from a cross-origin image. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to bypass same origin restrictions. (CVE-2016-5145)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5146, CVE-2016-5167)\n\nIt was discovered that Blink mishandles deferred page loads. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to conduct cross-site scripting (XSS)\nattacks. (CVE-2016-5147)\n\nAn issue was discovered in Blink related to widget updates. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to conduct cross-site scripting (XSS)\nattacks. (CVE-2016-5148)\n\nA use-after-free was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application crash, or\nexecute arbitrary code. (CVE-2016-5150)\n\nA use-after-free was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application crash, or\nexecute arbitrary code. (CVE-2016-5153)\n\nIt was discovered that Chromium does not correctly validate access to\nthe initial document. An attacker could potentially exploit this to\nspoof the currently displayed URL. (CVE-2016-5155)\n\nA use-after-free was discovered in the event bindings in Blink. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5156)\n\nA type confusion bug was discovered in Blink. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5161)\n\nAn issue was discovered with the devtools implementation. An attacker\ncould potentially exploit this to conduct cross-site scripting (XSS)\nattacks. (CVE-2016-5164)\n\nAn issue was discovered with the devtools implementation. An attacker\ncould potentially exploit this to conduct cross-site scripting (XSS)\nattacks. (CVE-2016-5165).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2016-09-15T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/93509", "reporter": "Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://usn.ubuntu.com/3058-1/"], "cvelist": ["CVE-2016-5142", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5144", "CVE-2016-5156", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5161", "CVE-2016-5146", "CVE-2016-5147", "CVE-2016-5145", "CVE-2016-5167", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5150"], "type": "nessus", "lastseen": "2021-01-01T06:43:56", "edition": 27, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310851376", "OPENVAS:1361412562310808295", "OPENVAS:703645", "OPENVAS:1361412562310703645", "OPENVAS:1361412562310808296", "OPENVAS:1361412562310809113", "OPENVAS:703660", "OPENVAS:1361412562310871995", "OPENVAS:1361412562310842884", "OPENVAS:1361412562310807352"]}, {"type": "ubuntu", "idList": ["USN-3058-1"]}, {"type": "kaspersky", "idList": ["KLA10850", "KLA10865"]}, {"type": "cve", "idList": ["CVE-2016-5148", "CVE-2016-5147", "CVE-2016-5150", "CVE-2016-5144", "CVE-2016-5153", "CVE-2016-5142", "CVE-2016-5167", "CVE-2016-5143", "CVE-2016-5141", "CVE-2016-5164"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3660.NASL", "DEBIAN_DSA-3645.NASL", "FREEBSD_PKG_958B9CEE79DA11E6BF753065EC8FD3EC.NASL", "REDHAT-RHSA-2016-1580.NASL", "OPENSUSE-2016-950.NASL", "FEDORA_2016-EEC838A3A0.NASL", "MACOSX_GOOGLE_CHROME_52_0_2743_116.NASL", "FEDORA_2016-E9798EAAA3.NASL", "FEDORA_2016-BF8C64A060.NASL", "GOOGLE_CHROME_52_0_2743_116.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2296-1", "OPENSUSE-SU-2016:1983-1", "SUSE-SU-2016:2251-1", "OPENSUSE-SU-2016:1982-1", "OPENSUSE-SU-2016:2250-1"]}, {"type": "freebsd", "idList": ["769BA449-79E1-11E6-BF75-3065EC8FD3EC", "958B9CEE-79DA-11E6-BF75-3065EC8FD3EC"]}, {"type": "archlinux", "idList": ["ASA-201608-16", "ASA-201612-18", "ASA-201609-1"]}, {"type": "redhat", "idList": ["RHSA-2016:1580", "RHSA-2016:1854"]}, {"type": "fedora", "idList": ["FEDORA:A3BAB60A587D", "FEDORA:E587460A98E0", "FEDORA:0427F60776C9", "FEDORA:E68A1603A526", "FEDORA:9564E60FAFF7"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3660-1:1027C", "DEBIAN:DSA-3645-1:C2CC4"]}, {"type": "threatpost", "idList": ["THREATPOST:9D62A191FD1560CDB2BAB98249AC99F1"]}, {"type": "gentoo", "idList": ["GLSA-201610-09"]}, {"type": "zdi", "idList": ["ZDI-16-501"]}], "modified": "2021-01-01T06:43:56", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-01-01T06:43:56", "rev": 2}, "vulnersScore": 8.7}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3058-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93509);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-5141\", \"CVE-2016-5142\", \"CVE-2016-5143\", \"CVE-2016-5144\", \"CVE-2016-5145\", \"CVE-2016-5146\", \"CVE-2016-5147\", \"CVE-2016-5148\", \"CVE-2016-5150\", \"CVE-2016-5153\", \"CVE-2016-5155\", \"CVE-2016-5156\", \"CVE-2016-5161\", \"CVE-2016-5164\", \"CVE-2016-5165\", \"CVE-2016-5167\");\n script_xref(name:\"USN\", value:\"3058-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS : oxide-qt vulnerabilities (USN-3058-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An issue was discovered in Blink involving the provisional URL for an\ninitially empty document. An attacker could potentially exploit this\nto spoof the currently displayed URL. (CVE-2016-5141)\n\nA use-after-free was discovered in the WebCrypto implementation in\nBlink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5142)\n\nIt was discovered that the devtools subsystem in Blink mishandles\nvarious parameters. An attacker could exploit this to bypass intended\naccess restrictions. (CVE-2016-5143, CVE-2016-5144)\n\nIt was discovered that Blink does not ensure that a taint property is\npreserved after a structure-clone operation on an ImageBitmap object\nderived from a cross-origin image. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to bypass same origin restrictions. (CVE-2016-5145)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5146, CVE-2016-5167)\n\nIt was discovered that Blink mishandles deferred page loads. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to conduct cross-site scripting (XSS)\nattacks. (CVE-2016-5147)\n\nAn issue was discovered in Blink related to widget updates. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to conduct cross-site scripting (XSS)\nattacks. (CVE-2016-5148)\n\nA use-after-free was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application crash, or\nexecute arbitrary code. (CVE-2016-5150)\n\nA use-after-free was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application crash, or\nexecute arbitrary code. (CVE-2016-5153)\n\nIt was discovered that Chromium does not correctly validate access to\nthe initial document. An attacker could potentially exploit this to\nspoof the currently displayed URL. (CVE-2016-5155)\n\nA use-after-free was discovered in the event bindings in Blink. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5156)\n\nA type confusion bug was discovered in Blink. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-5161)\n\nAn issue was discovered with the devtools implementation. An attacker\ncould potentially exploit this to conduct cross-site scripting (XSS)\nattacks. (CVE-2016-5164)\n\nAn issue was discovered with the devtools implementation. An attacker\ncould potentially exploit this to conduct cross-site scripting (XSS)\nattacks. (CVE-2016-5165).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3058-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liboxideqtcore0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.17.7-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.17.7-0ubuntu0.16.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "93509", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0", "cpe:/o:canonical:ubuntu_linux:14.04"], "scheme": null, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}

{"ubuntu": [{"lastseen": "2020-07-02T11:37:22", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5142", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5144", "CVE-2016-5156", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5161", "CVE-2016-5146", "CVE-2016-5147", "CVE-2016-5145", "CVE-2016-5167", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5150"], "description": "An issue was discovered in Blink involving the provisional URL for an \ninitially empty document. An attacker could potentially exploit this to \nspoof the currently displayed URL. (CVE-2016-5141)\n\nA use-after-free was discovered in the WebCrypto implementation in Blink. \nIf a user were tricked in to opening a specially crafted website, an \nattacker could potentially exploit this to cause a denial of service via \napplication crash, or execute arbitrary code. (CVE-2016-5142)\n\nIt was discovered that the devtools subsystem in Blink mishandles various \nparameters. An attacker could exploit this to bypass intended access \nrestrictions. (CVE-2016-5143, CVE-2016-5144)\n\nIt was discovered that Blink does not ensure that a taint property is \npreserved after a structure-clone operation on an ImageBitmap object \nderived from a cross-origin image. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit this to \nbypass same origin restrictions. (CVE-2016-5145)\n\nMultiple security issues were discovered in Chromium. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to read uninitialized memory, cause a denial \nof service via application crash, or execute arbitrary code. \n(CVE-2016-5146, CVE-2016-5167)\n\nIt was discovered that Blink mishandles deferred page loads. If a user \nwere tricked in to opening a specially crafted website, an attacker could \npotentially exploit this to conduct cross-site scripting (XSS) attacks. \n(CVE-2016-5147)\n\nAn issue was discovered in Blink related to widget updates. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to conduct cross-site scripting (XSS) attacks. \n(CVE-2016-5148)\n\nA use-after-free was discovered in Blink. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to cause a denial of service via application crash, or execute \narbitrary code. (CVE-2016-5150)\n\nA use-after-free was discovered in Blink. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to cause a denial of service via application crash, or execute \narbitrary code. (CVE-2016-5153)\n\nIt was discovered that Chromium does not correctly validate access to the \ninitial document. An attacker could potentially exploit this to spoof the \ncurrently displayed URL. (CVE-2016-5155)\n\nA use-after-free was discovered in the event bindings in Blink. If a user \nwere tricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via application \ncrash, or execute arbitrary code. (CVE-2016-5156)\n\nA type confusion bug was discovered in Blink. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to cause a denial of service via application crash, or execute \narbitrary code. (CVE-2016-5161)\n\nAn issue was discovered with the devtools implementation. An attacker \ncould potentially exploit this to conduct cross-site scripting (XSS) \nattacks. (CVE-2016-5164)\n\nAn issue was discovered with the devtools implementation. An attacker \ncould potentially exploit this to conduct cross-site scripting (XSS) \nattacks. (CVE-2016-5165)", "edition": 5, "modified": "2016-09-14T00:00:00", "published": "2016-09-14T00:00:00", "id": "USN-3058-1", "href": "https://ubuntu.com/security/notices/USN-3058-1", "title": "Oxide vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:35:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5144", "CVE-2016-5156", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5161", "CVE-2016-5146", "CVE-2016-5147", "CVE-2016-5145", "CVE-2016-5167", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5150"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-09-15T00:00:00", "id": "OPENVAS:1361412562310842884", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842884", "type": "openvas", "title": "Ubuntu Update for oxide-qt USN-3058-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for oxide-qt USN-3058-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842884\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-15 05:47:25 +0200 (Thu, 15 Sep 2016)\");\n script_cve_id(\"CVE-2016-5141\", \"CVE-2016-5142\", \"CVE-2016-5143\", \"CVE-2016-5144\",\n\t\t\"CVE-2016-5145\", \"CVE-2016-5146\", \"CVE-2016-5167\", \"CVE-2016-5147\",\n\t\t\"CVE-2016-5148\", \"CVE-2016-5150\", \"CVE-2016-5153\", \"CVE-2016-5155\",\n\t\t\"CVE-2016-5156\", \"CVE-2016-5161\", \"CVE-2016-5164\", \"CVE-2016-5165\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for oxide-qt USN-3058-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"An issue was discovered in Blink involving\n the provisional URL for an initially empty document. An attacker could potentially\n exploit this to spoof the currently displayed URL. (CVE-2016-5141)\n\nA use-after-free was discovered in the WebCrypto implementation in Blink.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2016-5142)\n\nIt was discovered that the devtools subsystem in Blink mishandles various\nparameters. An attacker could exploit this to bypass intended access\nrestrictions. (CVE-2016-5143, CVE-2016-5144)\n\nIt was discovered that Blink does not ensure that a taint property is\npreserved after a structure-clone operation on an ImageBitmap object\nderived from a cross-origin image. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\nbypass same origin restrictions. (CVE-2016-5145)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-5146, CVE-2016-5167)\n\nIt was discovered that Blink mishandles deferred page loads. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to conduct cross-site scripting (XSS) attacks.\n(CVE-2016-5147)\n\nAn issue was discovered in Blink related to widget updates. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to conduct cross-site scripting (XSS) attacks.\n(CVE-2016-5148)\n\nA use-after-free was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5150)\n\nA use-after-free was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via application crash, or execute\narbitrary code. (CVE-2016-5153)\n\nIt was discovered that Chromium does not correctly validate access to the\ninitial document. An attacker could potentially exploit this to spoof the\ncurrently displayed URL. (CVE-2016-5155)\n\nA use-after-free was discovered in the event bindings in Blink. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially ex ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3058-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3058-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.17.7-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.17.7-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.17.7-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.17.7-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:11:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145", "CVE-2016-5139"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-08-04T00:00:00", "id": "OPENVAS:1361412562310808296", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808296", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2016-08)-MAC OS X", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2016-08)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808296\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-5141\", \"CVE-2016-5142\", \"CVE-2016-5139\", \"CVE-2016-5140\",\n \"CVE-2016-5145\", \"CVE-2016-5143\", \"CVE-2016-5144\", \"CVE-2016-5146\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 15:10:25 +0530 (Thu, 04 Aug 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2016-08)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An address bar spoofing vulnerability.\n\n - An use-after-free error in Blink.\n\n - Multiple heap overflow errors in pdfium.\n\n - A same origin bypass error for images in Blink.\n\n - Parameter sanitization failure in DevTools.\n\n - The various fixes from internal audits, fuzzing and other initiatives.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to conduct spoofing attacks on a\n targeted system, to bypass security, to corrupt memory, to execute arbitrary\n code and to cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 52.0.2743.116 on MAC OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 52.0.2743.116 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/08/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"52.0.2743.116\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"52.0.2743.116\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:11:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145", "CVE-2016-5139"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-08-04T00:00:00", "id": "OPENVAS:1361412562310807352", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807352", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2016-08)-Windows", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2016-08)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807352\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-5141\", \"CVE-2016-5142\", \"CVE-2016-5139\", \"CVE-2016-5140\",\n \"CVE-2016-5145\", \"CVE-2016-5143\", \"CVE-2016-5144\", \"CVE-2016-5146\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 15:10:25 +0530 (Thu, 04 Aug 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2016-08)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An address bar spoofing vulnerability.\n\n - An use-after-free error in Blink.\n\n - Multiple heap overflow errors in pdfium.\n\n - A same origin bypass error for images in Blink.\n\n - Parameter sanitization failure in DevTools.\n\n - The various fixes from internal audits, fuzzing and other initiatives.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to conduct spoofing attacks on a\n targeted system, to bypass security, to corrupt memory, to execute arbitrary\n code and to cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 52.0.2743.116 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 52.0.2743.116 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/08/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"52.0.2743.116\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"52.0.2743.116\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:11:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145", "CVE-2016-5139"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-08-04T00:00:00", "id": "OPENVAS:1361412562310808295", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808295", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2016-08)-Linux", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2016-08)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808295\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-5141\", \"CVE-2016-5142\", \"CVE-2016-5139\", \"CVE-2016-5140\",\n \"CVE-2016-5145\", \"CVE-2016-5143\", \"CVE-2016-5144\", \"CVE-2016-5146\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 15:10:25 +0530 (Thu, 04 Aug 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2016-08)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An address bar spoofing vulnerability.\n\n - An use-after-free error in Blink.\n\n - Multiple heap overflow errors in pdfium.\n\n - A same origin bypass error for images in Blink.\n\n - Parameter sanitization failure in DevTools.\n\n - The various fixes from internal audits, fuzzing and other initiatives.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to conduct spoofing attacks on a\n targeted system, to bypass security, to corrupt memory, to execute arbitrary\n code and to cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 52.0.2743.116 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 52.0.2743.116 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/08/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"52.0.2743.116\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"52.0.2743.116\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:35:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145", "CVE-2016-5139"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-08-08T00:00:00", "id": "OPENVAS:1361412562310851376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851376", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1982-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851376\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-08 05:37:51 +0200 (Mon, 08 Aug 2016)\");\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5140\", \"CVE-2016-5141\", \"CVE-2016-5142\",\n \"CVE-2016-5143\", \"CVE-2016-5144\", \"CVE-2016-5145\", \"CVE-2016-5146\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1982-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium was updated to 52.0.2743.116 to fix the following security\n issues: (boo#992305)\n\n - CVE-2016-5141: Address bar spoofing (boo#992314)\n\n - CVE-2016-5142: Use-after-free in Blink (boo#992313)\n\n - CVE-2016-5139: Heap overflow in pdfium (boo#992311)\n\n - CVE-2016-5140: Heap overflow in pdfium (boo#992310)\n\n - CVE-2016-5145: Same origin bypass for images in Blink (boo#992320)\n\n - CVE-2016-5143: Parameter sanitization failure in DevTools (boo#992319)\n\n - CVE-2016-5144: Parameter sanitization failure in DevTools (boo#992315)\n\n - CVE-2016-5146: Various fixes from internal audits, fuzzing and other\n initiatives (boo#992309)\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1982-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~52.0.2743.116~114.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~52.0.2743.116~114.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~52.0.2743.116~114.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~52.0.2743.116~114.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~52.0.2743.116~114.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5145", "CVE-2016-5139"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-13T00:00:00", "id": "OPENVAS:1361412562310809113", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809113", "type": "openvas", "title": "Fedora Update for chromium FEDORA-2016-e9798eaaa3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chromium FEDORA-2016-e9798eaaa3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809113\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-13 06:03:15 +0200 (Sat, 13 Aug 2016)\");\n script_cve_id(\"CVE-2016-5141\", \"CVE-2016-5142\", \"CVE-2016-5139\", \"CVE-2016-5140\", \"CVE-2016-5145\", \"CVE-2016-5143\", \"CVE-2016-5144\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for chromium FEDORA-2016-e9798eaaa3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"chromium on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-e9798eaaa3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~52.0.2743.116~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5139"], "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-5139\nGiWan Go discovered a use-after-free issue in the pdfium library.\n\nCVE-2016-5140\nKe Liu discovered a use-after-free issue in the pdfium library.\n\nCVE-2016-5141\nSergey Glazunov discovered a URL spoofing issue.\n\nCVE-2016-5142\nSergey Glazunov discovered a use-after-free issue.\n\nCVE-2016-5143\nGregory Panakkal discovered an issue in the developer tools.\n\nCVE-2016-5144\nGregory Panakkal discovered another issue in the developer tools.\n\nCVE-2016-5146\nThe chrome development team found and fixed various issues during\ninternal auditing.", "modified": "2019-03-18T00:00:00", "published": "2016-08-09T00:00:00", "id": "OPENVAS:1361412562310703645", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703645", "type": "openvas", "title": "Debian Security Advisory DSA 3645-1 (chromium-browser - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3645.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3645-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703645\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5140\", \"CVE-2016-5141\", \"CVE-2016-5142\",\n \"CVE-2016-5143\", \"CVE-2016-5144\", \"CVE-2016-5146\");\n script_name(\"Debian Security Advisory DSA 3645-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-09 00:00:00 +0200 (Tue, 09 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3645.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 52.0.2743.116-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 52.0.2743.116-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-5139\nGiWan Go discovered a use-after-free issue in the pdfium library.\n\nCVE-2016-5140\nKe Liu discovered a use-after-free issue in the pdfium library.\n\nCVE-2016-5141\nSergey Glazunov discovered a URL spoofing issue.\n\nCVE-2016-5142\nSergey Glazunov discovered a use-after-free issue.\n\nCVE-2016-5143\nGregory Panakkal discovered an issue in the developer tools.\n\nCVE-2016-5144\nGregory Panakkal discovered another issue in the developer tools.\n\nCVE-2016-5146\nThe chrome development team found and fixed various issues during\ninternal auditing.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.116-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.116-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"52.0.2743.116-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"52.0.2743.116-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.116-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-10-30T10:52:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5139"], "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-5139 \nGiWan Go discovered a use-after-free issue in the pdfium library.\n\nCVE-2016-5140 \nKe Liu discovered a use-after-free issue in the pdfium library.\n\nCVE-2016-5141 \nSergey Glazunov discovered a URL spoofing issue.\n\nCVE-2016-5142 \nSergey Glazunov discovered a use-after-free issue.\n\nCVE-2016-5143 \nGregory Panakkal discovered an issue in the developer tools.\n\nCVE-2016-5144 \nGregory Panakkal discovered another issue in the developer tools.\n\nCVE-2016-5146 \nThe chrome development team found and fixed various issues during\ninternal auditing.", "modified": "2017-10-26T00:00:00", "published": "2016-08-09T00:00:00", "id": "OPENVAS:703645", "href": "http://plugins.openvas.org/nasl.php?oid=703645", "type": "openvas", "title": "Debian Security Advisory DSA 3645-1 (chromium-browser - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3645.nasl 7585 2017-10-26 15:03:01Z cfischer $\n# Auto-generated from advisory DSA 3645-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703645);\n script_version(\"$Revision: 7585 $\");\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5140\", \"CVE-2016-5141\", \"CVE-2016-5142\",\n \"CVE-2016-5143\", \"CVE-2016-5144\", \"CVE-2016-5146\");\n script_name(\"Debian Security Advisory DSA 3645-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-10-26 17:03:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-08-09 00:00:00 +0200 (Tue, 09 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3645.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 52.0.2743.116-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 52.0.2743.116-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-5139 \nGiWan Go discovered a use-after-free issue in the pdfium library.\n\nCVE-2016-5140 \nKe Liu discovered a use-after-free issue in the pdfium library.\n\nCVE-2016-5141 \nSergey Glazunov discovered a URL spoofing issue.\n\nCVE-2016-5142 \nSergey Glazunov discovered a use-after-free issue.\n\nCVE-2016-5143 \nGregory Panakkal discovered an issue in the developer tools.\n\nCVE-2016-5144 \nGregory Panakkal discovered another issue in the developer tools.\n\nCVE-2016-5146 \nThe chrome development team found and fixed various issues during\ninternal auditing.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.116-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.116-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"52.0.2743.116-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"52.0.2743.116-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.116-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5158", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5162", "CVE-2016-5156", "CVE-2016-5154", "CVE-2016-5151", "CVE-2016-5163", "CVE-2016-5161", "CVE-2016-5147", "CVE-2016-5160", "CVE-2016-5167", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5157", "CVE-2016-5150", "CVE-2016-5149", "CVE-2016-5152", "CVE-2016-5166", "CVE-2016-5159"], "description": "Several vulnerabilities have been\n discovered in the chromium web browser.\n\nCVE-2016-5147\nA cross-site scripting issue was discovered.\n\nCVE-2016-5148\nAnother cross-site scripting issue was discovered.\n\nCVE-2016-5149\nMax Justicz discovered a script injection issue in extension handling.\n\nCVE-2016-5150\nA use-after-free issue was discovered in Blink/Webkit.\n\nCVE-2016-5151\nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5152\nGiWan Go discovered a heap overflow issue in the pdfium library.\n\nCVE-2016-5153\nAtte Kettunen discovered a use-after-destruction issue.\n\nCVE-2016-5154\nA heap overflow issue was discovered in the pdfium library.\n\nCVE-2016-5155\nAn address bar spoofing issue was discovered.\n\nCVE-2016-5156\njinmo123 discovered a use-after-free issue.\n\nCVE-2016-5157\nA heap overflow issue was discovered in the pdfium library.\n\nCVE-2016-5158\nGiWan Go discovered a heap overflow issue in the pdfium library.\n\nCVE-2016-5159\nGiWan Go discovered another heap overflow issue in the pdfium library.\n\nCVE-2016-5160\nl33terally discovered an extensions resource bypass.\n\nCVE-2016-5161\nA type confusion issue was discovered.\n\nCVE-2016-5162\nNicolas Golubovic discovered an extensions resource bypass.\n\nCVE-2016-5163\nRafay Baloch discovered an address bar spoofing issue.\n\nCVE-2016-5164\nA cross-site scripting issue was discovered in the developer tools.\n\nCVE-2016-5165\nGregory Panakkal discovered a script injection issue in the developer\ntools.\n\nCVE-2016-5166\nGregory Panakkal discovered an issue with the Save Page As feature.\n\nCVE-2016-5167\nThe chrome development team found and fixed various issues during\ninternal auditing.", "modified": "2019-03-18T00:00:00", "published": "2016-09-05T00:00:00", "id": "OPENVAS:1361412562310703660", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703660", "type": "openvas", "title": "Debian Security Advisory DSA 3660-1 (chromium-browser - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3660.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3660-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703660\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-5147\", \"CVE-2016-5148\", \"CVE-2016-5149\", \"CVE-2016-5150\",\n\t\t \"CVE-2016-5151\", \"CVE-2016-5152\", \"CVE-2016-5153\", \"CVE-2016-5154\",\n\t\t \"CVE-2016-5155\", \"CVE-2016-5156\", \"CVE-2016-5157\", \"CVE-2016-5158\",\n\t\t \"CVE-2016-5159\", \"CVE-2016-5160\", \"CVE-2016-5161\", \"CVE-2016-5162\",\n\t\t \"CVE-2016-5163\", \"CVE-2016-5164\", \"CVE-2016-5165\", \"CVE-2016-5166\",\n \t\t \"CVE-2016-5167\");\n script_name(\"Debian Security Advisory DSA 3660-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-05 00:00:00 +0200 (Mon, 05 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3660.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\n these problems have been fixed in version 53.0.2785.89-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 53.0.2785.89-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\n discovered in the chromium web browser.\n\nCVE-2016-5147\nA cross-site scripting issue was discovered.\n\nCVE-2016-5148\nAnother cross-site scripting issue was discovered.\n\nCVE-2016-5149\nMax Justicz discovered a script injection issue in extension handling.\n\nCVE-2016-5150\nA use-after-free issue was discovered in Blink/Webkit.\n\nCVE-2016-5151\nA use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5152\nGiWan Go discovered a heap overflow issue in the pdfium library.\n\nCVE-2016-5153\nAtte Kettunen discovered a use-after-destruction issue.\n\nCVE-2016-5154\nA heap overflow issue was discovered in the pdfium library.\n\nCVE-2016-5155\nAn address bar spoofing issue was discovered.\n\nCVE-2016-5156\njinmo123 discovered a use-after-free issue.\n\nCVE-2016-5157\nA heap overflow issue was discovered in the pdfium library.\n\nCVE-2016-5158\nGiWan Go discovered a heap overflow issue in the pdfium library.\n\nCVE-2016-5159\nGiWan Go discovered another heap overflow issue in the pdfium library.\n\nCVE-2016-5160\nl33terally discovered an extensions resource bypass.\n\nCVE-2016-5161\nA type confusion issue was discovered.\n\nCVE-2016-5162\nNicolas Golubovic discovered an extensions resource bypass.\n\nCVE-2016-5163\nRafay Baloch discovered an address bar spoofing issue.\n\nCVE-2016-5164\nA cross-site scripting issue was discovered in the developer tools.\n\nCVE-2016-5165\nGregory Panakkal discovered a script injection issue in the developer\ntools.\n\nCVE-2016-5166\nGregory Panakkal discovered an issue with the Save Page As feature.\n\nCVE-2016-5167\nThe chrome development team found and fixed various issues during\ninternal auditing.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"53.0.2785.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"53.0.2785.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"53.0.2785.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"53.0.2785.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"53.0.2785.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5158", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5162", "CVE-2016-5156", "CVE-2016-5154", "CVE-2016-5151", "CVE-2016-5163", "CVE-2016-5161", "CVE-2016-5147", "CVE-2016-5160", "CVE-2016-5167", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5157", "CVE-2016-5150", "CVE-2016-5149", "CVE-2016-5152", "CVE-2016-5166", "CVE-2016-5159"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871995", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871995", "type": "openvas", "title": "Fedora Update for chromium FEDORA-2016-eec838a3a0", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chromium FEDORA-2016-eec838a3a0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871995\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:23:25 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-5147\", \"CVE-2016-5148\", \"CVE-2016-5149\", \"CVE-2016-5150\", \"CVE-2016-5151\", \"CVE-2016-5152\", \"CVE-2016-5153\", \"CVE-2016-5154\", \"CVE-2016-5155\", \"CVE-2016-5156\", \"CVE-2016-5157\", \"CVE-2016-5158\", \"CVE-2016-5159\", \"CVE-2016-5161\", \"CVE-2016-5162\", \"CVE-2016-5163\", \"CVE-2016-5164\", \"CVE-2016-5165\", \"CVE-2016-5166\", \"CVE-2016-5160\", \"CVE-2016-5167\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for chromium FEDORA-2016-eec838a3a0\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"chromium on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-eec838a3a0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKSQPLVSIIMPUHTNNAFKQYBZM4W7NP7U\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~53.0.2785.101~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:52:57", "bulletinFamily": "info", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145"], "description": "### *Detect date*:\n08/03/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, bypass security restrictions or conduct another unknown impact.\n\n### *Affected products*:\nGoogle Chrome verions earlier than 52.0.2743.116 (All branches)\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Google Chrome](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Google Chrome releases blog](<http://feedproxy.google.com/~r/GoogleChromeReleases/~3/A9uR_1fkE0s/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2016-5146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5146>)7.5Critical \n[CVE-2016-5145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5145>)6.8High \n[CVE-2016-5144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5144>)7.5Critical \n[CVE-2016-5143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5143>)7.5Critical \n[CVE-2016-5142](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5142>)7.5Critical \n[CVE-2016-5141](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5141>)5.0Critical \n[CVE-2016-5140](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5140>)7.5Critical", "edition": 42, "modified": "2020-05-22T00:00:00", "published": "2016-08-03T00:00:00", "id": "KLA10850", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10850", "title": "\r KLA10850Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-02T11:43:40", "bulletinFamily": "info", "cvelist": ["CVE-2016-5158", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5162", "CVE-2016-5156", "CVE-2016-5154", "CVE-2016-5151", "CVE-2016-5163", "CVE-2016-5161", "CVE-2016-5147", "CVE-2016-5160", "CVE-2016-5167", "CVE-2016-7395", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5157", "CVE-2016-5150", "CVE-2016-5149", "CVE-2016-5152", "CVE-2016-5166", "CVE-2016-5159"], "description": "### *Detect date*:\n08/31/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions or inject arbitrary code.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 53.0.2785.89\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Google Chrome](<https://www.google.ru/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Google Blog](<http://googlechromereleases.blogspot.ru/2016/08/stable-channel-update-for-desktop_31.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+GoogleChromeReleases+\$Google+Chrome+Releases\$>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2016-7395](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7395>)6.8High \n[CVE-2016-5167](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5167>)7.5Critical \n[CVE-2016-5166](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5166>)2.6Warning \n[CVE-2016-5165](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5165>)4.3Warning \n[CVE-2016-5164](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5164>)4.3Warning \n[CVE-2016-5163](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5163>)4.3Warning \n[CVE-2016-5162](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5162>)4.3Warning \n[CVE-2016-5161](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5161>)6.8High \n[CVE-2016-5160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5160>)4.3Warning \n[CVE-2016-5159](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5159>)6.8High \n[CVE-2016-5158](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5158>)6.8High \n[CVE-2016-5157](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5157>)6.8High \n[CVE-2016-5156](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5156>)6.8High \n[CVE-2016-5155](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5155>)4.3Warning \n[CVE-2016-5154](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5154>)6.8High \n[CVE-2016-5153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5153>)6.8High \n[CVE-2016-5152](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5152>)6.8High \n[CVE-2016-5151](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5151>)6.8High \n[CVE-2016-5150](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5150>)6.8High \n[CVE-2016-5149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5149>)6.8High \n[CVE-2016-5148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5148>)4.3Warning \n[CVE-2016-5147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5147>)4.3Warning", "edition": 43, "modified": "2020-05-22T00:00:00", "published": "2016-08-31T00:00:00", "id": "KLA10865", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10865", "title": "\r KLA10865\u007fMultiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T20:07:39", "description": "Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-08-07T19:59:00", "title": "CVE-2016-5141", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5141"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/a:google:chrome:52.0.2743.82"], "id": "CVE-2016-5141", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5141", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:52.0.2743.82:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-08-07T19:59:00", "title": "CVE-2016-5142", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5142"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/a:google:chrome:52.0.2743.82"], "id": "CVE-2016-5142", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5142", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:52.0.2743.82:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-11T10:59:00", "title": "CVE-2016-5167", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5167"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:google:chrome:52.0.2743.116", "cpe:/o:opensuse:leap:42.1"], "id": "CVE-2016-5167", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5167", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:52.0.2743.116:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-08-07T19:59:00", "title": "CVE-2016-5143", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5143"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/a:google:chrome:52.0.2743.82"], "id": "CVE-2016-5143", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5143", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:52.0.2743.82:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka \"Universal XSS (UXSS).\"", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-09-11T10:59:00", "title": "CVE-2016-5164", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5164"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:google:chrome:52.0.2743.116", "cpe:/o:opensuse:leap:42.1"], "id": "CVE-2016-5164", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5164", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:52.0.2743.116:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\"", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-09-11T10:59:00", "title": "CVE-2016-5147", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5147"], "modified": "2017-08-13T01:29:00", "cpe": ["cpe:/a:google:chrome:52.0.2743.116"], "id": "CVE-2016-5147", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5147", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:52.0.2743.116:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka \"Universal XSS (UXSS).\"", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-09-11T10:59:00", "title": "CVE-2016-5148", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5148"], "modified": "2017-08-13T01:29:00", "cpe": ["cpe:/a:google:chrome:52.0.2743.116"], "id": "CVE-2016-5148", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5148", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:52.0.2743.116:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-11T10:59:00", "title": "CVE-2016-5153", "type": "cve", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5153"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:google:chrome:52.0.2743.116", "cpe:/o:opensuse:leap:42.1"], "id": "CVE-2016-5153", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5153", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:52.0.2743.116:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-08-07T19:59:00", "title": "CVE-2016-5145", "type": "cve", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5145"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/a:google:chrome:52.0.2743.82"], "id": "CVE-2016-5145", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5145", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:52.0.2743.82:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-08-07T19:59:00", "title": "CVE-2016-5144", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5144"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/a:google:chrome:52.0.2743.82"], "id": "CVE-2016-5144", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5144", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:52.0.2743.82:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-01T03:30:25", "description": "The version of Google Chrome installed on the remote Mac OS X host is\nprior to 52.0.2743.116. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An overflow condition exists in PDFium due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service \n condition or the execution of arbitrary code.\n (CVE-2016-5139)\n\n - An overflow condition exists in OpenJPEG due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service \n condition or the execution of arbitrary code.\n (CVE-2016-5140)\n\n - A flaw exists that is triggered when nested message\n loops access documents without generating a\n notification. An attacker can exploit this to spoof the\n address bar. (CVE-2016-5141)\n\n - A use-after-free error exists that allows an attacker to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5142)\n\n - A flaw exists in the sanitizeRemoteFrontendUrl()\n function in devtools.js due to a failure to properly\n sanitize input parameters. An attacker can exploit this\n to have an unspecified impact. (CVE-2016-5143)\n\n - A flaw exists in the loadScriptsPromise() function in\n Runtime.js due to a failure to properly sanitize input\n parameters. An attacker can exploit this to have an\n unspecified impact. (CVE-2016-5144)\n\n - A flaw exists due to improper handling of specially\n crafted images. An attacker can exploit this to bypass\n the same-origin policy. (CVE-2016-5145)\n\n - Multiple unspecified high and medium severity\n vulnerabilities exist, including an overflow condition\n in WebRTC due to improper validation user-supplied input\n when handling RTP packets. An attacker can exploit this\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2016-5146)\n\nNote that Nessus has not tested for these issues but has instead \nrelied only on the application's self-reported version number.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-08T00:00:00", "title": "Google Chrome < 52.0.2743.116 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145", "CVE-2016-5139"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_52_0_2743_116.NASL", "href": "https://www.tenable.com/plugins/nessus/92792", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92792);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-5139\",\n \"CVE-2016-5140\",\n \"CVE-2016-5141\",\n \"CVE-2016-5142\",\n \"CVE-2016-5143\",\n \"CVE-2016-5144\",\n \"CVE-2016-5145\",\n \"CVE-2016-5146\"\n );\n script_bugtraq_id(92276);\n\n script_name(english:\"Google Chrome < 52.0.2743.116 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Mac OS X host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 52.0.2743.116. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An overflow condition exists in PDFium due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service \n condition or the execution of arbitrary code.\n (CVE-2016-5139)\n\n - An overflow condition exists in OpenJPEG due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service \n condition or the execution of arbitrary code.\n (CVE-2016-5140)\n\n - A flaw exists that is triggered when nested message\n loops access documents without generating a\n notification. An attacker can exploit this to spoof the\n address bar. (CVE-2016-5141)\n\n - A use-after-free error exists that allows an attacker to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5142)\n\n - A flaw exists in the sanitizeRemoteFrontendUrl()\n function in devtools.js due to a failure to properly\n sanitize input parameters. An attacker can exploit this\n to have an unspecified impact. (CVE-2016-5143)\n\n - A flaw exists in the loadScriptsPromise() function in\n Runtime.js due to a failure to properly sanitize input\n parameters. An attacker can exploit this to have an\n unspecified impact. (CVE-2016-5144)\n\n - A flaw exists due to improper handling of specially\n crafted images. An attacker can exploit this to bypass\n the same-origin policy. (CVE-2016-5145)\n\n - Multiple unspecified high and medium severity\n vulnerabilities exist, including an overflow condition\n in WebRTC due to improper validation user-supplied input\n when handling RTP packets. An attacker can exploit this\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2016-5146)\n\nNote that Nessus has not tested for these issues but has instead \nrelied only on the application's self-reported version number.\");\n # https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81b23127\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 52.0.2743.116 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5146\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'52.0.2743.116', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:05:49", "description": "The version of Google Chrome installed on the remote Windows host is\nprior to 52.0.2743.116. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An overflow condition exists in PDFium due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service \n condition or the execution of arbitrary code.\n (CVE-2016-5139)\n\n - An overflow condition exists in OpenJPEG due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service \n condition or the execution of arbitrary code.\n (CVE-2016-5140)\n\n - A flaw exists that is triggered when nested message\n loops access documents without generating a\n notification. An attacker can exploit this to spoof the\n address bar. (CVE-2016-5141)\n\n - A use-after-free error exists that allows an attacker to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5142)\n\n - A flaw exists in the sanitizeRemoteFrontendUrl()\n function in devtools.js due to a failure to properly\n sanitize input parameters. An attacker can exploit this\n to have an unspecified impact. (CVE-2016-5143)\n\n - A flaw exists in the loadScriptsPromise() function in\n Runtime.js due to a failure to properly sanitize input\n parameters. An attacker can exploit this to have an\n unspecified impact. (CVE-2016-5144)\n\n - A flaw exists due to improper handling of specially\n crafted images. An attacker can exploit this to bypass\n the same-origin policy. (CVE-2016-5145)\n\n - Multiple unspecified high and medium severity\n vulnerabilities exist, including an overflow condition\n in WebRTC due to improper validation user-supplied input\n when handling RTP packets. An attacker can exploit this\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2016-5146)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-08T00:00:00", "title": "Google Chrome < 52.0.2743.116 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145", "CVE-2016-5139"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_52_0_2743_116.NASL", "href": "https://www.tenable.com/plugins/nessus/92791", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92791);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-5139\",\n \"CVE-2016-5140\",\n \"CVE-2016-5141\",\n \"CVE-2016-5142\",\n \"CVE-2016-5143\",\n \"CVE-2016-5144\",\n \"CVE-2016-5145\",\n \"CVE-2016-5146\"\n );\n script_bugtraq_id(92276);\n\n script_name(english:\"Google Chrome < 52.0.2743.116 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 52.0.2743.116. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An overflow condition exists in PDFium due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service \n condition or the execution of arbitrary code.\n (CVE-2016-5139)\n\n - An overflow condition exists in OpenJPEG due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service \n condition or the execution of arbitrary code.\n (CVE-2016-5140)\n\n - A flaw exists that is triggered when nested message\n loops access documents without generating a\n notification. An attacker can exploit this to spoof the\n address bar. (CVE-2016-5141)\n\n - A use-after-free error exists that allows an attacker to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2016-5142)\n\n - A flaw exists in the sanitizeRemoteFrontendUrl()\n function in devtools.js due to a failure to properly\n sanitize input parameters. An attacker can exploit this\n to have an unspecified impact. (CVE-2016-5143)\n\n - A flaw exists in the loadScriptsPromise() function in\n Runtime.js due to a failure to properly sanitize input\n parameters. An attacker can exploit this to have an\n unspecified impact. (CVE-2016-5144)\n\n - A flaw exists due to improper handling of specially\n crafted images. An attacker can exploit this to bypass\n the same-origin policy. (CVE-2016-5145)\n\n - Multiple unspecified high and medium severity\n vulnerabilities exist, including an overflow condition\n in WebRTC due to improper validation user-supplied input\n when handling RTP packets. An attacker can exploit this\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2016-5146)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81b23127\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 52.0.2743.116 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5146\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'52.0.2743.116', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:55:44", "description": "Google Chrome Releases reports :\n\n10 security fixes in this release, including :\n\n- [629542] High CVE-2016-5141 Address bar spoofing. Credit to\nanonymous\n\n- [626948] High CVE-2016-5142 Use-after-free in Blink. Credit to\nanonymous\n\n- [625541] High CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan\nGo of Stealien\n\n- [619405] High CVE-2016-5140 Heap overflow in pdfium. Credit to Ke\nLiu of Tencent's Xuanwu LAB\n\n- [623406] Medium CVE-2016-5145 Same origin bypass for images in\nBlink. Credit to anonymous\n\n- [619414] Medium CVE-2016-5143 Parameter sanitization failure in\nDevTools. Credit to Gregory Panakkal\n\n- [618333] Medium CVE-2016-5144 Parameter sanitization failure in\nDevTools. Credit to Gregory Panakkal\n\n- [633486] CVE-2016-5146: Various fixes from internal audits, fuzzing\nand other initiatives.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-15T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (958b9cee-79da-11e6-bf75-3065ec8fd3ec)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145", "CVE-2016-5139"], "modified": "2016-09-15T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium-npapi", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium-pulse", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_958B9CEE79DA11E6BF753065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/93497", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93497);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5140\", \"CVE-2016-5141\", \"CVE-2016-5142\", \"CVE-2016-5143\", \"CVE-2016-5144\", \"CVE-2016-5145\", \"CVE-2016-5146\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (958b9cee-79da-11e6-bf75-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n10 security fixes in this release, including :\n\n- [629542] High CVE-2016-5141 Address bar spoofing. Credit to\nanonymous\n\n- [626948] High CVE-2016-5142 Use-after-free in Blink. Credit to\nanonymous\n\n- [625541] High CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan\nGo of Stealien\n\n- [619405] High CVE-2016-5140 Heap overflow in pdfium. Credit to Ke\nLiu of Tencent's Xuanwu LAB\n\n- [623406] Medium CVE-2016-5145 Same origin bypass for images in\nBlink. Credit to anonymous\n\n- [619414] Medium CVE-2016-5143 Parameter sanitization failure in\nDevTools. Credit to Gregory Panakkal\n\n- [618333] Medium CVE-2016-5144 Parameter sanitization failure in\nDevTools. Credit to Gregory Panakkal\n\n- [633486] CVE-2016-5146: Various fixes from internal audits, fuzzing\nand other initiatives.\"\n );\n # https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a6d822c\"\n );\n # https://vuxml.freebsd.org/freebsd/958b9cee-79da-11e6-bf75-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be76e227\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<52.0.2743.116\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<52.0.2743.116\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<52.0.2743.116\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T20:09:37", "description": "An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 52.0.2743.116.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Chromium\nto crash, execute arbitrary code, or disclose sensitive information\nwhen visited by the victim. (CVE-2016-5139, CVE-2016-5140,\nCVE-2016-5141, CVE-2016-5142, CVE-2016-5146, CVE-2016-5143,\nCVE-2016-5144, CVE-2016-5145)", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-09T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2016:1580)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145", "CVE-2016-5139"], "modified": "2016-08-09T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "p-cpe:/a:redhat:enterprise_linux:chromium-browser", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-1580.NASL", "href": "https://www.tenable.com/plugins/nessus/92814", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1580. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92814);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5140\", \"CVE-2016-5141\", \"CVE-2016-5142\", \"CVE-2016-5143\", \"CVE-2016-5144\", \"CVE-2016-5145\", \"CVE-2016-5146\");\n script_xref(name:\"RHSA\", value:\"2016:1580\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2016:1580)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 52.0.2743.116.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Chromium\nto crash, execute arbitrary code, or disclose sensitive information\nwhen visited by the victim. (CVE-2016-5139, CVE-2016-5140,\nCVE-2016-5141, CVE-2016-5142, CVE-2016-5146, CVE-2016-5143,\nCVE-2016-5144, CVE-2016-5145)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5146\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1580\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-52.0.2743.116-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-52.0.2743.116-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-52.0.2743.116-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-52.0.2743.116-1.el6\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:30:57", "description": "Chromium was updated to 52.0.2743.116 to fix the following security\nissues: (boo#992305)\n\n - CVE-2016-5141: Address bar spoofing (boo#992314)\n\n - CVE-2016-5142: Use-after-free in Blink (boo#992313)\n\n - CVE-2016-5139: Heap overflow in pdfium (boo#992311)\n\n - CVE-2016-5140: Heap overflow in pdfium (boo#992310)\n\n - CVE-2016-5145: Same origin bypass for images in Blink\n (boo#992320)\n\n - CVE-2016-5143: Parameter sanitization failure in\n DevTools (boo#992319)\n\n - CVE-2016-5144: Parameter sanitization failure in\n DevTools (boo#992315)\n\n - CVE-2016-5146: Various fixes from internal audits,\n fuzzing and other initiatives (boo#992309)", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-08T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2016-950)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145", "CVE-2016-5139"], "modified": "2016-08-08T00:00:00", "cpe": ["cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2016-950.NASL", "href": "https://www.tenable.com/plugins/nessus/92778", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-950.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92778);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5140\", \"CVE-2016-5141\", \"CVE-2016-5142\", \"CVE-2016-5143\", \"CVE-2016-5144\", \"CVE-2016-5145\", \"CVE-2016-5146\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-950)\");\n script_summary(english:\"Check for the openSUSE-2016-950 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 52.0.2743.116 to fix the following security\nissues: (boo#992305)\n\n - CVE-2016-5141: Address bar spoofing (boo#992314)\n\n - CVE-2016-5142: Use-after-free in Blink (boo#992313)\n\n - CVE-2016-5139: Heap overflow in pdfium (boo#992311)\n\n - CVE-2016-5140: Heap overflow in pdfium (boo#992310)\n\n - CVE-2016-5145: Same origin bypass for images in Blink\n (boo#992320)\n\n - CVE-2016-5143: Parameter sanitization failure in\n DevTools (boo#992319)\n\n - CVE-2016-5144: Parameter sanitization failure in\n DevTools (boo#992315)\n\n - CVE-2016-5146: Various fixes from internal audits,\n fuzzing and other initiatives (boo#992309)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992320\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-52.0.2743.116-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-52.0.2743.116-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-52.0.2743.116-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-52.0.2743.116-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-52.0.2743.116-114.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromedriver-52.0.2743.116-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-52.0.2743.116-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-desktop-gnome-52.0.2743.116-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-desktop-kde-52.0.2743.116-64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"chromium-ffmpegsumo-52.0.2743.116-64.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromium / chromium-desktop-gnome / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:14:58", "description": "On 2016-08-04 Google released Chrome 52.0.2743.116 which fixes at\nleast 8 security issues: CVE-2016-5141, CVE-2016-5142, CVE-2016-5139,\nCVE-2016-5140, CVE-2016-5145, CVE-2016-5143 and CVE-2016-5144. \n\nAdditionally, this update :\n\n - Splits libmedia and libffmpeg into the libs-media\n subpackage, so that it can be replaced by non-Fedora\n repos to provide additional codecs.\n\n - Enables gtk3 support\n\n - Adds additional ICU Text codec aliases (from openSUSE\n via Russian Fedora)\n\n - Uses PIE in the Linux sandbox (from openSUSE via Russian\n Fedora)\n\n - Enables ARM CPU detection for webrtc (from archlinux via\n Russian Fedora)\n\n - Does not force -m32 in icu compile on ARM (from\n archlinux via Russian Fedora)\n\n - Enables fpic on linux\n\n - Enables hidpi\n\n - Enables touch_ui\n\n - Adds chromedriver subpackage (from Russian Fedora)\n\n - Sets default master_preferences location to\n /etc/chromium (and includes master_preferences file)\n\n - Creates PepperFlash directory where plugin needs to live\n if user has it\n\n - Improves translations in chromium-browser.desktop (from\n Russian Fedora)\n\n - Improves translation in Appinfo xml file (thanks to\n Richard Hughes)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-15T00:00:00", "title": "Fedora 24 : chromium (2016-e9798eaaa3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5145", "CVE-2016-5139"], "modified": "2016-08-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-E9798EAAA3.NASL", "href": "https://www.tenable.com/plugins/nessus/92962", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-e9798eaaa3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92962);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5140\", \"CVE-2016-5141\", \"CVE-2016-5142\", \"CVE-2016-5143\", \"CVE-2016-5144\", \"CVE-2016-5145\");\n script_xref(name:\"FEDORA\", value:\"2016-e9798eaaa3\");\n\n script_name(english:\"Fedora 24 : chromium (2016-e9798eaaa3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"On 2016-08-04 Google released Chrome 52.0.2743.116 which fixes at\nleast 8 security issues: CVE-2016-5141, CVE-2016-5142, CVE-2016-5139,\nCVE-2016-5140, CVE-2016-5145, CVE-2016-5143 and CVE-2016-5144. \n\nAdditionally, this update :\n\n - Splits libmedia and libffmpeg into the libs-media\n subpackage, so that it can be replaced by non-Fedora\n repos to provide additional codecs.\n\n - Enables gtk3 support\n\n - Adds additional ICU Text codec aliases (from openSUSE\n via Russian Fedora)\n\n - Uses PIE in the Linux sandbox (from openSUSE via Russian\n Fedora)\n\n - Enables ARM CPU detection for webrtc (from archlinux via\n Russian Fedora)\n\n - Does not force -m32 in icu compile on ARM (from\n archlinux via Russian Fedora)\n\n - Enables fpic on linux\n\n - Enables hidpi\n\n - Enables touch_ui\n\n - Adds chromedriver subpackage (from Russian Fedora)\n\n - Sets default master_preferences location to\n /etc/chromium (and includes master_preferences file)\n\n - Creates PepperFlash directory where plugin needs to live\n if user has it\n\n - Improves translations in chromium-browser.desktop (from\n Russian Fedora)\n\n - Improves translation in Appinfo xml file (thanks to\n Richard Hughes)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9798eaaa3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"chromium-52.0.2743.116-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:49:46", "description": "Several vulnerabilites have been discovered in the chromium web\nbrowser.\n\n - CVE-2016-5139\n GiWan Go discovered a use-after-free issue in the pdfium\n library.\n\n - CVE-2016-5140\n Ke Liu discovered a use-after-free issue in the pdfium\n library.\n\n - CVE-2016-5141\n Sergey Glazunov discovered a URL spoofing issue.\n\n - CVE-2016-5142\n Sergey Glazunov discovered a use-after-free issue.\n\n - CVE-2016-5143\n Gregory Panakkal discovered an issue in the developer\n tools.\n\n - CVE-2016-5144\n Gregory Panakkal discovered another issue in the\n developer tools.\n\n - CVE-2016-5146\n The chrome development team found and fixed various\n issues during internal auditing.", "edition": 22, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-08-15T00:00:00", "title": "Debian DSA-3645-1 : chromium-browser - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5139"], "modified": "2016-08-15T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:chromium-browser"], "id": "DEBIAN_DSA-3645.NASL", "href": "https://www.tenable.com/plugins/nessus/92956", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3645. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92956);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5139\", \"CVE-2016-5140\", \"CVE-2016-5141\", \"CVE-2016-5142\", \"CVE-2016-5143\", \"CVE-2016-5144\");\n script_xref(name:\"DSA\", value:\"3645\");\n\n script_name(english:\"Debian DSA-3645-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilites have been discovered in the chromium web\nbrowser.\n\n - CVE-2016-5139\n GiWan Go discovered a use-after-free issue in the pdfium\n library.\n\n - CVE-2016-5140\n Ke Liu discovered a use-after-free issue in the pdfium\n library.\n\n - CVE-2016-5141\n Sergey Glazunov discovered a URL spoofing issue.\n\n - CVE-2016-5142\n Sergey Glazunov discovered a use-after-free issue.\n\n - CVE-2016-5143\n Gregory Panakkal discovered an issue in the developer\n tools.\n\n - CVE-2016-5144\n Gregory Panakkal discovered another issue in the\n developer tools.\n\n - CVE-2016-5146\n The chrome development team found and fixed various\n issues during internal auditing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3645\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 52.0.2743.116-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"chromedriver\", reference:\"52.0.2743.116-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium\", reference:\"52.0.2743.116-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-dbg\", reference:\"52.0.2743.116-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-inspector\", reference:\"52.0.2743.116-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-l10n\", reference:\"52.0.2743.116-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T20:09:39", "description": "An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 53.0.2785.89.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Chromium\nto crash, execute arbitrary code, or disclose sensitive information\nwhen visited by the victim. (CVE-2016-5147, CVE-2016-5148,\nCVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152,\nCVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156,\nCVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167,\nCVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164,\nCVE-2016-5165, CVE-2016-5166, CVE-2016-5160)", "edition": 21, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-09-13T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2016:1854)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5158", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5162", "CVE-2016-5156", "CVE-2016-5154", "CVE-2016-5151", "CVE-2016-5163", "CVE-2016-5161", "CVE-2016-5147", "CVE-2016-5160", "CVE-2016-5167", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5157", "CVE-2016-5150", "CVE-2016-5149", "CVE-2016-5152", "CVE-2016-5166", "CVE-2016-5159"], "modified": "2016-09-13T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "p-cpe:/a:redhat:enterprise_linux:chromium-browser", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-1854.NASL", "href": "https://www.tenable.com/plugins/nessus/93452", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1854. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93452);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-5147\", \"CVE-2016-5148\", \"CVE-2016-5149\", \"CVE-2016-5150\", \"CVE-2016-5151\", \"CVE-2016-5152\", \"CVE-2016-5153\", \"CVE-2016-5154\", \"CVE-2016-5155\", \"CVE-2016-5156\", \"CVE-2016-5157\", \"CVE-2016-5158\", \"CVE-2016-5159\", \"CVE-2016-5160\", \"CVE-2016-5161\", \"CVE-2016-5162\", \"CVE-2016-5163\", \"CVE-2016-5164\", \"CVE-2016-5165\", \"CVE-2016-5166\", \"CVE-2016-5167\");\n script_xref(name:\"RHSA\", value:\"2016:1854\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2016:1854)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 53.0.2785.89.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Chromium\nto crash, execute arbitrary code, or disclose sensitive information\nwhen visited by the victim. (CVE-2016-5147, CVE-2016-5148,\nCVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152,\nCVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156,\nCVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167,\nCVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164,\nCVE-2016-5165, CVE-2016-5166, CVE-2016-5160)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5167\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1854\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-53.0.2785.89-3.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-53.0.2785.89-3.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-53.0.2785.89-3.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-53.0.2785.89-3.el6\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:05:50", "description": "The version of Google Chrome installed on the remote Windows host is\nprior to 53.0.2785.89. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Universal XSS in Blink. Credit to anonymous\n\n - Universal XSS in Blink. Credit to anonymous\n\n - Script injection in extensions. Credit to Max Justicz\n (http\n\n - Use after free in Blink. Credit to anonymous\n\n - Use after free in PDFium. Credit to anonymous\n\n - Heap overflow in PDFium. Credit to GiWan Go of Stealien\n\n - Use after destruction in Blink. Credit to Atte Kettunen\n of OUSPG\n\n - Heap overflow in PDFium. Credit to anonymous\n\n - Address bar spoofing. Credit to anonymous\n\n - Use after free in event bindings. Credit to jinmo123\n\n - Heap overflow in PDFium. Credit to anonymous\n\n - Heap overflow in PDFium. Credit to GiWan Go of Stealien\n\n - Heap overflow in PDFium. Credit to GiWan Go of Stealien\n\n - Type confusion in Blink. Credit to\n 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend\n Micro's Zero Day Initiative\n\n - Extensions web accessible resources bypass. Credit to\n Nicolas Golubovic\n\n - Address bar spoofing. Credit to Rafay Baloch PTCL\n Etisalat (http\n\n - Universal XSS using DevTools. Credit to anonymous\n\n - Script injection in DevTools. Credit to Gregory\n Panakkal\n\n - SMB Relay Attack via Save Page As. Credit to Gregory\n Panakkal\n\n - Extensions web accessible resources bypass. Credit to\n @l33terally, FogMarks.com (@FogMarks)\n\n - Various fixes from internal audits, fuzzing and other\n initiatives.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the applications self-reported version number.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Chrome security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-09-02T00:00:00", "title": "Google Chrome < 53.0.2785.89 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5158", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5162", "CVE-2016-5156", "CVE-2016-5154", "CVE-2016-5151", "CVE-2016-5163", "CVE-2016-5161", "CVE-2016-5147", "CVE-2016-5160", "CVE-2016-5167", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5157", "CVE-2016-5150", "CVE-2016-5149", "CVE-2016-5152", "CVE-2016-5166", "CVE-2016-5159"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_53_0_2785_89.NASL", "href": "https://www.tenable.com/plugins/nessus/93315", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93315);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-5147\",\n \"CVE-2016-5148\",\n \"CVE-2016-5149\",\n \"CVE-2016-5150\",\n \"CVE-2016-5151\",\n \"CVE-2016-5152\",\n \"CVE-2016-5153\",\n \"CVE-2016-5154\",\n \"CVE-2016-5155\",\n \"CVE-2016-5156\",\n \"CVE-2016-5157\",\n \"CVE-2016-5158\",\n \"CVE-2016-5159\",\n \"CVE-2016-5160\",\n \"CVE-2016-5161\",\n \"CVE-2016-5162\",\n \"CVE-2016-5163\",\n \"CVE-2016-5164\",\n \"CVE-2016-5165\",\n \"CVE-2016-5166\",\n \"CVE-2016-5167\"\n );\n\n script_name(english:\"Google Chrome < 53.0.2785.89 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 53.0.2785.89. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Universal XSS in Blink. Credit to anonymous\n\n - Universal XSS in Blink. Credit to anonymous\n\n - Script injection in extensions. Credit to Max Justicz\n (http\n\n - Use after free in Blink. Credit to anonymous\n\n - Use after free in PDFium. Credit to anonymous\n\n - Heap overflow in PDFium. Credit to GiWan Go of Stealien\n\n - Use after destruction in Blink. Credit to Atte Kettunen\n of OUSPG\n\n - Heap overflow in PDFium. Credit to anonymous\n\n - Address bar spoofing. Credit to anonymous\n\n - Use after free in event bindings. Credit to jinmo123\n\n - Heap overflow in PDFium. Credit to anonymous\n\n - Heap overflow in PDFium. Credit to GiWan Go of Stealien\n\n - Heap overflow in PDFium. Credit to GiWan Go of Stealien\n\n - Type confusion in Blink. Credit to\n 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend\n Micro's Zero Day Initiative\n\n - Extensions web accessible resources bypass. Credit to\n Nicolas Golubovic\n\n - Address bar spoofing. Credit to Rafay Baloch PTCL\n Etisalat (http\n\n - Universal XSS using DevTools. Credit to anonymous\n\n - Script injection in DevTools. Credit to Gregory\n Panakkal\n\n - SMB Relay Attack via Save Page As. Credit to Gregory\n Panakkal\n\n - Extensions web accessible resources bypass. Credit to\n @l33terally, FogMarks.com (@FogMarks)\n\n - Various fixes from internal audits, fuzzing and other\n initiatives.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the applications self-reported version number.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Chrome security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f6e7512a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version to 53.0.2785.89 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5167\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'53.0.2785.89', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:30:27", "description": "The version of Google Chrome installed on the remote Mac OS X host is\nprior to 53.0.2785.89. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Universal XSS in Blink. Credit to anonymous\n\n - Universal XSS in Blink. Credit to anonymous\n\n - Script injection in extensions. Credit to Max Justicz\n (http\n\n - Use after free in Blink. Credit to anonymous\n\n - Use after free in PDFium. Credit to anonymous\n\n - Heap overflow in PDFium. Credit to GiWan Go of Stealien\n\n - Use after destruction in Blink. Credit to Atte Kettunen\n of OUSPG\n\n - Heap overflow in PDFium. Credit to anonymous\n\n - Address bar spoofing. Credit to anonymous\n\n - Use after free in event bindings. Credit to jinmo123\n\n - Heap overflow in PDFium. Credit to anonymous\n\n - Heap overflow in PDFium. Credit to GiWan Go of Stealien\n\n - Heap overflow in PDFium. Credit to GiWan Go of Stealien\n\n - Type confusion in Blink. Credit to\n 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend\n Micro's Zero Day Initiative\n\n - Extensions web accessible resources bypass. Credit to\n Nicolas Golubovic\n\n - Address bar spoofing. Credit to Rafay Baloch PTCL\n Etisalat (http\n\n - Universal XSS using DevTools. Credit to anonymous\n\n - Script injection in DevTools. Credit to Gregory\n Panakkal\n\n - SMB Relay Attack via Save Page As. Credit to Gregory\n Panakkal\n\n - Extensions web accessible resources bypass. Credit to\n @l33terally, FogMarks.com (@FogMarks)\n\n - Various fixes from internal audits, fuzzing and other\n initiatives.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the applications self-reported version number.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Chrome security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-09-02T00:00:00", "title": "Google Chrome < 53.0.2785.89 Multiple Vulnerabilities (Mac OS X", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5158", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5162", "CVE-2016-5156", "CVE-2016-5154", "CVE-2016-5151", "CVE-2016-5163", "CVE-2016-5161", "CVE-2016-5147", "CVE-2016-5160", "CVE-2016-5167", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5157", "CVE-2016-5150", "CVE-2016-5149", "CVE-2016-5152", "CVE-2016-5166", "CVE-2016-5159"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_53_0_2785_89.NASL", "href": "https://www.tenable.com/plugins/nessus/93316", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93316);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-5147\",\n \"CVE-2016-5148\",\n \"CVE-2016-5149\",\n \"CVE-2016-5150\",\n \"CVE-2016-5151\",\n \"CVE-2016-5152\",\n \"CVE-2016-5153\",\n \"CVE-2016-5154\",\n \"CVE-2016-5155\",\n \"CVE-2016-5156\",\n \"CVE-2016-5157\",\n \"CVE-2016-5158\",\n \"CVE-2016-5159\",\n \"CVE-2016-5160\",\n \"CVE-2016-5161\",\n \"CVE-2016-5162\",\n \"CVE-2016-5163\",\n \"CVE-2016-5164\",\n \"CVE-2016-5165\",\n \"CVE-2016-5166\",\n \"CVE-2016-5167\"\n );\n\n script_name(english:\"Google Chrome < 53.0.2785.89 Multiple Vulnerabilities (Mac OS X\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Mac OS X host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 53.0.2785.89. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Universal XSS in Blink. Credit to anonymous\n\n - Universal XSS in Blink. Credit to anonymous\n\n - Script injection in extensions. Credit to Max Justicz\n (http\n\n - Use after free in Blink. Credit to anonymous\n\n - Use after free in PDFium. Credit to anonymous\n\n - Heap overflow in PDFium. Credit to GiWan Go of Stealien\n\n - Use after destruction in Blink. Credit to Atte Kettunen\n of OUSPG\n\n - Heap overflow in PDFium. Credit to anonymous\n\n - Address bar spoofing. Credit to anonymous\n\n - Use after free in event bindings. Credit to jinmo123\n\n - Heap overflow in PDFium. Credit to anonymous\n\n - Heap overflow in PDFium. Credit to GiWan Go of Stealien\n\n - Heap overflow in PDFium. Credit to GiWan Go of Stealien\n\n - Type confusion in Blink. Credit to\n 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend\n Micro's Zero Day Initiative\n\n - Extensions web accessible resources bypass. Credit to\n Nicolas Golubovic\n\n - Address bar spoofing. Credit to Rafay Baloch PTCL\n Etisalat (http\n\n - Universal XSS using DevTools. Credit to anonymous\n\n - Script injection in DevTools. Credit to Gregory\n Panakkal\n\n - SMB Relay Attack via Save Page As. Credit to Gregory\n Panakkal\n\n - Extensions web accessible resources bypass. Credit to\n @l33terally, FogMarks.com (@FogMarks)\n\n - Various fixes from internal audits, fuzzing and other\n initiatives.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the applications self-reported version number.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Chrome security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f6e7512a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version to 53.0.2785.89 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5167\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'53.0.2785.89', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5139", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5142", "CVE-2016-5143", "CVE-2016-5144", "CVE-2016-5145", "CVE-2016-5146"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 52.0.2743.116.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5139, CVE-2016-5140, CVE-2016-5141, CVE-2016-5142, CVE-2016-5146, CVE-2016-5143, CVE-2016-5144, CVE-2016-5145)", "modified": "2018-06-07T09:04:07", "published": "2016-08-09T08:49:21", "id": "RHSA-2016:1580", "href": "https://access.redhat.com/errata/RHSA-2016:1580", "type": "redhat", "title": "(RHSA-2016:1580) Important: chromium-browser security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:42", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5147", "CVE-2016-5148", "CVE-2016-5149", "CVE-2016-5150", "CVE-2016-5151", "CVE-2016-5152", "CVE-2016-5153", "CVE-2016-5154", "CVE-2016-5155", "CVE-2016-5156", "CVE-2016-5157", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-5160", "CVE-2016-5161", "CVE-2016-5162", "CVE-2016-5163", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5166", "CVE-2016-5167"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 53.0.2785.89.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5167, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5160)", "modified": "2018-06-07T09:04:28", "published": "2016-09-12T23:28:55", "id": "RHSA-2016:1854", "href": "https://access.redhat.com/errata/RHSA-2016:1854", "type": "redhat", "title": "(RHSA-2016:1854) Important: chromium-browser security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145", "CVE-2016-5139"], "description": "- CVE-2016-5139 (arbitrary code execution)\n\nMultiple integer overflows in the opj_tcd_init_tile function in tcd.c in\nOpenJPEG, as used in PDFium, allow remote attackers to cause a denial of\nservice (heap-based buffer overflow) or possibly have other unspecified\nimpact via crafted JPEG 2000 data.\n\n- CVE-2016-5140 (arbitrary code execution)\n\nHeap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in\nj2k.c in OpenJPEG, as used in PDFium, allows remote attackers to cause a\ndenial of service or possibly have other unspecified impact via crafted\nJPEG 2000 data.\n\n- CVE-2016-5141 (address bar spoofing)\n\nBlink allows remote attackers to spoof the address bar via vectors\ninvolving a provisional URL for an initially empty document, related to\nFrameLoader.cpp and ScopedPageLoadDeferrer.cpp.\n\n- CVE-2016-5142 (arbitrary code execution)\n\nThe Web Cryptography API (aka WebCrypto) implementation in Blink does\nnot properly copy data buffers, which allows remote attackers to cause a\ndenial of service (use-after-free) or possibly have other unspecified\nimpact via crafted JavaScript code, related to NormalizeAlgorithm.cpp\nand SubtleCrypto.cpp.\n\n- CVE-2016-5143, CVE-2016-5144 (access restriction bypass)\n\nThe Developer Tools (aka DevTools) subsystem in Blink mishandles the\nscript-path hostname, remoteBase parameter, and remoteFrontendUrl\nparameter, which allows remote attackers to bypass intended access\nrestrictions via a crafted URL.\n\n- CVE-2016-5145 (same-origin policy bypass)\n\nBlink does not ensure that a taint property is preserved after a\nstructure-clone operation on an ImageBitmap object derived from a\ncross-origin image, which allows remote attackers to bypass the Same\nOrigin Policy via crafted JavaScript code.\n\n- CVE-2016-5146 (arbitrary code execution)\n\nMultiple unspecified vulnerabilities allow attackers to cause a denial\nof service or possibly have other unspecified impact via unknown vectors.", "modified": "2016-08-17T00:00:00", "published": "2016-08-17T00:00:00", "id": "ASA-201608-16", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html", "type": "archlinux", "title": "chromium: multiple issues", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T13:01:05", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5158", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5162", "CVE-2016-5156", "CVE-2016-5154", "CVE-2016-5151", "CVE-2016-5163", "CVE-2016-5161", "CVE-2016-5147", "CVE-2016-5160", "CVE-2016-5167", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5157", "CVE-2016-5150", "CVE-2016-5149", "CVE-2016-5152", "CVE-2016-5166", "CVE-2016-5159"], "description": "- CVE-2016-5147 CVE-2016-5148 (cross-site scripting)\n\nUniversal XSS in Blink.\n\n- CVE-2016-5149 (script injection)\n\nScript injection in extensions.\n\n- CVE-2016-5150 (arbitrary code execution)\n\nUse after free in Blink.\n\n- CVE-2016-5151 (arbitrary code execution)\n\nUse after free in PDFium.\n\n- CVE-2016-5152 CVE-2016-5154 CVE-2016-5157 CVE-2016-5158 CVE-2016-5159\n (arbitrary code execution)\n\nHeap overflow in PDFium.\n\n- CVE-2016-5153 (arbitrary code execution)\n\nUse after destruction in Blink.\n\n- CVE-2016-5155 CVE-2016-5163 (address bar spoofing)\n\nAddress bar spoofing.\n\n- CVE-2016-5156 (arbitrary code execution)\n\nUse after free in event bindings.\n\n- CVE-2016-5160 CVE-2016-5162 (access restriction bypass)\n\nExtensions web accessible resources bypass.\n\n- CVE-2016-5161 (arbitrary code execution)\n\nType confusion in Blink.\n\n- CVE-2016-5164 (address bar spoofing)\n\nUniversal XSS using DevTools.\n\n- CVE-2016-5165 (script injection)\n\nScript injection in DevTools.\n\n- CVE-2016-5166 (smb relay attack)\n\nSMB Relay Attack via Save Page As.\n\n- CVE-2016-5167 (arbitrary code execution)\n\nVarious fixes from internal audits, fuzzing and other initiatives.", "modified": "2016-09-01T00:00:00", "published": "2016-09-01T00:00:00", "id": "ASA-201609-1", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html", "type": "archlinux", "title": "chromium: multiple issues", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-09-22T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5133", "CVE-2016-5147", "CVE-2016-5153", "CVE-2016-5155", "CVE-2016-5161", "CVE-2016-5166", "CVE-2016-5170", "CVE-2016-5171", "CVE-2016-5172", "CVE-2016-5181", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5198"], "description": "Arch Linux Security Advisory ASA-201612-18\n==========================================\n\nSeverity: Critical\nDate : 2016-12-17\nCVE-ID : CVE-2016-5133 CVE-2016-5147 CVE-2016-5153 CVE-2016-5155\nCVE-2016-5161 CVE-2016-5166 CVE-2016-5170 CVE-2016-5171\nCVE-2016-5172 CVE-2016-5181 CVE-2016-5185 CVE-2016-5186\nCVE-2016-5187 CVE-2016-5188 CVE-2016-5192 CVE-2016-5198\nPackage : qt5-webengine\nType : multiple issues\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package qt5-webengine before version 5.7.1-1 is vulnerable to\nmultiple issues including arbitrary code execution, content spoofing,\ncross-site scripting, information disclosure and same-origin policy\nbypass.\n\nResolution\n==========\n\nUpgrade to 5.7.1-1.\n\n# pacman -Syu \"qt5-webengine>=5.7.1-1\"\n\nThe problems have been fixed upstream in version 5.7.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2016-5133 (content spoofing)\n\nGoogle Chrome before 52.0.2743.82 mishandles origin information during\nproxy authentication, which allows man-in-the-middle attackers to spoof\na proxy-authentication login prompt or trigger incorrect credential\nstorage by modifying the client-server data stream.\n\n- CVE-2016-5147 (cross-site scripting)\n\nBlink, as used in Google Chrome, mishandles deferred page loads, which\nallows remote attackers to inject arbitrary web script or HTML via a\ncrafted web site, aka \"Universal XSS (UXSS).\"\n\n- CVE-2016-5153 (arbitrary code execution)\n\nThe Web Animations implementation in Blink improperly relies on list\niteration, which allows remote attackers to cause a denial of service\n(use-after-destruction) or possibly have unspecified other impact via a\ncrafted web site.\n\n- CVE-2016-5155 (content spoofing)\n\nChromium does not properly validate access to the initial document,\nwhich allows remote attackers to spoof the address bar via a crafted\nweb site.\n\n- CVE-2016-5161 (information disclosure)\n\nThe EditingStyle::mergeStyle function in\nWebKit/Source/core/editing/EditingStyle.cpp in Blink mishandles custom\nproperties, which allows remote attackers to cause a denial of service\nor possibly have unspecified other impact via a crafted web site that\nleverages \"type confusion\" in the StylePropertySerializer class.\n\n- CVE-2016-5166 (information disclosure)\n\nThe download implementation in Chromium does not properly restrict\nsaving a file:// URL that is referenced by an http:// URL, which makes\nit easier for user-assisted remote attackers to discover NetNTLM hashes\nand conduct SMB relay attacks via a crafted web page that is accessed\nwith the \"Save page as\" menu choice.\n\n- CVE-2016-5170 (arbitrary code execution)\n\nWebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink does\nnot properly consider getter side effects during array key conversion,\nwhich allows remote attackers to cause a denial of service (use-after-\nfree) or possibly have unspecified other impact via crafted Indexed\nDatabase (aka IndexedDB) API calls.\n\n- CVE-2016-5171 (arbitrary code execution)\n\nWebKit/Source/bindings/templates/interface.cpp in Blink does not\nprevent certain constructor calls, which allows remote attackers to\ncause a denial of service (use-after-free) or possibly have unspecified\nother impact via crafted JavaScript code.\n\n- CVE-2016-5172 (information disclosure)\n\nThe parser in Google V8 mishandles scopes, which allows remote\nattackers to obtain sensitive information from arbitrary memory\nlocations via crafted JavaScript code.\n\n- CVE-2016-5181 (cross-site scripting)\n\nAn universal XSS flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5185 (arbitrary code execution)\n\nAn use after free flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5186 (information disclosure)\n\nAn out of bounds read flaw was found in the DevTools component of the\nChromium browser.\n\n- CVE-2016-5187 (content spoofing)\n\nAn URL spoofing flaw was found in the Chromium browser.\n\n- CVE-2016-5188 (content spoofing)\n\nAn UI spoofing flaw was found in the Chromium browser.\n\n- CVE-2016-5192 (same-origin policy bypass)\n\nA cross-origin bypass flaw was found in the Blink component of the\nChromium browser.\n\n- CVE-2016-5198 (arbitrary code execution)\n\nAn out of bounds memory access flaw was found in the V8 component of\nthe Chromium browser.\n\nImpact\n======\n\nA remote attacker can access sensitive information, spoof content,\nbypass security measures or execute arbitrary code on the affected\nhost.\n\nReferences\n==========\n\nhttps://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.7.1?h=5.7\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=613626\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=628942\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=631052\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=630662\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1372216\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=622420\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=616429\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=641101\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=643357\nhttps://chromereleases.googleblog.com/2016/09/stable-channel-update-for-desktop_13.html\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=616386\nhttps://googlechromereleases.blogspot.fr/2016/10/stable-channel-update-for-desktop.html\nhttps://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=659475\nhttps://access.redhat.com/security/cve/CVE-2016-5133\nhttps://access.redhat.com/security/cve/CVE-2016-5147\nhttps://access.redhat.com/security/cve/CVE-2016-5153\nhttps://access.redhat.com/security/cve/CVE-2016-5155\nhttps://access.redhat.com/security/cve/CVE-2016-5161\nhttps://access.redhat.com/security/cve/CVE-2016-5166\nhttps://access.redhat.com/security/cve/CVE-2016-5170\nhttps://access.redhat.com/security/cve/CVE-2016-5171\nhttps://access.redhat.com/security/cve/CVE-2016-5172\nhttps://access.redhat.com/security/cve/CVE-2016-5181\nhttps://access.redhat.com/security/cve/CVE-2016-5185\nhttps://access.redhat.com/security/cve/CVE-2016-5186\nhttps://access.redhat.com/security/cve/CVE-2016-5187\nhttps://access.redhat.com/security/cve/CVE-2016-5188\nhttps://access.redhat.com/security/cve/CVE-2016-5192\nhttps://access.redhat.com/security/cve/CVE-2016-5198", "modified": "2016-12-17T00:00:00", "published": "2016-12-17T00:00:00", "id": "ASA-201612-18", "href": "https://security.archlinux.org/ASA-201612-18", "type": "archlinux", "title": "[ASA-201612-18] qt5-webengine: multiple issues", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145", "CVE-2016-5139"], "description": "\nGoogle Chrome Releases reports:\n\n10 security fixes in this release, including:\n\n[629542] High CVE-2016-5141 Address bar spoofing. Credit to\n\t anonymous\n[626948] High CVE-2016-5142 Use-after-free in Blink. Credit to\n\t anonymous\n[625541] High CVE-2016-5139 Heap overflow in pdfium. Credit to\n\t GiWan Go of Stealien\n[619405] High CVE-2016-5140 Heap overflow in pdfium. Credit to\n\t Ke Liu of Tencent's Xuanwu LAB\n[623406] Medium CVE-2016-5145 Same origin bypass for images in\n\t Blink. Credit to anonymous\n[619414] Medium CVE-2016-5143 Parameter sanitization failure in\n\t DevTools. Credit to Gregory Panakkal\n[618333] Medium CVE-2016-5144 Parameter sanitization failure in\n\t DevTools. Credit to Gregory Panakkal\n[633486] CVE-2016-5146: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n\n\n", "edition": 4, "modified": "2016-08-03T00:00:00", "published": "2016-08-03T00:00:00", "id": "958B9CEE-79DA-11E6-BF75-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/958b9cee-79da-11e6-bf75-3065ec8fd3ec.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5158", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5162", "CVE-2016-5156", "CVE-2016-5154", "CVE-2016-5151", "CVE-2016-5163", "CVE-2016-5161", "CVE-2016-5147", "CVE-2016-5160", "CVE-2016-5167", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5157", "CVE-2016-5150", "CVE-2016-5149", "CVE-2016-5152", "CVE-2016-5166", "CVE-2016-5159"], "description": "\nGoogle Chrome Releases reports:\n\n33 security fixes in this release\nPlease reference CVE/URL list for details\n\n", "edition": 5, "modified": "2016-08-31T00:00:00", "published": "2016-08-31T00:00:00", "id": "769BA449-79E1-11E6-BF75-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/769ba449-79e1-11e6-bf75-3065ec8fd3ec.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:05:42", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145", "CVE-2016-5139"], "description": "Chromium was updated to 52.0.2743.116 to fix the following security\n issues: (boo#992305)\n\n - CVE-2016-5141: Address bar spoofing (boo#992314)\n - CVE-2016-5142: Use-after-free in Blink (boo#992313)\n - CVE-2016-5139: Heap overflow in pdfium (boo#992311)\n - CVE-2016-5140: Heap overflow in pdfium (boo#992310)\n - CVE-2016-5145: Same origin bypass for images in Blink (boo#992320)\n - CVE-2016-5143: Parameter sanitization failure in DevTools (boo#992319)\n - CVE-2016-5144: Parameter sanitization failure in DevTools (boo#992315)\n - CVE-2016-5146: Various fixes from internal audits, fuzzing and other\n initiatives (boo#992309)\n\n", "edition": 1, "modified": "2016-08-08T00:08:44", "published": "2016-08-08T00:08:44", "id": "OPENSUSE-SU-2016:1982-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html", "type": "suse", "title": "Security update for Chromium (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:56:09", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5145", "CVE-2016-5139"], "edition": 1, "description": "Chromium was updated to 52.0.2743.116 to fix the following security\n issues: (boo#992305)\n\n - CVE-2016-5141: Address bar spoofing (boo#992314)\n - CVE-2016-5142: Use-after-free in Blink (boo#992313)\n - CVE-2016-5139: Heap overflow in pdfium (boo#992311)\n - CVE-2016-5140: Heap overflow in pdfium (boo#992310)\n - CVE-2016-5145: Same origin bypass for images in Blink (boo#992320)\n - CVE-2016-5143: Parameter sanitization failure in DevTools (boo#992319)\n - CVE-2016-5144: Parameter sanitization failure in DevTools (boo#992315)\n - CVE-2016-5146: Various fixes from internal audits, fuzzing and other\n initiatives (boo#992309)\n\n", "modified": "2016-08-08T00:10:12", "published": "2016-08-08T00:10:12", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html", "id": "OPENSUSE-SU-2016:1983-1", "type": "suse", "title": "Security update for Chromium (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-13T12:38:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5158", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5162", "CVE-2016-5156", "CVE-2016-5154", "CVE-2016-5151", "CVE-2016-5163", "CVE-2016-5161", "CVE-2016-5147", "CVE-2016-5160", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5157", "CVE-2016-5150", "CVE-2016-5149", "CVE-2016-5152", "CVE-2016-5166", "CVE-2016-5159"], "description": "Chromium was updated to 53.0.2785.101 to fix a number of security issues\n and bugs.\n\n The following vulnerabilities were fixed: (boo#996648)\n\n - CVE-2016-5147: Universal XSS in Blink.\n - CVE-2016-5148: Universal XSS in Blink.\n - CVE-2016-5149: Script injection in extensions.\n - CVE-2016-5150: Use after free in Blink.\n - CVE-2016-5151: Use after free in PDFium.\n - CVE-2016-5152: Heap overflow in PDFium.\n - CVE-2016-5153: Use after destruction in Blink.\n - CVE-2016-5154: Heap overflow in PDFium.\n - CVE-2016-5155: Address bar spoofing.\n - CVE-2016-5156: Use after free in event bindings.\n - CVE-2016-5157: Heap overflow in PDFium.\n - CVE-2016-5158: Heap overflow in PDFium.\n - CVE-2016-5159: Heap overflow in PDFium.\n - CVE-2016-5161: Type confusion in Blink.\n - CVE-2016-5162: Extensions web accessible resources bypass.\n - CVE-2016-5163: Address bar spoofing.\n - CVE-2016-5164: Universal XSS using DevTools.\n - CVE-2016-5165: Script injection in DevTools.\n - CVE-2016-5166: SMB Relay Attack via Save Page As.\n - CVE-2016-5160: Extensions web accessible resources bypass.\n\n The following upstream fixes are included:\n\n - SPDY crasher fixes\n - Disable NV12 DXGI video on AMD\n - Forward --password-store switch to os_crypt\n - Tell the kernel to discard USB requests when they time out.\n - disallow WKBackForwardListItem navigations for pushState pages\n - arc: bluetooth: Fix advertised uuid\n - fix conflicting PendingIntent for stop button and swipe away\n\n A number of tracked build system fixes are included. (boo#996032,\n boo#99606, boo#995932)\n\n The following tracked regression fix is included: - Re-enable widevine\n plugin (boo#998328)\n\n rpmlint and rpmlint-mini were updated to work around a memory exhaustion\n problem with this package on 32 bit (boo#969732).\n\n", "edition": 1, "modified": "2016-09-13T13:09:18", "published": "2016-09-13T13:09:18", "id": "OPENSUSE-SU-2016:2296-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html", "type": "suse", "title": "Security update for Chromium (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T21:22:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5158", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5162", "CVE-2016-5156", "CVE-2016-5154", "CVE-2016-5151", "CVE-2016-5163", "CVE-2016-5161", "CVE-2016-5147", "CVE-2016-5160", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5157", "CVE-2016-5150", "CVE-2016-5149", "CVE-2016-5152", "CVE-2016-5166", "CVE-2016-5159"], "description": "Chromium was updated to 53.0.2785.89 to fix a number of security issues.\n\n The following vulnerabilities were fixed: (boo#996648)\n\n - CVE-2016-5147: Universal XSS in Blink.\n - CVE-2016-5148: Universal XSS in Blink.\n - CVE-2016-5149: Script injection in extensions.\n - CVE-2016-5150: Use after free in Blink.\n - CVE-2016-5151: Use after free in PDFium.\n - CVE-2016-5152: Heap overflow in PDFium.\n - CVE-2016-5153: Use after destruction in Blink.\n - CVE-2016-5154: Heap overflow in PDFium.\n - CVE-2016-5155: Address bar spoofing.\n - CVE-2016-5156: Use after free in event bindings.\n - CVE-2016-5157: Heap overflow in PDFium.\n - CVE-2016-5158: Heap overflow in PDFium.\n - CVE-2016-5159: Heap overflow in PDFium.\n - CVE-2016-5161: Type confusion in Blink.\n - CVE-2016-5162: Extensions web accessible resources bypass.\n - CVE-2016-5163: Address bar spoofing.\n - CVE-2016-5164: Universal XSS using DevTools.\n - CVE-2016-5165: Script injection in DevTools.\n - CVE-2016-5166: SMB Relay Attack via Save Page As.\n - CVE-2016-5160: Extensions web accessible resources bypass.\n\n A number of tracked build system fixes are included. (boo#996032,\n boo#99606, boo#995932)\n\n", "edition": 1, "modified": "2016-09-06T21:08:26", "published": "2016-09-06T21:08:26", "id": "OPENSUSE-SU-2016:2250-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html", "type": "suse", "title": "Security update for Chromium (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-09-06T21:22:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5158", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5162", "CVE-2016-5156", "CVE-2016-5154", "CVE-2016-5151", "CVE-2016-5163", "CVE-2016-5161", "CVE-2016-5147", "CVE-2016-5160", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5157", "CVE-2016-5150", "CVE-2016-5149", "CVE-2016-5152", "CVE-2016-5166", "CVE-2016-5159"], "description": "Chromium was updated to 53.0.2785.89 to fix a number of security issues.\n\n The following vulnerabilities were fixed: (boo#996648)\n\n - CVE-2016-5147: Universal XSS in Blink.\n - CVE-2016-5148: Universal XSS in Blink.\n - CVE-2016-5149: Script injection in extensions.\n - CVE-2016-5150: Use after free in Blink.\n - CVE-2016-5151: Use after free in PDFium.\n - CVE-2016-5152: Heap overflow in PDFium.\n - CVE-2016-5153: Use after destruction in Blink.\n - CVE-2016-5154: Heap overflow in PDFium.\n - CVE-2016-5155: Address bar spoofing.\n - CVE-2016-5156: Use after free in event bindings.\n - CVE-2016-5157: Heap overflow in PDFium.\n - CVE-2016-5158: Heap overflow in PDFium.\n - CVE-2016-5159: Heap overflow in PDFium.\n - CVE-2016-5161: Type confusion in Blink.\n - CVE-2016-5162: Extensions web accessible resources bypass.\n - CVE-2016-5163: Address bar spoofing.\n - CVE-2016-5164: Universal XSS using DevTools.\n - CVE-2016-5165: Script injection in DevTools.\n - CVE-2016-5166: SMB Relay Attack via Save Page As.\n - CVE-2016-5160: Extensions web accessible resources bypass.\n\n A number of tracked build system fixes are included. (boo#996032,\n boo#99606, boo#995932)\n\n", "edition": 1, "modified": "2016-09-06T21:09:12", "published": "2016-09-06T21:09:12", "id": "SUSE-SU-2016:2251-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html", "type": "suse", "title": "Security update for Chromium (important)", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5139", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5142", "CVE-2016-5143", "CVE-2016-5144", "CVE-2016-5145"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2016-08-12T19:41:52", "published": "2016-08-12T19:41:52", "id": "FEDORA:E587460A98E0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: chromium-52.0.2743.116-1.fc24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5147", "CVE-2016-5148", "CVE-2016-5149", "CVE-2016-5150", "CVE-2016-5151", "CVE-2016-5152", "CVE-2016-5153", "CVE-2016-5154", "CVE-2016-5155", "CVE-2016-5156", "CVE-2016-5157", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-5160", "CVE-2016-5161", "CVE-2016-5162", "CVE-2016-5163", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5166", "CVE-2016-5167"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2016-09-10T20:56:09", "published": "2016-09-10T20:56:09", "id": "FEDORA:0427F60776C9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: chromium-53.0.2785.101-1.fc24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5147", "CVE-2016-5148", "CVE-2016-5149", "CVE-2016-5150", "CVE-2016-5151", "CVE-2016-5152", "CVE-2016-5153", "CVE-2016-5154", "CVE-2016-5155", "CVE-2016-5156", "CVE-2016-5157", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-5160", "CVE-2016-5161", "CVE-2016-5162", "CVE-2016-5163", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5166", "CVE-2016-5167"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2016-09-13T18:23:58", "published": "2016-09-13T18:23:58", "id": "FEDORA:A3BAB60A587D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: chromium-53.0.2785.101-1.fc25", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5147", "CVE-2016-5148", "CVE-2016-5149", "CVE-2016-5150", "CVE-2016-5151", "CVE-2016-5152", "CVE-2016-5153", "CVE-2016-5154", "CVE-2016-5155", "CVE-2016-5156", "CVE-2016-5157", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-5160", "CVE-2016-5161", "CVE-2016-5162", "CVE-2016-5163", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5166", "CVE-2016-5167", "CVE-2016-5170", "CVE-2016-5171", "CVE-2016-5172", "CVE-2016-5173", "CVE-2016-5174", "CVE-2016-5175", "CVE-2016-5177", "CVE-2016-5178"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2016-10-13T02:56:44", "published": "2016-10-13T02:56:44", "id": "FEDORA:9564E60FAFF7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: chromium-53.0.2785.143-1.fc23", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5078", "CVE-2016-5133", "CVE-2016-5147", "CVE-2016-5153", "CVE-2016-5161", "CVE-2016-5166", "CVE-2016-5170", "CVE-2016-5171", "CVE-2016-5172", "CVE-2016-5181", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5198", "CVE-2016-5205", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652", "CVE-2017-5006", "CVE-2017-5007", "CVE-2017-5008", "CVE-2017-5009", "CVE-2017-5010", "CVE-2017-5012", "CVE-2017-5015", "CVE-2017-5016", "CVE-2017-5017", "CVE-2017-5019", "CVE-2017-5023", "CVE-2017-5024", "CVE-2017-5025", "CVE-2017-5026", "CVE-2017-5027", "CVE-2017-5029", "CVE-2017-5033", "CVE-2017-5037", "CVE-2017-5044", "CVE-2017-5046", "CVE-2017-5047", "CVE-2017-5048", "CVE-2017-5049", "CVE-2017-5050", "CVE-2017-5051", "CVE-2017-5059", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5065", "CVE-2017-5067", "CVE-2017-5069", "CVE-2017-5070", "CVE-2017-5071", "CVE-2017-5075", "CVE-2017-5076", "CVE-2017-5083", "CVE-2017-5089"], "description": "Qt5 - QtWebEngine components. ", "modified": "2017-07-23T21:52:43", "published": "2017-07-23T21:52:43", "id": "FEDORA:E68A1603A526", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update:\n qt5-qtwebengine-5.6.3-0.1.20170712gitee719ad313e564.fc24", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T00:56:23", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5142", "CVE-2016-5144", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5143", "CVE-2016-5146", "CVE-2016-5139"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3645-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nAugust 09, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2016-5139 CVE-2016-5140 CVE-2016-5141 CVE-2016-5142\n CVE-2016-5143 CVE-2016-5144\n\nSeveral vulnerabilites have been discovered in the chromium web browser.\n\nCVE-2016-5139\n\n GiWan Go discovered a use-after-free issue in the pdfium library.\n\nCVE-2016-5140\n\n Ke Liu discovered a use-after-free issue in the pdfium library.\n\nCVE-2016-5141\n\n Sergey Glazunov discovered a URL spoofing issue.\n\nCVE-2016-5142\n\n Sergey Glazunov discovered a use-after-free issue.\n\nCVE-2016-5143\n\n Gregory Panakkal discovered an issue in the developer tools.\n\nCVE-2016-5144\n\n Gregory Panakkal discovered another issue in the developer tools.\n\nCVE-2016-5146\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 52.0.2743.116-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 52.0.2743.116-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2016-08-09T01:05:24", "published": "2016-08-09T01:05:24", "id": "DEBIAN:DSA-3645-1:C2CC4", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00223.html", "title": "[SECURITY] [DSA 3645-1] chromium-browser security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T00:51:46", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5158", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5162", "CVE-2016-5156", "CVE-2016-5154", "CVE-2016-5151", "CVE-2016-5163", "CVE-2016-5161", "CVE-2016-5147", "CVE-2016-5160", "CVE-2016-5167", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5157", "CVE-2016-5150", "CVE-2016-5149", "CVE-2016-5152", "CVE-2016-5166", "CVE-2016-5159"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3660-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nSeptember 05, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2016-5147 CVE-2016-5148 CVE-2016-5149 CVE-2016-5150\n CVE-2016-5151 CVE-2016-5152 CVE-2016-5153 CVE-2016-5154\n CVE-2016-5155 CVE-2016-5156 CVE-2016-5157 CVE-2016-5158\n CVE-2016-5159 CVE-2016-5160 CVE-2016-5161 CVE-2016-5162\n CVE-2016-5163 CVE-2016-5164 CVE-2016-5165 CVE-2016-5166\n CVE-2016-5167\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2016-5147\n\n A cross-site scripting issue was discovered.\n\nCVE-2016-5148\n\n Another cross-site scripting issue was discovered.\n\nCVE-2016-5149\n\n Max Justicz discovered a script injection issue in extension handling.\n\nCVE-2016-5150\n\n A use-after-free issue was discovered in Blink/Webkit.\n\nCVE-2016-5151\n\n A use-after-free issue was discovered in the pdfium library.\n\nCVE-2016-5152\n\n GiWan Go discovered a heap overflow issue in the pdfium library.\n\nCVE-2016-5153\n\n Atte Kettunen discovered a use-after-destruction issue.\n\nCVE-2016-5154\n\n A heap overflow issue was discovered in the pdfium library.\n\nCVE-2016-5155\n\n An address bar spoofing issue was discovered.\n\nCVE-2016-5156\n\n jinmo123 discovered a use-after-free issue.\n\nCVE-2016-5157\n\n A heap overflow issue was discovered in the pdfium library.\n\nCVE-2016-5158\n\n GiWan Go discovered a heap overflow issue in the pdfium library.\n\nCVE-2016-5159\n\n GiWan Go discovered another heap overflow issue in the pdfium library.\n\nCVE-2016-5160\n\n @l33terally discovered an extensions resource bypass.\n\nCVE-2016-5161\n\n A type confusion issue was discovered.\n\nCVE-2016-5162\n\n Nicolas Golubovic discovered an extensions resource bypass.\n\nCVE-2016-5163\n\n Rafay Baloch discovered an address bar spoofing issue.\n\nCVE-2016-5164\n\n A cross-site scripting issue was discovered in the developer tools.\n\nCVE-2016-5165\n\n Gregory Panakkal discovered a script injection issue in the developer\n tools.\n\nCVE-2016-5166\n\n Gregory Panakkal discovered an issue with the Save Page As feature.\n\nCVE-2016-5167\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 53.0.2785.89-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 53.0.2785.89-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2016-09-05T23:17:53", "published": "2016-09-05T23:17:53", "id": "DEBIAN:DSA-3660-1:1027C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00239.html", "title": "[SECURITY] [DSA 3660-1] chromium-browser security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T22:54:49", "bulletinFamily": "info", "cvelist": ["CVE-2016-5147", "CVE-2016-5148", "CVE-2016-5149", "CVE-2016-5150", "CVE-2016-5151", "CVE-2016-5152", "CVE-2016-5153", "CVE-2016-5154", "CVE-2016-5155", "CVE-2016-5156", "CVE-2016-5157", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-5160", "CVE-2016-5161", "CVE-2016-5162", "CVE-2016-5163", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5166"], "description": "Google continued its onslaught of summer Chrome patches Wednesday when it pushed out [version 53](<http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html>) of the browser, fixing 33 bugs, half of which were rated \u201chigh\u201d severity by the company.\n\nGoogle paid at least $56,500 in rewards to researchers who discovered vulnerabilities in the browser this time through. The company is still determining how much to award several researchers who found bugs, while two vulnerabilities marked Wednesday were ultimately not applicable to the company\u2019s bug bounty program.\n\nThe vulnerabilities that received the highest payout \u2013 $7,500 each \u2013 were two cross site scripting vulnerabilities in Blink, a web browser engine present in the browser, and a script injection vulnerability in the browser\u2019s extensions functionality. The rest of the vulnerabilities branded \u201chigh\u201d severity were mostly heap overflows in PDFium, Chrome\u2019s default PDF reader.\n\nThe update also fixes two address-spoofing vulnerabilities, including one [uncovered by researcher Rafay Baloch a few weeks ago](<https://threatpost.com/browser-address-bar-spoofing-vulnerability-disclosed/119951/>). The flaw stemmed from how browsers\u2019 address bars mishandled Unicode characters such as \u201c|\u201d in Arabic and Hebrew. Mozilla paid Baloch a $1,000 reward in August for disclosing [how the issue affected Firefox](<https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/>). It appears the vulnerability, marked \u201cmedium\u201d severity by Chrome\u2019s Security Team, netted Baloch $3,000 from Google. Details around the second address spoofing vulnerability, credited to \u201canonymous\u201d are scant.\n\nChrome has seen a steady uptick in patches over the past few months. Last month\u2019s update \u2013 version 52 \u2013 [saw 48 bugs fixed](<https://threatpost.com/google-fixes-sandbox-escape-in-chrome-again/119428/>) by the company; May\u2019s update saw [42 bugs fixed](<https://threatpost.com/researcher-pockets-30000-in-chrome-bounties/118337/>).\n\nHere\u2019s the full list of bugs fixed in Chrome 53 that earned rewards:\n\n[$7500][[628942](<https://crbug.com/628942>)] High CVE-2016-5147: Universal XSS in Blink. Credit to anonymous \n[$7500][[621362](<https://crbug.com/621362>)] High CVE-2016-5148: Universal XSS in Blink. Credit to anonymous \n[$7500][[573131](<https://crbug.com/573131>)] High CVE-2016-5149: Script injection in extensions. Credit to Max Justicz (http://web.mit.edu/maxj/www/) \n[$5000][[637963](<https://crbug.com/637963>)] High CVE-2016-5150: Use after free in Blink. Credit to anonymous \n[$5000][[634716](<https://crbug.com/634716>)] High CVE-2016-5151: Use after free in PDFium. Credit to anonymous \n[$5000][[629919](<https://crbug.com/629919>)] High CVE-2016-5152: Heap overflow in PDFium. Credit to GiWan Go of Stealien \n[$3500][[631052](<https://crbug.com/631052>)] High CVE-2016-5153: Use after destruction in Blink. Credit to Atte Kettunen of OUSPG \n[$3000][[633002](<https://crbug.com/633002>)] High CVE-2016-5154: Heap overflow in PDFium. Credit to anonymous \n[$3000][[630662](<https://crbug.com/630662>)] High CVE-2016-5155: Address bar spoofing. Credit to anonymous \n[$3000][[625404](<https://crbug.com/625404>)] High CVE-2016-5156: Use after free in event bindings. Credit to jinmo123 \n[$TBD][[632622](<https://crbug.com/632622>)] High CVE-2016-5157: Heap overflow in PDFium. Credit to anonymous \n[$TBD][[628890](<https://crbug.com/628890>)] High CVE-2016-5158: Heap overflow in PDFium. Credit to GiWan Go of Stealien \n[$TBD][[628304](<https://crbug.com/628304>)] High CVE-2016-5159: Heap overflow in PDFium. Credit to GiWan Go of Stealien \n[$n/a][[622420](<https://crbug.com/622420>)] Medium CVE-2016-5161: Type confusion in Blink. Credit to 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro\u2019s Zero Day Initiative \n[$n/a][[589237](<https://crbug.com/589237>)] Medium CVE-2016-5162: Extensions web accessible resources bypass. Credit to Nicolas Golubovic \n[$3000][[609680](<https://crbug.com/609680>)] Medium CVE-2016-5163: Address bar spoofing. Credit to Rafay Baloch PTCL Etisalat (http://rafayhackingarticles.net) \n[$2000][[637594](<https://crbug.com/637594>)] Medium CVE-2016-5164: Universal XSS using DevTools. Credit to anonymous \n[$1000][[618037](<https://crbug.com/618037>)] Medium CVE-2016-5165: Script injection in DevTools. Credit to Gregory Panakkal \n[$TBD][[616429](<https://crbug.com/616429>)] Medium CVE-2016-5166: SMB Relay Attack via Save Page As. Credit to Gregory Panakkal \n[$500][[576867](<https://crbug.com/576867>)] Low CVE-2016-5160: Extensions web accessible resources bypass. Credit to @l33terally, FogMarks.com (@FogMarks)\n", "modified": "2016-09-01T15:52:59", "published": "2016-09-01T11:52:59", "id": "THREATPOST:9D62A191FD1560CDB2BAB98249AC99F1", "href": "https://threatpost.com/chrome-53-fixes-address-spoofing-vulnerability-32-other-bugs/120305/", "type": "threatpost", "title": "Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-10-29T16:42:14", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5129", "CVE-2016-5183", "CVE-2016-5134", "CVE-2016-5158", "CVE-2016-5182", "CVE-2016-5142", "CVE-2016-5130", "CVE-2016-5191", "CVE-2016-5164", "CVE-2016-5186", "CVE-2016-5177", "CVE-2016-5184", "CVE-2016-5165", "CVE-2016-5189", "CVE-2016-5162", "CVE-2016-5144", "CVE-2016-5156", "CVE-2016-5173", "CVE-2016-5154", "CVE-2016-5151", "CVE-2016-5140", "CVE-2016-5171", "CVE-2016-5194", "CVE-2016-5141", "CVE-2016-5133", "CVE-2016-5143", "CVE-2016-5170", "CVE-2016-5163", "CVE-2016-5174", "CVE-2016-5161", "CVE-2016-5146", "CVE-2016-5147", "CVE-2016-5185", "CVE-2016-5193", "CVE-2016-5175", "CVE-2016-5131", "CVE-2016-5190", "CVE-2016-5138", "CVE-2016-5181", "CVE-2016-5160", "CVE-2016-5135", "CVE-2016-5145", "CVE-2016-5136", "CVE-2016-5167", "CVE-2016-5153", "CVE-2016-5148", "CVE-2016-5155", "CVE-2016-5157", "CVE-2016-5128", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5132", "CVE-2016-5172", "CVE-2016-5150", "CVE-2016-5178", "CVE-2016-5139", "CVE-2016-5149", "CVE-2016-5152", "CVE-2016-5137", "CVE-2016-5127", "CVE-2016-5187", "CVE-2016-5166", "CVE-2016-5159"], "edition": 1, "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-54.0.2840.59\"", "modified": "2016-10-29T00:00:00", "published": "2016-10-29T00:00:00", "href": "https://security.gentoo.org/glsa/201610-09", "id": "GLSA-201610-09", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "zdi": [{"lastseen": "2020-06-22T11:40:31", "bulletinFamily": "info", "cvelist": ["CVE-2016-5161"], "edition": 3, "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the StylePropertySerializer class. By manipulating a document's elements an attacker can trigger a type confusion condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "modified": "2016-06-22T00:00:00", "published": "2016-09-01T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-501/", "id": "ZDI-16-501", "title": "Google Chrome StylePropertySerializer Type Confusion Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}