Lucene search
Copyright (C) 2017 Greenbone Networks GmbHOPENVAS:1361412562310810588HistoryMar 10, 2017 - 12:00 a.m.
Google Chrome Security Updates(stable-channel-update-for-desktop-2017-03)-MAC OS X
2017-03-1000:00:00
Copyright (C) 2017 Greenbone Networks GmbH
plugins.openvas.org
7
0.49 Medium
EPSS
Percentile
97.2%
The host is installed with Google Chrome
and is prone to multiple vulnerabilities.
##############################################################################
# OpenVAS Vulnerability Test
#
# Google Chrome Security Updates(stable-channel-update-for-desktop-2017-03)-MAC OS X
#
# Authors:
# Rinu Kuriakose <[email protected]>
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:google:chrome";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.810588");
script_version("2019-07-17T08:15:16+0000");
script_cve_id("CVE-2017-5030", "CVE-2017-5031", "CVE-2017-5032", "CVE-2017-5029",
"CVE-2017-5034", "CVE-2017-5035", "CVE-2017-5036", "CVE-2017-5037",
"CVE-2017-5039", "CVE-2017-5040", "CVE-2017-5041", "CVE-2017-5033",
"CVE-2017-5042", "CVE-2017-5038", "CVE-2017-5043", "CVE-2017-5044",
"CVE-2017-5045", "CVE-2017-5046");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)");
script_tag(name:"creation_date", value:"2017-03-10 10:42:40 +0530 (Fri, 10 Mar 2017)");
script_name("Google Chrome Security Updates(stable-channel-update-for-desktop-2017-03)-MAC OS X");
script_tag(name:"summary", value:"The host is installed with Google Chrome
and is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The multiple flaws exists due to,
- A memory corruption error in V8.
- An use after free error in ANGLE.
- An out of bounds write error in PDFium.
- An integer overflow error in libxslt.
- An use after free error in PDFium.
- An incorrect security UI in Omnibox.
- Multiple out of bounds writes errors in ChunkDemuxer.
- Multiple information disclosure errors in V8, XSS Auditor and Blink..
- An address spoofing in Omnibox.
- Bypass of Content Security Policy in Blink.
- An incorrect handling of cookies in Cast.
- Multiple use after free errors in GuestView.
- A heap overflow error in Skia.
- The various fixes from internal audits, fuzzing and other initiatives.");
script_tag(name:"impact", value:"Successful exploitation of these
vulnerabilities will allow remote attackers to execute arbitrary code, conduct
spoofing attacks, bypass security and cause denial of service.");
script_tag(name:"affected", value:"Google Chrome version
prior to 57.0.2987.98 on MAC OS X");
script_tag(name:"solution", value:"Upgrade to Google Chrome version
57.0.2987.98 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"executable_version");
script_xref(name:"URL", value:"https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
script_family("General");
script_dependencies("gb_google_chrome_detect_macosx.nasl");
script_mandatory_keys("GoogleChrome/MacOSX/Version");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!chr_ver = get_app_version(cpe:CPE)){
exit(0);
}
if(version_is_less(version:chr_ver, test_version:"57.0.2987.98"))
{
report = report_fixed_ver(installed_version:chr_ver, fixed_version:"57.0.2987.98");
security_message(data:report);
exit(0);
}Related
openvas
openvas
openSUSE: Security Advisory for Chromium (openSUSE-SU-2017:0738-1)
2017-03-18 00:00:00
Google Chrome Security Updates(stable-channel-update-for-desktop-2017-03)-Windows
2017-03-10 00:00:00
Debian Security Advisory DSA 3810-1 (chromium-browser - security update)
2017-03-15 00:00:00
nessus
nessus
FreeBSD : chromium -- multiple vulnerabilities (a505d397-0758-11e7-8d8b-e8e0b747a45a)
2017-03-13 00:00:00
openSUSE Security Update : Chromium (openSUSE-2017-353)
2017-03-20 00:00:00
Google Chrome < 57.0.2987.98 Multiple Vulnerabilities (macOS)
2017-03-14 00:00:00
archlinux
archlinux
[ASA-201703-4] chromium: multiple issues
2017-03-11 00:00:00
[ASA-201703-5] libxslt: arbitrary code execution
2017-03-12 00:00:00
suse
suse
Security update for Chromium (important)
2017-03-18 00:09:23
Security update for Chromium (important)
2017-03-18 00:08:56
freebsd
freebsd
chromium -- multiple vulnerabilities
2017-03-09 00:00:00
GitLab -- multiple vulnerabilities
2017-09-07 00:00:00
osv
osv
chromium-browser - security update
2017-03-15 00:00:00
Nokogiri implementation of libxslt lacks integer overflow checks
2018-07-31 18:21:29
libxslt - security update
2017-03-23 00:00:00
debian
debian
[SECURITY] [DSA 3810-1] chromium-browser security update
2017-03-15 12:29:29
[SECURITY] [DSA 3810-1] chromium-browser security update
2017-03-15 12:29:29
[SECURITY] [DLA 866-1] libxslt security update
2017-03-23 13:20:26
redhat
redhat
(RHSA-2017:0499) Important: chromium-browser security update
2017-03-14 06:03:42
ubuntu
ubuntu
Oxide vulnerabilities
2017-03-29 00:00:00
Libxslt vulnerabilities
2017-04-28 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2017-03-09 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2017-04-10 00:00:00
libxslt: Multiple vulnerabilities
2018-04-04 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2017-04-21 10:24:22
Updated libxslt packages fix security vulnerability
2017-05-02 09:37:59
threatpost
threatpost
Google Chrome 57 Browser Update Patches 'High' Severity Flaws
2017-03-10 11:43:32
cve
cve
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2017-04-24 23:59:00
Design/Logic Flaw
2017-04-24 23:59:00
Design/Logic Flaw
2017-04-24 23:59:00
redhatcve
redhatcve
debiancve
debiancve
attackerkb
attackerkb
CVE-2017-5030
2017-04-24 00:00:00
cisa_kev
cisa_kev
Google Chromium V8 Memory Corruption Vulnerability
2022-06-08 00:00:00
zdi
zdi
checkpoint_advisories
checkpoint_advisories
Google Chrome Browser V8 Memory Corruption (CVE-2017-5030)
2022-07-20 00:00:00
kaspersky
kaspersky
mozilla
mozilla
Use after free in ANGLE — Mozilla
2017-05-05 00:00:00
github
github
Nokogiri implementation of libxslt lacks integer overflow checks
2018-07-31 18:21:29
alpinelinux
alpinelinux
CVE-2017-5029
2017-04-24 23:59:00
fedora
fedora
[SECURITY] Fedora 26 Update: qt5-qtwebengine-5.9.0-4.fc26
2017-07-06 22:53:47
[SECURITY] Fedora 25 Update: qt5-qtwebengine-5.9.0-4.fc25
2017-07-12 03:27:41
talosblog
talosblog
seebug
seebug
Microsoft Edge Content Security Bypass Vulnerability
2017-09-12 00:00:00
talos
talos
Microsoft Edge Content Security Bypass Vulnerability
2017-09-06 00:00:00
rubygems
rubygems
Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
2017-05-08 21:00:00
photon
photon
ibm
ibm
apple
apple
About the security content of iCloud for Windows 6.2
2017-03-28 00:00:00
About the security content of iCloud for Windows 6.2 - Apple Support
2017-04-24 06:47:37
About the security content of iTunes 12.6 for Windows
2017-03-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 52.1.1-alt1
2017-05-08 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47