ID OPENVAS:1361412562310842598 Type openvas Reporter Copyright (C) 2016 Greenbone Networks GmbH Modified 2019-03-13T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Ubuntu Update for oxide-qt USN-2860-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.842598");
script_version("$Revision: 14140 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $");
script_tag(name:"creation_date", value:"2016-01-12 06:22:10 +0100 (Tue, 12 Jan 2016)");
script_cve_id("CVE-2015-6789", "CVE-2015-6790", "CVE-2015-6791", "CVE-2015-8548", "CVE-2015-8664");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"qod_type", value:"package");
script_name("Ubuntu Update for oxide-qt USN-2860-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'oxide-qt'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"A race condition was discovered in the
MutationObserver implementation in Blink. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this to cause
a denial of service via renderer crash, or execute arbitrary code with the
privileges of the sandboxed render process. (CVE-2015-6789)
An issue was discovered with the page serializer in Blink. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to inject arbitrary script or HTML.
(CVE-2015-6790)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-6791)
Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-8548)
An integer overflow was discovered in the WebCursor::Deserialize function
in Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-8664)");
script_tag(name:"affected", value:"oxide-qt on Ubuntu 15.10,
Ubuntu 15.04,
Ubuntu 14.04 LTS");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_xref(name:"USN", value:"2860-1");
script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-2860-1/");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(15\.04|14\.04 LTS|15\.10)");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "UBUNTU15.04")
{
if ((res = isdpkgvuln(pkg:"liboxideqtcore0:i386", ver:"1.11.4-0ubuntu0.15.04.1", rls:"UBUNTU15.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"liboxideqtcore0:amd64", ver:"1.11.4-0ubuntu0.15.04.1", rls:"UBUNTU15.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU14.04 LTS")
{
if ((res = isdpkgvuln(pkg:"liboxideqtcore0:amd64", ver:"1.11.4-0ubuntu0.14.04.1", rls:"UBUNTU14.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"liboxideqtcore0:i386", ver:"1.11.4-0ubuntu0.14.04.1", rls:"UBUNTU14.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU15.10")
{
if ((res = isdpkgvuln(pkg:"liboxideqtcore0:amd64", ver:"1.11.4-0ubuntu0.15.10.1", rls:"UBUNTU15.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"liboxideqtcore0:i386", ver:"1.11.4-0ubuntu0.15.10.1", rls:"UBUNTU15.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310842598", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for oxide-qt USN-2860-1", "description": "The remote host is missing an update for the ", "published": "2016-01-12T00:00:00", "modified": "2019-03-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842598", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["http://www.ubuntu.com/usn/usn-2860-1/", "2860-1"], "cvelist": ["CVE-2015-6789", "CVE-2015-8548", "CVE-2015-8664", "CVE-2015-6791", "CVE-2015-6790"], "lastseen": "2019-05-29T18:35:17", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MACOSX_GOOGLE_CHROME_47_0_2526_80.NASL", "DEBIAN_DSA-3418.NASL", "UBUNTU_USN-2860-1.NASL", "OPENSUSE-2015-912.NASL", "FREEBSD_PKG_72C145DFA1E011E58AD000262D5ED8EE.NASL", "GENTOO_GLSA-201603-09.NASL", "GOOGLE_CHROME_47_0_2526_80.NASL", "REDHAT-RHSA-2015-2618.NASL"]}, {"type": "ubuntu", "idList": ["USN-2860-1"]}, {"type": "openvas", "idList": ["OPENVAS:703418", "OPENVAS:1361412562310806928", "OPENVAS:1361412562310703418", "OPENVAS:1361412562310806929", "OPENVAS:1361412562310806803", "OPENVAS:1361412562310851143", "OPENVAS:1361412562310806930", "OPENVAS:1361412562310131150", "OPENVAS:1361412562310806802", "OPENVAS:1361412562310806804"]}, {"type": "cve", "idList": ["CVE-2015-8664", "CVE-2015-8548", "CVE-2015-6789", "CVE-2015-6790", "CVE-2015-6791"]}, {"type": "kaspersky", "idList": ["KLA10722", "KLA10712"]}, {"type": "redhat", "idList": ["RHSA-2015:2618", "RHSA-2015:2665"]}, {"type": "threatpost", "idList": ["THREATPOST:7000BE0D70DE94C2C75446C41D6C49A7"]}, {"type": "freebsd", "idList": ["72C145DF-A1E0-11E5-8AD0-00262D5ED8EE"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3418-1:13F13"]}, {"type": "archlinux", "idList": ["ASA-201512-5"]}, {"type": "exploitdb", "idList": ["EDB-ID:39039"]}, {"type": "zdt", "idList": ["1337DAY-ID-25743"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:2291-1", "OPENSUSE-SU-2015:2290-1"]}, {"type": "gentoo", "idList": ["GLSA-201603-09"]}], "modified": "2019-05-29T18:35:17", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2019-05-29T18:35:17", "rev": 2}, "vulnersScore": 8.7}, "pluginID": "1361412562310842598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for oxide-qt USN-2860-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842598\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-12 06:22:10 +0100 (Tue, 12 Jan 2016)\");\n script_cve_id(\"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\", \"CVE-2015-8548\", \"CVE-2015-8664\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for oxide-qt USN-2860-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A race condition was discovered in the\n MutationObserver implementation in Blink. If a user were tricked in to opening\n a specially crafted website, an attacker could potentially exploit this to cause\n a denial of service via renderer crash, or execute arbitrary code with the\n privileges of the sandboxed render process. (CVE-2015-6789)\n\n An issue was discovered with the page serializer in Blink. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit this to inject arbitrary script or HTML.\n (CVE-2015-6790)\n\n Multiple security issues were discovered in Chromium. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit these to read uninitialized memory, cause a denial\n of service via application crash or execute arbitrary code with the\n privileges of the user invoking the program. (CVE-2015-6791)\n\n Multiple security issues were discovered in V8. If a user were tricked\n in to opening a specially crafted website, an attacker could potentially\n exploit these to read uninitialized memory, cause a denial of service via\n renderer crash or execute arbitrary code with the privileges of the\n sandboxed render process. (CVE-2015-8548)\n\n An integer overflow was discovered in the WebCursor::Deserialize function\n in Chromium. If a user were tricked in to opening a specially crafted\n website, an attacker could potentially exploit this to cause a denial of\n service via application crash, or execute arbitrary code with the\n privileges of the user invoking the program. (CVE-2015-8664)\");\n\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 15.10,\n Ubuntu 15.04,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2860-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2860-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.11.4-0ubuntu0.15.04.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.11.4-0ubuntu0.15.04.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.11.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.11.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.11.4-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.11.4-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks", "immutableFields": []}
{"ubuntu": [{"lastseen": "2020-07-02T11:41:33", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6789", "CVE-2015-8548", "CVE-2015-8664", "CVE-2015-6791", "CVE-2015-6790"], "description": "A race condition was discovered in the MutationObserver implementation in \nBlink. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit this to cause a denial of service \nvia renderer crash, or execute arbitrary code with the privileges of the \nsandboxed render process. (CVE-2015-6789)\n\nAn issue was discovered with the page serializer in Blink. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to inject arbitrary script or HTML. \n(CVE-2015-6790)\n\nMultiple security issues were discovered in Chromium. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to read uninitialized memory, cause a denial \nof service via application crash or execute arbitrary code with the \nprivileges of the user invoking the program. (CVE-2015-6791)\n\nMultiple security issues were discovered in V8. If a user were tricked \nin to opening a specially crafted website, an attacker could potentially \nexploit these to read uninitialized memory, cause a denial of service via \nrenderer crash or execute arbitrary code with the privileges of the \nsandboxed render process. (CVE-2015-8548)\n\nAn integer overflow was discovered in the WebCursor::Deserialize function \nin Chromium. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code with the \nprivileges of the user invoking the program. (CVE-2015-8664)", "edition": 5, "modified": "2016-01-11T00:00:00", "published": "2016-01-11T00:00:00", "id": "USN-2860-1", "href": "https://ubuntu.com/security/notices/USN-2860-1", "title": "Oxide vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-20T15:29:20", "description": "A race condition was discovered in the MutationObserver implementation\nin Blink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via renderer crash, or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2015-6789)\n\nAn issue was discovered with the page serializer in Blink. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to inject arbitrary script or HTML.\n(CVE-2015-6790)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-6791)\n\nMultiple security issues were discovered in V8. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via renderer crash or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2015-8548)\n\nAn integer overflow was discovered in the WebCursor::Deserialize\nfunction in Chromium. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking the program. (CVE-2015-8664).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-01-12T00:00:00", "title": "Ubuntu 14.04 LTS / 15.04 / 15.10 : oxide-qt vulnerabilities (USN-2860-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6789", "CVE-2015-8548", "CVE-2015-8664", "CVE-2015-6791", "CVE-2015-6790"], "modified": "2016-01-12T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:15.10", "p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2860-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2860-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87868);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\", \"CVE-2015-8548\", \"CVE-2015-8664\");\n script_xref(name:\"USN\", value:\"2860-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.04 / 15.10 : oxide-qt vulnerabilities (USN-2860-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition was discovered in the MutationObserver implementation\nin Blink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via renderer crash, or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2015-6789)\n\nAn issue was discovered with the page serializer in Blink. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to inject arbitrary script or HTML.\n(CVE-2015-6790)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-6791)\n\nMultiple security issues were discovered in V8. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via renderer crash or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2015-8548)\n\nAn integer overflow was discovered in the WebCursor::Deserialize\nfunction in Chromium. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking the program. (CVE-2015-8664).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2860-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liboxideqtcore0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|15\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.11.4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.11.4-0ubuntu0.15.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"liboxideqtcore0\", pkgver:\"1.11.4-0ubuntu0.15.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-31T20:09:28", "description": "Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash,\nexecute arbitrary code, or disclose sensitive information when visited\nby the victim. (CVE-2015-6788, CVE-2015-6789, CVE-2015-6790,\nCVE-2015-6791)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 47.0.2526.80, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.", "edition": 20, "published": "2015-12-14T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2015:2618)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6789", "CVE-2015-8548", "CVE-2015-6791", "CVE-2015-6790", "CVE-2015-6788"], "modified": "2015-12-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "cpe:/o:redhat:enterprise_linux:6.7", "p-cpe:/a:redhat:enterprise_linux:chromium-browser", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-2618.NASL", "href": "https://www.tenable.com/plugins/nessus/87336", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2618. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87336);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\", \"CVE-2015-8548\");\n script_xref(name:\"RHSA\", value:\"2015:2618\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2015:2618)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash,\nexecute arbitrary code, or disclose sensitive information when visited\nby the victim. (CVE-2015-6788, CVE-2015-6789, CVE-2015-6790,\nCVE-2015-6791)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 47.0.2526.80, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.\"\n );\n # http://googlechromereleases.blogspot.com/2015/12/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/2015/12/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-6791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-6790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-6788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-6789\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2618\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-47.0.2526.80-1.el6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-47.0.2526.80-1.el6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-47.0.2526.80-1.el6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-47.0.2526.80-1.el6\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:45:39", "description": "Google Chrome Releases reports :\n\n7 security fixes in this release, including :\n\n- [548273] High CVE-2015-6788: Type confusion in extensions. Credit to\nanonymous.\n\n- [557981] High CVE-2015-6789: Use-after-free in Blink. Credit to\ncloudfuzzer.\n\n- [542054] Medium CVE-2015-6790: Escaping issue in saved pages. Credit\nto Inti De Ceukelaire.\n\n- [567513] CVE-2015-6791: Various fixes from internal audits, fuzzing\nand other initiatives.\n\n- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch\n(currently 4.7.80.23).", "edition": 21, "published": "2015-12-15T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (72c145df-a1e0-11e5-8ad0-00262d5ed8ee)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6789", "CVE-2015-6791", "CVE-2015-6790", "CVE-2015-6788"], "modified": "2015-12-15T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium-npapi", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium-pulse", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_72C145DFA1E011E58AD000262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/87362", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87362);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (72c145df-a1e0-11e5-8ad0-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n7 security fixes in this release, including :\n\n- [548273] High CVE-2015-6788: Type confusion in extensions. Credit to\nanonymous.\n\n- [557981] High CVE-2015-6789: Use-after-free in Blink. Credit to\ncloudfuzzer.\n\n- [542054] Medium CVE-2015-6790: Escaping issue in saved pages. Credit\nto Inti De Ceukelaire.\n\n- [567513] CVE-2015-6791: Various fixes from internal audits, fuzzing\nand other initiatives.\n\n- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch\n(currently 4.7.80.23).\"\n );\n # http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update_8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39e3f724\"\n );\n # https://vuxml.freebsd.org/freebsd/72c145df-a1e0-11e5-8ad0-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?939dbf09\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<47.0.2526.80\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<47.0.2526.80\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<47.0.2526.80\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:49:20", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2015-6788\n A type confusion issue was discovered in the handling of\n extensions.\n\n - CVE-2015-6789\n cloudfuzzer discovered a use-after-free issue.\n\n - CVE-2015-6790\n Inti De Ceukelaire discovered a way to inject HTML into\n serialized web pages.\n\n - CVE-2015-6791\n The chrome 47 development team found and fixed various\n issues during internal auditing. Also multiple issues\n were fixed in the v8 JavaScript library, version\n 4.7.80.23.", "edition": 22, "published": "2015-12-15T00:00:00", "title": "Debian DSA-3418-1 : chromium-browser - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6789", "CVE-2015-6791", "CVE-2015-6790", "CVE-2015-6788"], "modified": "2015-12-15T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:chromium-browser"], "id": "DEBIAN_DSA-3418.NASL", "href": "https://www.tenable.com/plugins/nessus/87360", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3418. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87360);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\");\n script_xref(name:\"DSA\", value:\"3418\");\n\n script_name(english:\"Debian DSA-3418-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2015-6788\n A type confusion issue was discovered in the handling of\n extensions.\n\n - CVE-2015-6789\n cloudfuzzer discovered a use-after-free issue.\n\n - CVE-2015-6790\n Inti De Ceukelaire discovered a way to inject HTML into\n serialized web pages.\n\n - CVE-2015-6791\n The chrome 47 development team found and fixed various\n issues during internal auditing. Also multiple issues\n were fixed in the v8 JavaScript library, version\n 4.7.80.23.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-6788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-6789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-6790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-6791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3418\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 47.0.2526.80-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"chromedriver\", reference:\"47.0.2526.80-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium\", reference:\"47.0.2526.80-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-dbg\", reference:\"47.0.2526.80-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-inspector\", reference:\"47.0.2526.80-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-l10n\", reference:\"47.0.2526.80-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:29:00", "description": "Chromium was updated to 47.0.2526.80 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-6788: Type confusion in extensions\n\n - CVE-2015-6789: Use-after-free in Blink\n\n - CVE-2015-6790: Escaping issue in saved pages\n\n - CVE-2015-6791: Various fixes from internal audits,\n fuzzing and other initiatives\n\nThe following vulnerabilities were fixed in 47.0.2526.73 :\n\n - CVE-2015-6765: Use-after-free in AppCache\n\n - CVE-2015-6766: Use-after-free in AppCache\n\n - CVE-2015-6767: Use-after-free in AppCache\n\n - CVE-2015-6768: Cross-origin bypass in DOM\n\n - CVE-2015-6769: Cross-origin bypass in core\n\n - CVE-2015-6770: Cross-origin bypass in DOM\n\n - CVE-2015-6771: Out of bounds access in v8\n\n - CVE-2015-6772: Cross-origin bypass in DOM\n\n - CVE-2015-6764: Out of bounds access in v8\n\n - CVE-2015-6773: Out of bounds access in Skia\n\n - CVE-2015-6774: Use-after-free in Extensions\n\n - CVE-2015-6775: Type confusion in PDFium\n\n - CVE-2015-6776: Out of bounds access in PDFium\n\n - CVE-2015-6777: Use-after-free in DOM\n\n - CVE-2015-6778: Out of bounds access in PDFium\n\n - CVE-2015-6779: Scheme bypass in PDFium\n\n - CVE-2015-6780: Use-after-free in Infobars\n\n - CVE-2015-6781: Integer overflow in Sfntly\n\n - CVE-2015-6782: Content spoofing in Omnibox\n\n - CVE-2015-6783: Signature validation issue in Android\n Crazy Linker.\n\n - CVE-2015-6784: Escaping issue in saved pages\n\n - CVE-2015-6785: Wildcard matching issue in CSP\n\n - CVE-2015-6786: Scheme bypass in CSP\n\n - CVE-2015-6787: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - Multiple vulnerabilities in V8 fixed at the tip of the\n 4.7 branch (currently 4.7.80.23)", "edition": 17, "published": "2015-12-18T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2015-912)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6776", "CVE-2015-6775", "CVE-2015-6789", "CVE-2015-6766", "CVE-2015-6764", "CVE-2015-6770", "CVE-2015-6781", "CVE-2015-6771", "CVE-2015-6784", "CVE-2015-6774", "CVE-2015-6778", "CVE-2015-6772", "CVE-2015-6767", "CVE-2015-6783", "CVE-2015-6787", "CVE-2015-6786", "CVE-2015-6791", "CVE-2015-6780", "CVE-2015-6785", "CVE-2015-6790", "CVE-2015-6779", "CVE-2015-6788", "CVE-2015-6768", "CVE-2015-6765", "CVE-2015-6769", "CVE-2015-6773", "CVE-2015-6777", "CVE-2015-6782"], "modified": "2015-12-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2015-912.NASL", "href": "https://www.tenable.com/plugins/nessus/87488", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-912.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87488);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-6764\", \"CVE-2015-6765\", \"CVE-2015-6766\", \"CVE-2015-6767\", \"CVE-2015-6768\", \"CVE-2015-6769\", \"CVE-2015-6770\", \"CVE-2015-6771\", \"CVE-2015-6772\", \"CVE-2015-6773\", \"CVE-2015-6774\", \"CVE-2015-6775\", \"CVE-2015-6776\", \"CVE-2015-6777\", \"CVE-2015-6778\", \"CVE-2015-6779\", \"CVE-2015-6780\", \"CVE-2015-6781\", \"CVE-2015-6782\", \"CVE-2015-6783\", \"CVE-2015-6784\", \"CVE-2015-6785\", \"CVE-2015-6786\", \"CVE-2015-6787\", \"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2015-912)\");\n script_summary(english:\"Check for the openSUSE-2015-912 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 47.0.2526.80 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-6788: Type confusion in extensions\n\n - CVE-2015-6789: Use-after-free in Blink\n\n - CVE-2015-6790: Escaping issue in saved pages\n\n - CVE-2015-6791: Various fixes from internal audits,\n fuzzing and other initiatives\n\nThe following vulnerabilities were fixed in 47.0.2526.73 :\n\n - CVE-2015-6765: Use-after-free in AppCache\n\n - CVE-2015-6766: Use-after-free in AppCache\n\n - CVE-2015-6767: Use-after-free in AppCache\n\n - CVE-2015-6768: Cross-origin bypass in DOM\n\n - CVE-2015-6769: Cross-origin bypass in core\n\n - CVE-2015-6770: Cross-origin bypass in DOM\n\n - CVE-2015-6771: Out of bounds access in v8\n\n - CVE-2015-6772: Cross-origin bypass in DOM\n\n - CVE-2015-6764: Out of bounds access in v8\n\n - CVE-2015-6773: Out of bounds access in Skia\n\n - CVE-2015-6774: Use-after-free in Extensions\n\n - CVE-2015-6775: Type confusion in PDFium\n\n - CVE-2015-6776: Out of bounds access in PDFium\n\n - CVE-2015-6777: Use-after-free in DOM\n\n - CVE-2015-6778: Out of bounds access in PDFium\n\n - CVE-2015-6779: Scheme bypass in PDFium\n\n - CVE-2015-6780: Use-after-free in Infobars\n\n - CVE-2015-6781: Integer overflow in Sfntly\n\n - CVE-2015-6782: Content spoofing in Omnibox\n\n - CVE-2015-6783: Signature validation issue in Android\n Crazy Linker.\n\n - CVE-2015-6784: Escaping issue in saved pages\n\n - CVE-2015-6785: Wildcard matching issue in CSP\n\n - CVE-2015-6786: Scheme bypass in CSP\n\n - CVE-2015-6787: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - Multiple vulnerabilities in V8 fixed at the tip of the\n 4.7 branch (currently 4.7.80.23)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958481\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-47.0.2526.80-116.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-47.0.2526.80-116.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-47.0.2526.80-116.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-47.0.2526.80-116.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-47.0.2526.80-116.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-47.0.2526.80-116.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-47.0.2526.80-116.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-47.0.2526.80-116.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-47.0.2526.80-116.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-47.0.2526.80-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-47.0.2526.80-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-47.0.2526.80-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-47.0.2526.80-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-47.0.2526.80-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-47.0.2526.80-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-47.0.2526.80-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-47.0.2526.80-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-47.0.2526.80-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-47.0.2526.80-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-debuginfo-47.0.2526.80-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-47.0.2526.80-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-debuginfo-47.0.2526.80-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-debugsource-47.0.2526.80-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-gnome-47.0.2526.80-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-kde-47.0.2526.80-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-ffmpegsumo-47.0.2526.80-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-ffmpegsumo-debuginfo-47.0.2526.80-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T03:20:44", "description": "The version of Google Chrome installed on the remote Windows host is\nprior to 47.0.2526.80. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A type confusion error exists related to extensions that\n allows an attacker to have an unspecified impact.\n (CVE-2015-6788)\n\n - A use-after-free error exists in Blink that is triggered\n when handling updates. An unauthenticated, remote\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.\n (CVE-2015-6789)\n\n - An unspecified escaping issue exists in saved pages.\n (CVE-2015-6790)\n\n - Multiple unspecified vulnerabilities exist that an\n attacker can exploit to have an unspecified impact.\n (CVE-2015-6791)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-8438, CVE-2015-8446)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-8045,\n CVE-2015-8047, CVE-2015-8060, CVE-2015-8408,\n CVE-2015-8416, CVE-2015-8417, CVE-2015-8418,\n CVE-2015-8419, CVE-2015-8443, CVE-2015-8444,\n CVE-2015-8451, CVE-2015-8455)\n\n - Multiple security bypass vulnerabilities exist that\n allow an attacker to write arbitrary data to the file\n system under user permissions. (CVE-2015-8453,\n CVE-2015-8440, CVE-2015-8409)\n\n - A stack buffer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-8407,\n CVE-2015-8457)\n\n - A type confusion error exists that allows an attacker to\n execute arbitrary code. (CVE-2015-8439, CVE-2015-8456)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-8445)\n\n - A buffer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-8415)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-8048,\n CVE-2015-8049, CVE-2015-8050, CVE-2015-8055,\n CVE-2015-8056, CVE-2015-8057, CVE-2015-8058,\n CVE-2015-8059, CVE-2015-8061, CVE-2015-8062,\n CVE-2015-8063, CVE-2015-8064, CVE-2015-8065,\n CVE-2015-8066, CVE-2015-8067, CVE-2015-8068,\n CVE-2015-8069, CVE-2015-8070, CVE-2015-8071,\n CVE-2015-8401, CVE-2015-8402, CVE-2015-8403,\n CVE-2015-8404, CVE-2015-8405, CVE-2015-8406,\n CVE-2015-8410, CVE-2015-8411, CVE-2015-8412,\n CVE-2015-8413, CVE-2015-8414, CVE-2015-8420,\n CVE-2015-8421, CVE-2015-8422, CVE-2015-8423,\n CVE-2015-8424, CVE-2015-8425, CVE-2015-8426,\n CVE-2015-8427, CVE-2015-8428, CVE-2015-8429,\n CVE-2015-8430, CVE-2015-8431, CVE-2015-8432,\n CVE-2015-8433, CVE-2015-8434, CVE-2015-8435,\n CVE-2015-8436, CVE-2015-8437, CVE-2015-8441,\n CVE-2015-8442, CVE-2015-8447, CVE-2015-8448,\n CVE-2015-8449, CVE-2015-8450, CVE-2015-8452,\n CVE-2015-8454)\n\n - A flaw exists in Google V8 in serialize.cc that is\n triggered when handling alignment for deferred objects.\n An attacker can exploit this to have an unspecified\n impact. (CVE-2015-8548)", "edition": 27, "published": "2015-12-08T00:00:00", "title": "Google Chrome < 47.0.2526.80 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6789", "CVE-2015-8445", "CVE-2015-8058", "CVE-2015-8436", "CVE-2015-8071", "CVE-2015-8452", "CVE-2015-8444", "CVE-2015-8064", "CVE-2015-8447", "CVE-2015-8045", "CVE-2015-8047", "CVE-2015-8441", "CVE-2015-8410", "CVE-2015-8407", "CVE-2015-8405", "CVE-2015-8063", "CVE-2015-8412", "CVE-2015-8548", "CVE-2015-8061", "CVE-2015-8442", "CVE-2015-8065", "CVE-2015-8432", "CVE-2015-8421", "CVE-2015-8435", "CVE-2015-8423", "CVE-2015-8427", "CVE-2015-8062", "CVE-2015-8449", "CVE-2015-8420", "CVE-2015-8402", "CVE-2015-8056", "CVE-2015-8055", "CVE-2015-8439", "CVE-2015-8419", "CVE-2015-8437", "CVE-2015-8417", "CVE-2015-8446", "CVE-2015-8440", "CVE-2015-8413", "CVE-2015-8454", "CVE-2015-8426", "CVE-2015-8406", "CVE-2015-8422", "CVE-2015-8409", "CVE-2015-8411", "CVE-2015-8418", "CVE-2015-8424", "CVE-2015-8403", "CVE-2015-8415", "CVE-2015-8060", "CVE-2015-8070", "CVE-2015-8067", "CVE-2015-6791", "CVE-2015-8448", "CVE-2015-8453", "CVE-2015-6790", "CVE-2015-8049", "CVE-2015-8434", "CVE-2015-6788", "CVE-2015-8066", "CVE-2015-8438", "CVE-2015-8057", "CVE-2015-8050", "CVE-2015-8401", "CVE-2015-8431", "CVE-2015-8059", "CVE-2015-8429", "CVE-2015-8054", "CVE-2015-8451", "CVE-2015-8069", "CVE-2015-8456", "CVE-2015-8404", "CVE-2015-8443", "CVE-2015-8430", "CVE-2015-8450", "CVE-2015-8457", "CVE-2015-8455", "CVE-2015-8414", "CVE-2015-8068", "CVE-2015-8408", "CVE-2015-8425", "CVE-2015-8433", "CVE-2015-8048", "CVE-2015-8428", "CVE-2015-8416"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_47_0_2526_80.NASL", "href": "https://www.tenable.com/plugins/nessus/87245", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87245);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-6788\",\n \"CVE-2015-6789\",\n \"CVE-2015-6790\",\n \"CVE-2015-6791\",\n \"CVE-2015-8045\",\n \"CVE-2015-8047\",\n \"CVE-2015-8048\",\n \"CVE-2015-8049\",\n \"CVE-2015-8050\",\n \"CVE-2015-8054\",\n \"CVE-2015-8055\",\n \"CVE-2015-8056\",\n \"CVE-2015-8057\",\n \"CVE-2015-8058\",\n \"CVE-2015-8059\",\n \"CVE-2015-8060\",\n \"CVE-2015-8061\",\n \"CVE-2015-8062\",\n \"CVE-2015-8063\",\n \"CVE-2015-8064\",\n \"CVE-2015-8065\",\n \"CVE-2015-8066\",\n \"CVE-2015-8067\",\n \"CVE-2015-8068\",\n \"CVE-2015-8069\",\n \"CVE-2015-8070\",\n \"CVE-2015-8071\",\n \"CVE-2015-8401\",\n \"CVE-2015-8402\",\n \"CVE-2015-8403\",\n \"CVE-2015-8404\",\n \"CVE-2015-8405\",\n \"CVE-2015-8406\",\n \"CVE-2015-8407\",\n \"CVE-2015-8408\",\n \"CVE-2015-8409\",\n \"CVE-2015-8410\",\n \"CVE-2015-8411\",\n \"CVE-2015-8412\",\n \"CVE-2015-8413\",\n \"CVE-2015-8414\",\n \"CVE-2015-8415\",\n \"CVE-2015-8416\",\n \"CVE-2015-8417\",\n \"CVE-2015-8418\",\n \"CVE-2015-8419\",\n \"CVE-2015-8420\",\n \"CVE-2015-8421\",\n \"CVE-2015-8422\",\n \"CVE-2015-8423\",\n \"CVE-2015-8424\",\n \"CVE-2015-8425\",\n \"CVE-2015-8426\",\n \"CVE-2015-8427\",\n \"CVE-2015-8428\",\n \"CVE-2015-8429\",\n \"CVE-2015-8430\",\n \"CVE-2015-8431\",\n \"CVE-2015-8432\",\n \"CVE-2015-8433\",\n \"CVE-2015-8434\",\n \"CVE-2015-8435\",\n \"CVE-2015-8436\",\n \"CVE-2015-8437\",\n \"CVE-2015-8438\",\n \"CVE-2015-8439\",\n \"CVE-2015-8440\",\n \"CVE-2015-8441\",\n \"CVE-2015-8442\",\n \"CVE-2015-8443\",\n \"CVE-2015-8444\",\n \"CVE-2015-8445\",\n \"CVE-2015-8446\",\n \"CVE-2015-8447\",\n \"CVE-2015-8448\",\n \"CVE-2015-8449\",\n \"CVE-2015-8450\",\n \"CVE-2015-8451\",\n \"CVE-2015-8452\",\n \"CVE-2015-8453\",\n \"CVE-2015-8454\",\n \"CVE-2015-8455\",\n \"CVE-2015-8456\",\n \"CVE-2015-8457\",\n \"CVE-2015-8548\"\n );\n script_bugtraq_id(\n 78710,\n 78712,\n 78713,\n 78714,\n 78715,\n 78716,\n 78717,\n 78718,\n 78802\n );\n\n script_name(english:\"Google Chrome < 47.0.2526.80 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 47.0.2526.80. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A type confusion error exists related to extensions that\n allows an attacker to have an unspecified impact.\n (CVE-2015-6788)\n\n - A use-after-free error exists in Blink that is triggered\n when handling updates. An unauthenticated, remote\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.\n (CVE-2015-6789)\n\n - An unspecified escaping issue exists in saved pages.\n (CVE-2015-6790)\n\n - Multiple unspecified vulnerabilities exist that an\n attacker can exploit to have an unspecified impact.\n (CVE-2015-6791)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-8438, CVE-2015-8446)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-8045,\n CVE-2015-8047, CVE-2015-8060, CVE-2015-8408,\n CVE-2015-8416, CVE-2015-8417, CVE-2015-8418,\n CVE-2015-8419, CVE-2015-8443, CVE-2015-8444,\n CVE-2015-8451, CVE-2015-8455)\n\n - Multiple security bypass vulnerabilities exist that\n allow an attacker to write arbitrary data to the file\n system under user permissions. (CVE-2015-8453,\n CVE-2015-8440, CVE-2015-8409)\n\n - A stack buffer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-8407,\n CVE-2015-8457)\n\n - A type confusion error exists that allows an attacker to\n execute arbitrary code. (CVE-2015-8439, CVE-2015-8456)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-8445)\n\n - A buffer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-8415)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-8048,\n CVE-2015-8049, CVE-2015-8050, CVE-2015-8055,\n CVE-2015-8056, CVE-2015-8057, CVE-2015-8058,\n CVE-2015-8059, CVE-2015-8061, CVE-2015-8062,\n CVE-2015-8063, CVE-2015-8064, CVE-2015-8065,\n CVE-2015-8066, CVE-2015-8067, CVE-2015-8068,\n CVE-2015-8069, CVE-2015-8070, CVE-2015-8071,\n CVE-2015-8401, CVE-2015-8402, CVE-2015-8403,\n CVE-2015-8404, CVE-2015-8405, CVE-2015-8406,\n CVE-2015-8410, CVE-2015-8411, CVE-2015-8412,\n CVE-2015-8413, CVE-2015-8414, CVE-2015-8420,\n CVE-2015-8421, CVE-2015-8422, CVE-2015-8423,\n CVE-2015-8424, CVE-2015-8425, CVE-2015-8426,\n CVE-2015-8427, CVE-2015-8428, CVE-2015-8429,\n CVE-2015-8430, CVE-2015-8431, CVE-2015-8432,\n CVE-2015-8433, CVE-2015-8434, CVE-2015-8435,\n CVE-2015-8436, CVE-2015-8437, CVE-2015-8441,\n CVE-2015-8442, CVE-2015-8447, CVE-2015-8448,\n CVE-2015-8449, CVE-2015-8450, CVE-2015-8452,\n CVE-2015-8454)\n\n - A flaw exists in Google V8 in serialize.cc that is\n triggered when handling alignment for deferred objects.\n An attacker can exploit this to have an unspecified\n impact. (CVE-2015-8548)\");\n # http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a6b6361f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 47.0.2526.80 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8548\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'47.0.2526.80', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T03:47:05", "description": "The version of Google Chrome installed on the remote Mac OS X host is\nprior to 47.0.2526.80. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A type confusion error exists related to extensions that\n allows an attacker to have an unspecified impact.\n (CVE-2015-6788)\n\n - A use-after-free error exists in Blink that is triggered\n when handling updates. An unauthenticated, remote\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.\n (CVE-2015-6789)\n\n - An unspecified escaping issue exists in saved pages.\n (CVE-2015-6790)\n\n - Multiple unspecified vulnerabilities exist that an\n attacker can exploit to have an unspecified impact.\n (CVE-2015-6791)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-8438, CVE-2015-8446)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-8045,\n CVE-2015-8047, CVE-2015-8060, CVE-2015-8408,\n CVE-2015-8416, CVE-2015-8417, CVE-2015-8418,\n CVE-2015-8419, CVE-2015-8443, CVE-2015-8444,\n CVE-2015-8451, CVE-2015-8455)\n\n - Multiple security bypass vulnerabilities exist that\n allow an attacker to write arbitrary data to the file\n system under user permissions. (CVE-2015-8453,\n CVE-2015-8440, CVE-2015-8409)\n\n - A stack buffer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-8407,\n CVE-2015-8457)\n\n - A type confusion error exists that allows an attacker to\n execute arbitrary code. (CVE-2015-8439, CVE-2015-8456)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-8445)\n\n - A buffer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-8415)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-8048,\n CVE-2015-8049, CVE-2015-8050, CVE-2015-8055,\n CVE-2015-8056, CVE-2015-8057, CVE-2015-8058,\n CVE-2015-8059, CVE-2015-8061, CVE-2015-8062,\n CVE-2015-8063, CVE-2015-8064, CVE-2015-8065,\n CVE-2015-8066, CVE-2015-8067, CVE-2015-8068,\n CVE-2015-8069, CVE-2015-8070, CVE-2015-8071,\n CVE-2015-8401, CVE-2015-8402, CVE-2015-8403,\n CVE-2015-8404, CVE-2015-8405, CVE-2015-8406,\n CVE-2015-8410, CVE-2015-8411, CVE-2015-8412,\n CVE-2015-8413, CVE-2015-8414, CVE-2015-8420,\n CVE-2015-8421, CVE-2015-8422, CVE-2015-8423,\n CVE-2015-8424, CVE-2015-8425, CVE-2015-8426,\n CVE-2015-8427, CVE-2015-8428, CVE-2015-8429,\n CVE-2015-8430, CVE-2015-8431, CVE-2015-8432,\n CVE-2015-8433, CVE-2015-8434, CVE-2015-8435,\n CVE-2015-8436, CVE-2015-8437, CVE-2015-8441,\n CVE-2015-8442, CVE-2015-8447, CVE-2015-8448,\n CVE-2015-8449, CVE-2015-8450, CVE-2015-8452,\n CVE-2015-8454)\n\n - A flaw exists in Google V8 in serialize.cc that is\n triggered when handling alignment for deferred objects.\n An attacker can exploit this to have an unspecified\n impact. (CVE-2015-8548)", "edition": 27, "published": "2015-12-08T00:00:00", "title": "Google Chrome < 47.0.2526.80 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6789", "CVE-2015-8445", "CVE-2015-8058", "CVE-2015-8436", "CVE-2015-8071", "CVE-2015-8452", "CVE-2015-8444", "CVE-2015-8064", "CVE-2015-8447", "CVE-2015-8045", "CVE-2015-8047", "CVE-2015-8441", "CVE-2015-8410", "CVE-2015-8407", "CVE-2015-8405", "CVE-2015-8063", "CVE-2015-8412", "CVE-2015-8548", "CVE-2015-8061", "CVE-2015-8442", "CVE-2015-8065", "CVE-2015-8432", "CVE-2015-8421", "CVE-2015-8435", "CVE-2015-8423", "CVE-2015-8427", "CVE-2015-8062", "CVE-2015-8449", "CVE-2015-8420", "CVE-2015-8402", "CVE-2015-8056", "CVE-2015-8055", "CVE-2015-8439", "CVE-2015-8419", "CVE-2015-8437", "CVE-2015-8417", "CVE-2015-8446", "CVE-2015-8440", "CVE-2015-8413", "CVE-2015-8454", "CVE-2015-8426", "CVE-2015-8406", "CVE-2015-8422", "CVE-2015-8409", "CVE-2015-8411", "CVE-2015-8418", "CVE-2015-8424", "CVE-2015-8403", "CVE-2015-8415", "CVE-2015-8060", "CVE-2015-8070", "CVE-2015-8067", "CVE-2015-6791", "CVE-2015-8448", "CVE-2015-8453", "CVE-2015-6790", "CVE-2015-8049", "CVE-2015-8434", "CVE-2015-6788", "CVE-2015-8066", "CVE-2015-8438", "CVE-2015-8057", "CVE-2015-8050", "CVE-2015-8401", "CVE-2015-8431", "CVE-2015-8059", "CVE-2015-8429", "CVE-2015-8054", "CVE-2015-8451", "CVE-2015-8069", "CVE-2015-8456", "CVE-2015-8404", "CVE-2015-8443", "CVE-2015-8430", "CVE-2015-8450", "CVE-2015-8457", "CVE-2015-8455", "CVE-2015-8414", "CVE-2015-8068", "CVE-2015-8408", "CVE-2015-8425", "CVE-2015-8433", "CVE-2015-8048", "CVE-2015-8428", "CVE-2015-8416"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_47_0_2526_80.NASL", "href": "https://www.tenable.com/plugins/nessus/87248", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87248);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-6788\",\n \"CVE-2015-6789\",\n \"CVE-2015-6790\",\n \"CVE-2015-6791\",\n \"CVE-2015-8045\",\n \"CVE-2015-8047\",\n \"CVE-2015-8048\",\n \"CVE-2015-8049\",\n \"CVE-2015-8050\",\n \"CVE-2015-8054\",\n \"CVE-2015-8055\",\n \"CVE-2015-8056\",\n \"CVE-2015-8057\",\n \"CVE-2015-8058\",\n \"CVE-2015-8059\",\n \"CVE-2015-8060\",\n \"CVE-2015-8061\",\n \"CVE-2015-8062\",\n \"CVE-2015-8063\",\n \"CVE-2015-8064\",\n \"CVE-2015-8065\",\n \"CVE-2015-8066\",\n \"CVE-2015-8067\",\n \"CVE-2015-8068\",\n \"CVE-2015-8069\",\n \"CVE-2015-8070\",\n \"CVE-2015-8071\",\n \"CVE-2015-8401\",\n \"CVE-2015-8402\",\n \"CVE-2015-8403\",\n \"CVE-2015-8404\",\n \"CVE-2015-8405\",\n \"CVE-2015-8406\",\n \"CVE-2015-8407\",\n \"CVE-2015-8408\",\n \"CVE-2015-8409\",\n \"CVE-2015-8410\",\n \"CVE-2015-8411\",\n \"CVE-2015-8412\",\n \"CVE-2015-8413\",\n \"CVE-2015-8414\",\n \"CVE-2015-8415\",\n \"CVE-2015-8416\",\n \"CVE-2015-8417\",\n \"CVE-2015-8418\",\n \"CVE-2015-8419\",\n \"CVE-2015-8420\",\n \"CVE-2015-8421\",\n \"CVE-2015-8422\",\n \"CVE-2015-8423\",\n \"CVE-2015-8424\",\n \"CVE-2015-8425\",\n \"CVE-2015-8426\",\n \"CVE-2015-8427\",\n \"CVE-2015-8428\",\n \"CVE-2015-8429\",\n \"CVE-2015-8430\",\n \"CVE-2015-8431\",\n \"CVE-2015-8432\",\n \"CVE-2015-8433\",\n \"CVE-2015-8434\",\n \"CVE-2015-8435\",\n \"CVE-2015-8436\",\n \"CVE-2015-8437\",\n \"CVE-2015-8438\",\n \"CVE-2015-8439\",\n \"CVE-2015-8440\",\n \"CVE-2015-8441\",\n \"CVE-2015-8442\",\n \"CVE-2015-8443\",\n \"CVE-2015-8444\",\n \"CVE-2015-8445\",\n \"CVE-2015-8446\",\n \"CVE-2015-8447\",\n \"CVE-2015-8448\",\n \"CVE-2015-8449\",\n \"CVE-2015-8450\",\n \"CVE-2015-8451\",\n \"CVE-2015-8452\",\n \"CVE-2015-8453\",\n \"CVE-2015-8454\",\n \"CVE-2015-8455\",\n \"CVE-2015-8456\",\n \"CVE-2015-8457\",\n \"CVE-2015-8548\"\n );\n script_bugtraq_id(\n 78710,\n 78712,\n 78713,\n 78714,\n 78715,\n 78716,\n 78717,\n 78718,\n 78802\n );\n\n script_name(english:\"Google Chrome < 47.0.2526.80 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 47.0.2526.80. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A type confusion error exists related to extensions that\n allows an attacker to have an unspecified impact.\n (CVE-2015-6788)\n\n - A use-after-free error exists in Blink that is triggered\n when handling updates. An unauthenticated, remote\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.\n (CVE-2015-6789)\n\n - An unspecified escaping issue exists in saved pages.\n (CVE-2015-6790)\n\n - Multiple unspecified vulnerabilities exist that an\n attacker can exploit to have an unspecified impact.\n (CVE-2015-6791)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-8438, CVE-2015-8446)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-8045,\n CVE-2015-8047, CVE-2015-8060, CVE-2015-8408,\n CVE-2015-8416, CVE-2015-8417, CVE-2015-8418,\n CVE-2015-8419, CVE-2015-8443, CVE-2015-8444,\n CVE-2015-8451, CVE-2015-8455)\n\n - Multiple security bypass vulnerabilities exist that\n allow an attacker to write arbitrary data to the file\n system under user permissions. (CVE-2015-8453,\n CVE-2015-8440, CVE-2015-8409)\n\n - A stack buffer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-8407,\n CVE-2015-8457)\n\n - A type confusion error exists that allows an attacker to\n execute arbitrary code. (CVE-2015-8439, CVE-2015-8456)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-8445)\n\n - A buffer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-8415)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-8048,\n CVE-2015-8049, CVE-2015-8050, CVE-2015-8055,\n CVE-2015-8056, CVE-2015-8057, CVE-2015-8058,\n CVE-2015-8059, CVE-2015-8061, CVE-2015-8062,\n CVE-2015-8063, CVE-2015-8064, CVE-2015-8065,\n CVE-2015-8066, CVE-2015-8067, CVE-2015-8068,\n CVE-2015-8069, CVE-2015-8070, CVE-2015-8071,\n CVE-2015-8401, CVE-2015-8402, CVE-2015-8403,\n CVE-2015-8404, CVE-2015-8405, CVE-2015-8406,\n CVE-2015-8410, CVE-2015-8411, CVE-2015-8412,\n CVE-2015-8413, CVE-2015-8414, CVE-2015-8420,\n CVE-2015-8421, CVE-2015-8422, CVE-2015-8423,\n CVE-2015-8424, CVE-2015-8425, CVE-2015-8426,\n CVE-2015-8427, CVE-2015-8428, CVE-2015-8429,\n CVE-2015-8430, CVE-2015-8431, CVE-2015-8432,\n CVE-2015-8433, CVE-2015-8434, CVE-2015-8435,\n CVE-2015-8436, CVE-2015-8437, CVE-2015-8441,\n CVE-2015-8442, CVE-2015-8447, CVE-2015-8448,\n CVE-2015-8449, CVE-2015-8450, CVE-2015-8452,\n CVE-2015-8454)\n\n - A flaw exists in Google V8 in serialize.cc that is\n triggered when handling alignment for deferred objects.\n An attacker can exploit this to have an unspecified\n impact. (CVE-2015-8548)\");\n # http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a6b6361f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 47.0.2526.80 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8548\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'47.0.2526.80', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:04:58", "description": "The remote host is affected by the vulnerability described in GLSA-201603-09\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-14T00:00:00", "title": "GLSA-201603-09 : Chromium: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6776", "CVE-2016-1628", "CVE-2016-1634", "CVE-2015-6775", "CVE-2016-1638", "CVE-2015-6789", "CVE-2015-6766", "CVE-2015-6762", "CVE-2015-8126", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-6764", "CVE-2016-1612", "CVE-2015-6770", "CVE-2015-6760", "CVE-2015-6781", "CVE-2015-1291", "CVE-2016-1615", "CVE-2015-1275", "CVE-2016-1626", "CVE-2016-1618", "CVE-2015-1297", "CVE-2015-1286", "CVE-2016-1613", "CVE-2015-1298", "CVE-2015-1295", "CVE-2015-6771", "CVE-2015-1289", "CVE-2015-1296", "CVE-2015-1270", "CVE-2015-6784", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1300", "CVE-2015-1287", "CVE-2016-1621", "CVE-2016-1631", "CVE-2015-6774", "CVE-2015-6778", "CVE-2016-1640", "CVE-2016-1632", "CVE-2015-1282", "CVE-2016-1622", "CVE-2015-6772", "CVE-2015-1285", "CVE-2016-1639", "CVE-2016-1616", "CVE-2015-1302", "CVE-2015-1293", "CVE-2015-6758", "CVE-2015-1303", "CVE-2015-1294", "CVE-2016-1635", "CVE-2015-1276", "CVE-2015-1278", "CVE-2016-1620", "CVE-2015-6767", "CVE-2015-6783", "CVE-2016-1636", "CVE-2015-6787", "CVE-2015-6792", "CVE-2015-1277", "CVE-2016-1627", "CVE-2015-6786", "CVE-2016-1641", "CVE-2016-1633", "CVE-2016-1624", "CVE-2016-1617", "CVE-2015-6791", "CVE-2016-1629", "CVE-2015-6780", "CVE-2015-6785", "CVE-2015-6790", "CVE-2016-1619", "CVE-2015-1271", "CVE-2015-1292", "CVE-2015-6779", "CVE-2015-6788", "CVE-2015-6759", "CVE-2015-1273", "CVE-2015-6756", "CVE-2015-6768", "CVE-2015-6763", "CVE-2016-1630", "CVE-2016-1637", "CVE-2015-6765", "CVE-2015-6755", "CVE-2015-6769", "CVE-2015-6773", "CVE-2015-1304", "CVE-2015-6777", "CVE-2015-1280", "CVE-2015-1299", "CVE-2015-6757", "CVE-2016-1623", "CVE-2015-6782", "CVE-2016-1625", "CVE-2015-1284", "CVE-2016-1614", "CVE-2015-6761"], "modified": "2016-03-14T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-201603-09.NASL", "href": "https://www.tenable.com/plugins/nessus/89902", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201603-09.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89902);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1275\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-1291\", \"CVE-2015-1292\", \"CVE-2015-1293\", \"CVE-2015-1294\", \"CVE-2015-1295\", \"CVE-2015-1296\", \"CVE-2015-1297\", \"CVE-2015-1298\", \"CVE-2015-1299\", \"CVE-2015-1300\", \"CVE-2015-1302\", \"CVE-2015-1303\", \"CVE-2015-1304\", \"CVE-2015-6755\", \"CVE-2015-6756\", \"CVE-2015-6757\", \"CVE-2015-6758\", \"CVE-2015-6759\", \"CVE-2015-6760\", \"CVE-2015-6761\", \"CVE-2015-6762\", \"CVE-2015-6763\", \"CVE-2015-6764\", \"CVE-2015-6765\", \"CVE-2015-6766\", \"CVE-2015-6767\", \"CVE-2015-6768\", \"CVE-2015-6769\", \"CVE-2015-6770\", \"CVE-2015-6771\", \"CVE-2015-6772\", \"CVE-2015-6773\", \"CVE-2015-6774\", \"CVE-2015-6775\", \"CVE-2015-6776\", \"CVE-2015-6777\", \"CVE-2015-6778\", \"CVE-2015-6779\", \"CVE-2015-6780\", \"CVE-2015-6781\", \"CVE-2015-6782\", \"CVE-2015-6783\", \"CVE-2015-6784\", \"CVE-2015-6785\", \"CVE-2015-6786\", \"CVE-2015-6787\", \"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\", \"CVE-2015-6792\", \"CVE-2015-8126\", \"CVE-2016-1612\", \"CVE-2016-1613\", \"CVE-2016-1614\", \"CVE-2016-1615\", \"CVE-2016-1616\", \"CVE-2016-1617\", \"CVE-2016-1618\", \"CVE-2016-1619\", \"CVE-2016-1620\", \"CVE-2016-1621\", \"CVE-2016-1622\", \"CVE-2016-1623\", \"CVE-2016-1624\", \"CVE-2016-1625\", \"CVE-2016-1626\", \"CVE-2016-1627\", \"CVE-2016-1628\", \"CVE-2016-1629\", \"CVE-2016-1630\", \"CVE-2016-1631\", \"CVE-2016-1632\", \"CVE-2016-1633\", \"CVE-2016-1634\", \"CVE-2016-1635\", \"CVE-2016-1636\", \"CVE-2016-1637\", \"CVE-2016-1638\", \"CVE-2016-1639\", \"CVE-2016-1640\", \"CVE-2016-1641\");\n script_xref(name:\"GLSA\", value:\"201603-09\");\n\n script_name(english:\"GLSA-201603-09 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201603-09\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201603-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-49.0.2623.87'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 49.0.2623.87\"), vulnerable:make_list(\"lt 49.0.2623.87\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T06:21:31", "description": "Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-12-24T03:59:00", "title": "CVE-2015-8664", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8664"], "modified": "2016-12-07T18:29:00", "cpe": ["cpe:/a:google:chrome:47.0.2526.80"], "id": "CVE-2015-8664", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8664", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:47.0.2526.80:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:30", "description": "Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478.", "edition": 6, "cvss3": {}, "published": "2015-12-14T11:59:00", "title": "CVE-2015-8548", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8548"], "modified": "2016-12-07T18:28:00", "cpe": ["cpe:/a:google:chrome:47.0.2526.73", "cpe:/a:google:v8:4.7.80"], "id": "CVE-2015-8548", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8548", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:google:chrome:47.0.2526.73:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:4.7.80:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:28", "description": "Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2015-12-14T11:59:00", "title": "CVE-2015-6791", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6791"], "modified": "2016-12-07T18:21:00", "cpe": ["cpe:/a:google:chrome:47.0.2526.73"], "id": "CVE-2015-6791", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6791", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:google:chrome:47.0.2526.73:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:28", "description": "The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.", "edition": 6, "cvss3": {}, "published": "2015-12-14T11:59:00", "title": "CVE-2015-6790", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6790"], "modified": "2016-12-07T18:21:00", "cpe": ["cpe:/a:google:chrome:47.0.2526.73"], "id": "CVE-2015-6790", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6790", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:47.0.2526.73:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:28", "description": "Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.\n<a href=\"https://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "edition": 6, "cvss3": {}, "published": "2015-12-14T11:59:00", "title": "CVE-2015-6789", "type": "cve", "cwe": ["CWE-362", "NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6789"], "modified": "2016-12-07T18:21:00", "cpe": ["cpe:/a:google:chrome:47.0.2526.73"], "id": "CVE-2015-6789", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6789", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:google:chrome:47.0.2526.73:*:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2020-09-02T11:53:25", "bulletinFamily": "info", "cvelist": ["CVE-2015-6789", "CVE-2015-8548", "CVE-2015-6791", "CVE-2015-6790", "CVE-2015-6788"], "description": "### *Detect date*:\n12/08/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, inject arbitrary code or execute arbitrary code.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 47.0.2526.80 (all branches)\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Google Chrome](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Google Chrome releases blog](<http://googlechromereleases.blogspot.ru/2015/12/stable-channel-update_8.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+GoogleChromeReleases+\\(Google+Chrome+Releases\\)>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2015-6790](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6790>)4.3Warning \n[CVE-2015-6788](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6788>)10.0Critical \n[CVE-2015-8548](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8548>)10.0Critical \n[CVE-2015-6791](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6791>)10.0Critical \n[CVE-2015-6789](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6789>)9.3Critical", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2015-12-08T00:00:00", "id": "KLA10712", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10712", "title": "\r KLA10712Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:46:56", "bulletinFamily": "info", "cvelist": ["CVE-2015-8664", "CVE-2015-6792"], "description": "### *Detect date*:\n12/15/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 47.0.2526.106 (all branches)\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Chrome](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Google releases blog entry](<http://googlechromereleases.blogspot.ru/2015/12/stable-channel-update_15.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+GoogleChromeReleases+\\(Google+Chrome+Releases\\)>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2015-8664](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8664>)7.5Critical \n[CVE-2015-6792](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6792>)10.0Critical", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2015-12-15T00:00:00", "id": "KLA10722", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10722", "title": "\r KLA10722Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-19T22:13:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6789", "CVE-2015-8548", "CVE-2015-6791", "CVE-2015-6790", "CVE-2015-6788"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2015-12-16T00:00:00", "id": "OPENVAS:1361412562310806804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806804", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-02 Dec15 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-02 Dec15 (Mac OS X)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806804\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\",\n \"CVE-2015-8548\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-12-16 15:04:13 +0530 (Wed, 16 Dec 2015)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Dec15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The no proper use of HTML entities in function\n 'WebPageSerializerImp::openTagToString' in\n 'WebKit/Source/web/WebPageSerializerImpl.cpp' file in the page serializer.\n\n - The difference in execution of multiple threads leading to race condition in\n the mutation implementation\n\n - An improper implementation of handler functions in class\n 'ObjectBackedNativeHandler' class which is in file\n 'extensions/renderer/object_backed_native_handler.cc' in the extensions\n subsystem.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to cause denial of service or possibly have other impact, to inject\n arbitrary web script or HTML, bypass the security restrictions and gain access\n to potentially sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome versions prior to 47.0.2526.80\n on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 47.0.2526.80 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/12/stable-channel-update_8.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"47.0.2526.80\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 47.0.2526.80' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6789", "CVE-2015-8548", "CVE-2015-6791", "CVE-2015-6790", "CVE-2015-6788"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2015-12-16T00:00:00", "id": "OPENVAS:1361412562310806802", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806802", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-02 Dec15 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-02 Dec15 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806802\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\",\n \"CVE-2015-8548\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-12-16 15:48:12 +0530 (Wed, 16 Dec 2015)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Dec15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The no proper use of HTML entities in function\n 'WebPageSerializerImp::openTagToString' in\n 'WebKit/Source/web/WebPageSerializerImpl.cpp' file in the page serializer.\n\n - The difference in execution of multiple threads leading to race condition in\n the mutation implementation\n\n - An improper implementation of handler functions in class\n 'ObjectBackedNativeHandler' class which is in file\n 'extensions/renderer/object_backed_native_handler.cc' in the extensions\n subsystem.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to cause denial of service or possibly have other impact, to inject\n arbitrary web script or HTML, bypass the security restrictions and gain access\n to potentially sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome versions prior to 47.0.2526.80\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 47.0.2526.80 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/12/stable-channel-update_8.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"47.0.2526.80\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 47.0.2526.80' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:13:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6789", "CVE-2015-8548", "CVE-2015-6791", "CVE-2015-6790", "CVE-2015-6788"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2015-12-16T00:00:00", "id": "OPENVAS:1361412562310806803", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806803", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-02 Dec15 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-02 Dec15 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806803\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\",\n \"CVE-2015-8548\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-12-16 15:04:13 +0530 (Wed, 16 Dec 2015)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Dec15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The no proper use of HTML entities in function\n 'WebPageSerializerImp::openTagToString' in\n 'WebKit/Source/web/WebPageSerializerImpl.cpp' file in the page serializer.\n\n - The difference in execution of multiple threads leading to race condition in\n the mutation implementation.\n\n - An improper implementation of handler functions in class\n ObjectBackedNativeHandler class which is in file\n 'extensions/renderer/object_backed_native_handler.cc' in the extensions\n subsystem.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to cause denial of service or possibly have other impact, to inject\n arbitrary web script or HTML, bypass the security restrictions and gain access\n to potentially sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome versions prior to 47.0.2526.80\n on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 47.0.2526.80 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/12/stable-channel-update_8.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"47.0.2526.80\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 47.0.2526.80' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6789", "CVE-2015-6791", "CVE-2015-6790", "CVE-2015-6788"], "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2015-6788\nA type confusion issue was discovered in the handling of extensions.\n\nCVE-2015-6789\ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2015-6790\nInti De Ceukelaire discovered a way to inject HTML into\nserialized web pages.\n\nCVE-2015-6791\nThe chrome 47 development team found and fixed various issues\nduring internal auditing. Also multiple issues were fixed in\nthe v8 javascript library, version 4.7.80.23.", "modified": "2019-03-18T00:00:00", "published": "2015-12-14T00:00:00", "id": "OPENVAS:1361412562310703418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703418", "type": "openvas", "title": "Debian Security Advisory DSA 3418-1 (chromium-browser - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3418.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3418-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703418\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\");\n script_name(\"Debian Security Advisory DSA 3418-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-14 00:00:00 +0100 (Mon, 14 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3418.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 47.0.2526.80-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 47.0.2526.80-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2015-6788\nA type confusion issue was discovered in the handling of extensions.\n\nCVE-2015-6789\ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2015-6790\nInti De Ceukelaire discovered a way to inject HTML into\nserialized web pages.\n\nCVE-2015-6791\nThe chrome 47 development team found and fixed various issues\nduring internal auditing. Also multiple issues were fixed in\nthe v8 javascript library, version 4.7.80.23.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"47.0.2526.80-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"47.0.2526.80-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"47.0.2526.80-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"47.0.2526.80-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"47.0.2526.80-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:53:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6789", "CVE-2015-6791", "CVE-2015-6790", "CVE-2015-6788"], "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2015-6788 \nA type confusion issue was discovered in the handling of extensions.\n\nCVE-2015-6789 \ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2015-6790 \nInti De Ceukelaire discovered a way to inject HTML into\nserialized web pages.\n\nCVE-2015-6791 \nThe chrome 47 development team found and fixed various issues\nduring internal auditing. Also multiple issues were fixed in\nthe v8 javascript library, version 4.7.80.23.", "modified": "2017-07-07T00:00:00", "published": "2015-12-14T00:00:00", "id": "OPENVAS:703418", "href": "http://plugins.openvas.org/nasl.php?oid=703418", "type": "openvas", "title": "Debian Security Advisory DSA 3418-1 (chromium-browser - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3418.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3418-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703418);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\");\n script_name(\"Debian Security Advisory DSA 3418-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-12-14 00:00:00 +0100 (Mon, 14 Dec 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3418.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 47.0.2526.80-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 47.0.2526.80-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2015-6788 \nA type confusion issue was discovered in the handling of extensions.\n\nCVE-2015-6789 \ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2015-6790 \nInti De Ceukelaire discovered a way to inject HTML into\nserialized web pages.\n\nCVE-2015-6791 \nThe chrome 47 development team found and fixed various issues\nduring internal auditing. Also multiple issues were fixed in\nthe v8 javascript library, version 4.7.80.23.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"47.0.2526.80-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"47.0.2526.80-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"47.0.2526.80-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"47.0.2526.80-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"47.0.2526.80-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6789", "CVE-2015-6791", "CVE-2015-6790", "CVE-2015-6788"], "description": "Mageia Linux Local Security Checks mgasa-2015-0470", "modified": "2018-09-28T00:00:00", "published": "2015-12-11T00:00:00", "id": "OPENVAS:1361412562310131150", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131150", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0470", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0470.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131150\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-11 07:23:47 +0200 (Fri, 11 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0470\");\n script_tag(name:\"insight\", value:\"Updated chromium-browser-stable packages fix security vulnerabilities: Type confusion in extensions (CVE-2015-6788). Use-after-free in Blink (CVE-2015-6789). Escaping issue in saved pages (CVE-2015-6790). Various fixes from internal audits, fuzzing and other initiatives (CVE-2015-6791).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0470.html\");\n script_cve_id(\"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0470\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"chromium-browser-stable\", rpm:\"chromium-browser-stable~47.0.2526.80~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:11:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8664", "CVE-2015-6792"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-01-05T00:00:00", "id": "OPENVAS:1361412562310806929", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806929", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities Jan16 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities Jan16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806929\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2015-8664\", \"CVE-2015-6792\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-01-05 13:05:38 +0530 (Tue, 05 Jan 2016)\");\n script_name(\"Google Chrome Multiple Vulnerabilities Jan16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An Integer overflow in the 'WebCursor::Deserialize' function in\n 'content/common/cursors/webcursor.cc' script\n\n - An error in the MIDI subsystem does not properly handle the\n sending of data.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow a attacker\n to execute arbitrary code or cause a denial of service or possibly have unspecified\n other impact.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome versions prior to 47.0.2526.106\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 47.0.2526.106 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/12/stable-channel-update_15.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"47.0.2526.106\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 47.0.2526.106' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:11:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8664", "CVE-2015-6792"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-01-05T00:00:00", "id": "OPENVAS:1361412562310806928", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806928", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities Jan16 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities Jan16 (Linux)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806928\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2015-8664\", \"CVE-2015-6792\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-01-05 13:05:38 +0530 (Tue, 05 Jan 2016)\");\n script_name(\"Google Chrome Multiple Vulnerabilities Jan16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An Integer overflow in the 'WebCursor::Deserialize' function in\n 'content/common/cursors/webcursor.cc' script\n\n - An error in the MIDI subsystem does not properly handle the\n sending of data.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow a attacker\n to execute arbitrary code or cause a denial of service or possibly have unspecified\n other impact.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome versions prior to 47.0.2526.106\n on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 47.0.2526.106 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/12/stable-channel-update_15.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"47.0.2526.106\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 47.0.2526.106' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:12:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8664", "CVE-2015-6792"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-01-05T00:00:00", "id": "OPENVAS:1361412562310806930", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806930", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities Jan16 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities Jan16 (Mac OS X)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806930\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2015-8664\", \"CVE-2015-6792\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-01-05 13:05:38 +0530 (Tue, 05 Jan 2016)\");\n script_name(\"Google Chrome Multiple Vulnerabilities Jan16 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An Integer overflow in the 'WebCursor::Deserialize' function in\n 'content/common/cursors/webcursor.cc' script\n\n - An error in the MIDI subsystem does not properly handle the\n sending of data.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow a attacker\n to execute arbitrary code or cause a denial of service or possibly have unspecified\n other impact.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome versions prior to 47.0.2526.106\n on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 47.0.2526.106 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/12/stable-channel-update_15.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"47.0.2526.106\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 47.0.2526.106' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6776", "CVE-2015-6775", "CVE-2015-6789", "CVE-2015-6766", "CVE-2015-6764", "CVE-2015-6770", "CVE-2015-6781", "CVE-2015-6771", "CVE-2015-6784", "CVE-2015-6774", "CVE-2015-6778", "CVE-2015-6772", "CVE-2015-6767", "CVE-2015-6783", "CVE-2015-6787", "CVE-2015-6786", "CVE-2015-6791", "CVE-2015-6780", "CVE-2015-6785", "CVE-2015-6790", "CVE-2015-6779", "CVE-2015-6788", "CVE-2015-6768", "CVE-2015-6765", "CVE-2015-6769", "CVE-2015-6773", "CVE-2015-6777", "CVE-2015-6782"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-12-18T00:00:00", "id": "OPENVAS:1361412562310851143", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851143", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2015:2290-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851143\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-12-18 05:45:07 +0100 (Fri, 18 Dec 2015)\");\n script_cve_id(\"CVE-2015-6764\", \"CVE-2015-6765\", \"CVE-2015-6766\", \"CVE-2015-6767\",\n \"CVE-2015-6768\", \"CVE-2015-6769\", \"CVE-2015-6770\", \"CVE-2015-6771\",\n \"CVE-2015-6772\", \"CVE-2015-6773\", \"CVE-2015-6774\", \"CVE-2015-6775\",\n \"CVE-2015-6776\", \"CVE-2015-6777\", \"CVE-2015-6778\", \"CVE-2015-6779\",\n \"CVE-2015-6780\", \"CVE-2015-6781\", \"CVE-2015-6782\", \"CVE-2015-6783\",\n \"CVE-2015-6784\", \"CVE-2015-6785\", \"CVE-2015-6786\", \"CVE-2015-6787\",\n \"CVE-2015-6788\", \"CVE-2015-6789\", \"CVE-2015-6790\", \"CVE-2015-6791\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2015:2290-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium was updated to 47.0.2526.80 to fix security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-6788: Type confusion in extensions\n\n * CVE-2015-6789: Use-after-free in Blink\n\n * CVE-2015-6790: Escaping issue in saved pages\n\n * CVE-2015-6791: Various fixes from internal audits, fuzzing and other\n initiatives\n\n The following vulnerabilities were fixed in 47.0.2526.73:\n\n * CVE-2015-6765: Use-after-free in AppCache\n\n * CVE-2015-6766: Use-after-free in AppCache\n\n * CVE-2015-6767: Use-after-free in AppCache\n\n * CVE-2015-6768: Cross-origin bypass in DOM\n\n * CVE-2015-6769: Cross-origin bypass in core\n\n * CVE-2015-6770: Cross-origin bypass in DOM\n\n * CVE-2015-6771: Out of bounds access in v8\n\n * CVE-2015-6772: Cross-origin bypass in DOM\n\n * CVE-2015-6764: Out of bounds access in v8\n\n * CVE-2015-6773: Out of bounds access in Skia\n\n * CVE-2015-6774: Use-after-free in Extensions\n\n * CVE-2015-6775: Type confusion in PDFium\n\n * CVE-2015-6776: Out of bounds access in PDFium\n\n * CVE-2015-6777: Use-after-free in DOM\n\n * CVE-2015-6778: Out of bounds access in PDFium\n\n * CVE-2015-6779: Scheme bypass in PDFium\n\n * CVE-2015-6780: Use-after-free in Infobars\n\n * CVE-2015-6781: Integer overflow in Sfntly\n\n * CVE-2015-6782: Content spoofing in Omnibox\n\n * CVE-2015-6783: Signature validation issue in Android Crazy Linker.\n\n * CVE-2015-6784: Escaping issue in saved pages\n\n * CVE-2015-6785: Wildcard matching issue in CSP\n\n * CVE-2015-6786: Scheme bypass in CSP\n\n * CVE-2015-6787: Various fixes from internal audits, fuzzing and other\n initiatives.\n\n * Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch\n (currently 4.7.80.23)\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE 13.2, openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:2290-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE13\\.2|openSUSE13\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~47.0.2526.80~61.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~47.0.2526.80~61.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~47.0.2526.80~61.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~47.0.2526.80~61.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~47.0.2526.80~61.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~47.0.2526.80~61.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~47.0.2526.80~61.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~47.0.2526.80~61.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~47.0.2526.80~61.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~47.0.2526.80~116.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~47.0.2526.80~116.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~47.0.2526.80~116.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~47.0.2526.80~116.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~47.0.2526.80~116.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~47.0.2526.80~116.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~47.0.2526.80~116.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~47.0.2526.80~116.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~47.0.2526.80~116.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:35", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6788", "CVE-2015-6789", "CVE-2015-6790", "CVE-2015-6791"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash, execute\narbitrary code, or disclose sensitive information when visited by the\nvictim. (CVE-2015-6788, CVE-2015-6789, CVE-2015-6790, CVE-2015-6791)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 47.0.2526.80, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.\n", "modified": "2018-06-07T09:04:10", "published": "2015-12-14T05:00:00", "id": "RHSA-2015:2618", "href": "https://access.redhat.com/errata/RHSA-2015:2618", "type": "redhat", "title": "(RHSA-2015:2618) Important: chromium-browser security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-18T03:53:48", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6792", "CVE-2015-8664"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Chromium to crash, execute\narbitrary code, or disclose sensitive information when visited by the\nvictim. (CVE-2015-6792)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 47.0.2526.106, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the changes\nto take effect.\n", "modified": "2020-06-18T07:26:33", "published": "2015-12-17T05:00:00", "id": "RHSA-2015:2665", "href": "https://access.redhat.com/errata/RHSA-2015:2665", "type": "redhat", "title": "(RHSA-2015:2665) Important: chromium-browser security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:46", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6789", "CVE-2015-6791", "CVE-2015-6790", "CVE-2015-6788"], "description": "- CVE-2015-6788 (arbitrary code execution)\n\nA type confusion vulnerability has been discovered in the handling of\nextensions that could possibly lead to arbitrary code execution.\n\n- CVE-2015-6789 (arbitrary code execution)\n\nA use-after free vulnerability has been discovered in Blink that could\npossibly lead to arbitrary code execution.\n\n- CVE-2015-6790 (insufficient escaping)\n\nAn escaping issue has been discovered in saved pages that has\nunspecified impact.\n\n- CVE-2015-6791 (multiple issues)\n\nVarious unspecified vulnerabilities have been discovered from internal\naudits, fuzzing and other initiatives.", "modified": "2015-12-09T00:00:00", "published": "2015-12-09T00:00:00", "id": "ASA-201512-5", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html", "type": "archlinux", "title": "chromium: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:57", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6789", "CVE-2015-6791", "CVE-2015-6790", "CVE-2015-6788"], "description": "\nGoogle Chrome Releases reports:\n\n7 security fixes in this release, including:\n\n[548273] High CVE-2015-6788: Type confusion in extensions.\n\t Credit to anonymous.\n[557981] High CVE-2015-6789: Use-after-free in Blink. Credit to\n\t cloudfuzzer.\n[542054] Medium CVE-2015-6790: Escaping issue in saved pages.\n\t Credit to Inti De Ceukelaire.\n[567513] CVE-2015-6791: Various fixes from internal audits,\n\t fuzzing and other initiatives.\nMultiple vulnerabilities in V8 fixed at the tip of the 4.7\n\t branch (currently 4.7.80.23).\n\n\n", "edition": 4, "modified": "2015-12-08T00:00:00", "published": "2015-12-08T00:00:00", "id": "72C145DF-A1E0-11E5-8AD0-00262D5ED8EE", "href": "https://vuxml.freebsd.org/freebsd/72c145df-a1e0-11e5-8ad0-00262d5ed8ee.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T01:07:01", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6789", "CVE-2015-6791", "CVE-2015-6790", "CVE-2015-6788"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3418-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nDecember 14, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2015-6788\n\n A type confusion issue was discovered in the handling of extensions.\n\nCVE-2015-6789\n\n cloudfuzzer discovered a use-after-free issue.\n\nCVE-2015-6790\n\n Inti De Ceukelaire discovered a way to inject HTML into\n serialized web pages.\n\nCVE-2015-6791\n\n The chrome 47 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the v8 javascript library, version 4.7.80.23.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 47.0.2526.80-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 47.0.2526.80-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2015-12-15T02:21:20", "published": "2015-12-15T02:21:20", "id": "DEBIAN:DSA-3418-1:13F13", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00323.html", "title": "[SECURITY] [DSA 3418-1] chromium-browser security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:55:59", "bulletinFamily": "info", "cvelist": ["CVE-2015-6788", "CVE-2015-6789", "CVE-2015-6790", "CVE-2015-6791"], "description": "Google yesterday released an update for the Chrome browser that [patches seven vulnerabilities](<http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html>) and also updates Adobe Flash Player. It also announced that Google Safe Browsing has been extended to Chrome for Android.\n\nThe Chrome browser update is the second in less than a week; on Dec 1, Chrome 47 was released and [41 vulnerabilities were patched](<https://threatpost.com/google-ends-chrome-support-on-32-bit-linux-releases-chrome-47/115526/>).\n\nYesterday\u2019s update was a bit of reprieve after [Adobe](<https://threatpost.com/massive-adobe-flash-update-patches-79-vulnerabilities/115598/>), [Microsoft](<https://threatpost.com/microsoft-patches-71-flaws-two-under-attack-warns-of-leaked-xbox-live-cert/115601/>) and [Apple](<https://threatpost.com/apple-patches-50-vulnerabilities-across-ios-os-x-safari/115603/>) bombarded IT shops with close to 200 patches that must be downloaded, tested and deployed.\n\nOf the seven Chrome patches, three qualified for rewards under Google\u2019s external bug bounty:\n\n * [$5000][[548273](<https://code.google.com/p/chromium/issues/detail?id=548273>)] **High **CVE-2015-6788: Type confusion in extensions. _Credit to anonymous._\n * [$2000][[557981](<https://code.google.com/p/chromium/issues/detail?id=557981>)] **High **CVE-2015-6789: Use-after-free in Blink. _Credit to cloudfuzzer._\n * [$500][[542054](<https://code.google.com/p/chromium/issues/detail?id=542054>)] **Medium **CVE-2015-6790: Escaping issue in saved pages. _Credit to Inti De Ceukelaire_\n\nThe remaining vulnerabilities were discovered internally and will be catalogued under CVE-2015-6791.\n\nChrome users on Android, meanwhile, are protected by Safe Browsing by default as of Chrome 46 for the mobile OS. The service protects Chrome users from landing on malicious websites or software downloads from the Web. It checks URLs against a Google-maintained database of malicious sites and activity.\n\n\u201cSocial engineering\u2014and phishing in particular\u2014requires different protection; we need to keep an up-to-date list of bad sites on the device to make sure we can warn people before they browse into a trap,\u201d Google said in making the announcement. \u201cProviding this protection on a mobile device is much more difficult than on a desktop system, in no small part because we have to make sure that list doesn\u2019t get stale.\u201d\n\nGoogle explained that providing mobile devices the same protection desktops are afforded is a challenge given mobile data costs, speed and connectivity disparities worldwide. Google also said it prioritized the need to be sensitive of memory and battery consumption that constant updates would threaten.\n\n\u201cWe also make sure that we send information about the riskiest sites first: if we can only get a very short update through, as is often the case on lower-speed networks in emerging economies, the update really has to count. We also worked with Google\u2019s compression team to make the little data that we do send as small as possible,\u201d Google said. \u201cTogether with the Android Security team, we made the software on the device extra stingy with memory and processor use, and careful about minimizing network traffic. All of these details matter to us; we must not waste our users\u2019 data plans, or a single moment of their battery life.\u201d\n\nIn November, Google expanded the scope of Safe Browsing to include [social engineering protection](<https://googleonlinesecurity.blogspot.com.au/2015/11/safe-browsing-protection-from-even-more.html>), focusing on web pages that attempt to trick users into downloading malicious or [potentially unwanted applications](<https://threatpost.com/google-to-expand-use-of-safe-browsing-to-stop-unwanted-software/113824/>), as well as phony Google log-in pages.\n", "modified": "2015-12-09T14:22:04", "published": "2015-12-09T09:22:04", "id": "THREATPOST:7000BE0D70DE94C2C75446C41D6C49A7", "href": "https://threatpost.com/google-updates-chrome-extends-safe-browsing-to-chrome-for-android/115607/", "type": "threatpost", "title": "Google Updates Chrome, Extends Safe Browsing to Chrome for Android", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-01-05T17:04:27", "description": "Exploit for windows platform in category dos / poc", "edition": 1, "published": "2015-12-18T00:00:00", "type": "zdt", "title": "Google Chrome - Renderer Process to Browser Process Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-8664"], "modified": "2015-12-18T00:00:00", "href": "https://0day.today/exploit/description/25743", "id": "1337DAY-ID-25743", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=664\r\n \r\nThere is an overflow in the ui::PlatformCursor WebCursor::GetPlatformCursor method. In src/content/common/cursors/webcursor_aurax11.cc&q=webcursor_aurax11.cc, there is the following code:\r\n \r\nbitmap.allocN32Pixels(custom_size_.width(), custom_size_.height());\r\nmemcpy(bitmap.getAddr32(0, 0), custom_data_.data(), custom_data_.size());\r\n \r\nThe bitmap buffer is allocated based on the width and height of the custom_size_, but the memcpy is performed using the size of the custom_data_.\r\n \r\nThese values are set during WebCursor deserialization in src/content/common/cursors/webcursor.cc in WebCursor::Deserialize.\r\n \r\ncustom_size_ is set from two integers that a deserialized from a message and can be between 0 and 1024. custom_data_ is set from a vector that is deserialized, and can be any size, unrelated to the width and height. The custom_data_ is verified not to be smaller than the expected pixel buffer based on the width and height, but can be longer.\r\n \r\nGetPlatformCursor is called indirectly by RenderWidgetHostImpl::OnSetCursor, which is called in response to a ViewHostMsg_SetCursor message from the renderer.\r\n \r\nThe issue above is in the x11 implementation, but it appears also affect other platform-specific implementations other than the Windows one, which instead reads out of bounds.\r\n \r\nI recommend this issue be fixed by changing the check in WebCursor::Deserialize:\r\n \r\nif (size_x * size_y * 4 > data_len)\r\n return false;\r\n \r\nto\r\n \r\nif (size_x * size_y * 4 != data_len)\r\n return false;\r\n \r\nto prevent the issue in all platform-specific implementations.\r\n \r\nTo reproduce the issue replace WebCursor::Serialize with:\r\n \r\nbool WebCursor::Serialize(base::Pickle* pickle) const {\r\n \r\n if(type_ == WebCursorInfo::TypeCustom){\r\n LOG(WARNING) << \"IN SERIALIZE\\n\";\r\n if (!pickle->WriteInt(type_) ||\r\n !pickle->WriteInt(hotspot_.x()) ||\r\n !pickle->WriteInt(hotspot_.y()) ||\r\n !pickle->WriteInt(2) ||\r\n !pickle->WriteInt(1) ||\r\n !pickle->WriteFloat(custom_scale_))\r\n return false;\r\n }else{\r\n \r\n if (!pickle->WriteInt(type_) ||\r\n !pickle->WriteInt(hotspot_.x()) ||\r\n !pickle->WriteInt(hotspot_.y()) ||\r\n !pickle->WriteInt(custom_size_.width()) ||\r\n !pickle->WriteInt(custom_size_.height()) ||\r\n !pickle->WriteFloat(custom_scale_))\r\n return false;\r\n \r\n }\r\n const char* data = NULL;\r\n if (!custom_data_.empty())\r\n data = &custom_data_[0];\r\n if (!pickle->WriteData(data, custom_data_.size()))\r\n return false;\r\n \r\n return SerializePlatformData(pickle);\r\n}\r\n \r\nand visit the attached html page, with the attached image in the same directory.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39039.zip\n\n# 0day.today [2018-01-05] #", "sourceHref": "https://0day.today/exploit/25743", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-04T09:22:21", "description": "Google Chrome - Renderer Process to Browser Process Privilege Escalation. CVE-2015-8664. Dos exploits for multiple platform", "published": "2015-12-18T00:00:00", "type": "exploitdb", "title": "Google Chrome - Renderer Process to Browser Process Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-8664"], "modified": "2015-12-18T00:00:00", "id": "EDB-ID:39039", "href": "https://www.exploit-db.com/exploits/39039/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=664\r\n\r\nThere is an overflow in the ui::PlatformCursor WebCursor::GetPlatformCursor method. In src/content/common/cursors/webcursor_aurax11.cc&q=webcursor_aurax11.cc, there is the following code:\r\n\r\nbitmap.allocN32Pixels(custom_size_.width(), custom_size_.height());\r\nmemcpy(bitmap.getAddr32(0, 0), custom_data_.data(), custom_data_.size());\r\n\r\nThe bitmap buffer is allocated based on the width and height of the custom_size_, but the memcpy is performed using the size of the custom_data_.\r\n\r\nThese values are set during WebCursor deserialization in src/content/common/cursors/webcursor.cc in WebCursor::Deserialize.\r\n\r\ncustom_size_ is set from two integers that a deserialized from a message and can be between 0 and 1024. custom_data_ is set from a vector that is deserialized, and can be any size, unrelated to the width and height. The custom_data_ is verified not to be smaller than the expected pixel buffer based on the width and height, but can be longer.\r\n\r\nGetPlatformCursor is called indirectly by RenderWidgetHostImpl::OnSetCursor, which is called in response to a ViewHostMsg_SetCursor message from the renderer.\r\n\r\nThe issue above is in the x11 implementation, but it appears also affect other platform-specific implementations other than the Windows one, which instead reads out of bounds.\r\n\r\nI recommend this issue be fixed by changing the check in WebCursor::Deserialize:\r\n\r\nif (size_x * size_y * 4 > data_len)\r\n return false;\r\n\r\nto\r\n\r\nif (size_x * size_y * 4 != data_len)\r\n return false;\r\n\r\nto prevent the issue in all platform-specific implementations.\r\n \r\nTo reproduce the issue replace WebCursor::Serialize with:\r\n\r\nbool WebCursor::Serialize(base::Pickle* pickle) const {\r\n\r\n if(type_ == WebCursorInfo::TypeCustom){\r\n LOG(WARNING) << \"IN SERIALIZE\\n\";\r\n if (!pickle->WriteInt(type_) ||\r\n !pickle->WriteInt(hotspot_.x()) ||\r\n !pickle->WriteInt(hotspot_.y()) ||\r\n !pickle->WriteInt(2) ||\r\n !pickle->WriteInt(1) ||\r\n !pickle->WriteFloat(custom_scale_))\r\n return false;\r\n }else{\r\n\r\n if (!pickle->WriteInt(type_) ||\r\n !pickle->WriteInt(hotspot_.x()) ||\r\n !pickle->WriteInt(hotspot_.y()) ||\r\n !pickle->WriteInt(custom_size_.width()) ||\r\n !pickle->WriteInt(custom_size_.height()) ||\r\n !pickle->WriteFloat(custom_scale_))\r\n return false;\r\n\r\n }\r\n const char* data = NULL;\r\n if (!custom_data_.empty())\r\n data = &custom_data_[0];\r\n if (!pickle->WriteData(data, custom_data_.size()))\r\n return false;\r\n\r\n return SerializePlatformData(pickle);\r\n}\r\n\r\nand visit the attached html page, with the attached image in the same directory.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39039.zip\r\n\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/39039/"}], "suse": [{"lastseen": "2016-09-04T11:40:06", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6776", "CVE-2015-6775", "CVE-2015-6789", "CVE-2015-6766", "CVE-2015-6764", "CVE-2015-6770", "CVE-2015-6781", "CVE-2015-6771", "CVE-2015-6784", "CVE-2015-6774", "CVE-2015-6778", "CVE-2015-6772", "CVE-2015-6767", "CVE-2015-6783", "CVE-2015-6787", "CVE-2015-6786", "CVE-2015-6791", "CVE-2015-6780", "CVE-2015-6785", "CVE-2015-6790", "CVE-2015-6779", "CVE-2015-6788", "CVE-2015-6768", "CVE-2015-6765", "CVE-2015-6769", "CVE-2015-6773", "CVE-2015-6777", "CVE-2015-6782"], "description": "Chromium was updated to 47.0.2526.80 to fix security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-6788: Type confusion in extensions\n * CVE-2015-6789: Use-after-free in Blink\n * CVE-2015-6790: Escaping issue in saved pages\n * CVE-2015-6791: Various fixes from internal audits, fuzzing and other\n initiatives\n\n The following vulnerabilities were fixed in 47.0.2526.73:\n\n * CVE-2015-6765: Use-after-free in AppCache\n * CVE-2015-6766: Use-after-free in AppCache\n * CVE-2015-6767: Use-after-free in AppCache\n * CVE-2015-6768: Cross-origin bypass in DOM\n * CVE-2015-6769: Cross-origin bypass in core\n * CVE-2015-6770: Cross-origin bypass in DOM\n * CVE-2015-6771: Out of bounds access in v8\n * CVE-2015-6772: Cross-origin bypass in DOM\n * CVE-2015-6764: Out of bounds access in v8\n * CVE-2015-6773: Out of bounds access in Skia\n * CVE-2015-6774: Use-after-free in Extensions\n * CVE-2015-6775: Type confusion in PDFium\n * CVE-2015-6776: Out of bounds access in PDFium\n * CVE-2015-6777: Use-after-free in DOM\n * CVE-2015-6778: Out of bounds access in PDFium\n * CVE-2015-6779: Scheme bypass in PDFium\n * CVE-2015-6780: Use-after-free in Infobars\n * CVE-2015-6781: Integer overflow in Sfntly\n * CVE-2015-6782: Content spoofing in Omnibox\n * CVE-2015-6783: Signature validation issue in Android Crazy Linker.\n * CVE-2015-6784: Escaping issue in saved pages\n * CVE-2015-6785: Wildcard matching issue in CSP\n * CVE-2015-6786: Scheme bypass in CSP\n * CVE-2015-6787: Various fixes from internal audits, fuzzing and other\n initiatives.\n * Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch\n (currently 4.7.80.23)\n\n", "edition": 1, "modified": "2015-12-17T13:11:20", "published": "2015-12-17T13:11:20", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html", "id": "OPENSUSE-SU-2015:2291-1", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:16:05", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6776", "CVE-2015-6775", "CVE-2015-6789", "CVE-2015-6766", "CVE-2015-6764", "CVE-2015-6770", "CVE-2015-6781", "CVE-2015-6771", "CVE-2015-6784", "CVE-2015-6774", "CVE-2015-6778", "CVE-2015-6772", "CVE-2015-6767", "CVE-2015-6783", "CVE-2015-6787", "CVE-2015-6786", "CVE-2015-6791", "CVE-2015-6780", "CVE-2015-6785", "CVE-2015-6790", "CVE-2015-6779", "CVE-2015-6788", "CVE-2015-6768", "CVE-2015-6765", "CVE-2015-6769", "CVE-2015-6773", "CVE-2015-6777", "CVE-2015-6782"], "description": "Chromium was updated to 47.0.2526.80 to fix security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n * CVE-2015-6788: Type confusion in extensions\n * CVE-2015-6789: Use-after-free in Blink\n * CVE-2015-6790: Escaping issue in saved pages\n * CVE-2015-6791: Various fixes from internal audits, fuzzing and other\n initiatives\n\n The following vulnerabilities were fixed in 47.0.2526.73:\n\n * CVE-2015-6765: Use-after-free in AppCache\n * CVE-2015-6766: Use-after-free in AppCache\n * CVE-2015-6767: Use-after-free in AppCache\n * CVE-2015-6768: Cross-origin bypass in DOM\n * CVE-2015-6769: Cross-origin bypass in core\n * CVE-2015-6770: Cross-origin bypass in DOM\n * CVE-2015-6771: Out of bounds access in v8\n * CVE-2015-6772: Cross-origin bypass in DOM\n * CVE-2015-6764: Out of bounds access in v8\n * CVE-2015-6773: Out of bounds access in Skia\n * CVE-2015-6774: Use-after-free in Extensions\n * CVE-2015-6775: Type confusion in PDFium\n * CVE-2015-6776: Out of bounds access in PDFium\n * CVE-2015-6777: Use-after-free in DOM\n * CVE-2015-6778: Out of bounds access in PDFium\n * CVE-2015-6779: Scheme bypass in PDFium\n * CVE-2015-6780: Use-after-free in Infobars\n * CVE-2015-6781: Integer overflow in Sfntly\n * CVE-2015-6782: Content spoofing in Omnibox\n * CVE-2015-6783: Signature validation issue in Android Crazy Linker.\n * CVE-2015-6784: Escaping issue in saved pages\n * CVE-2015-6785: Wildcard matching issue in CSP\n * CVE-2015-6786: Scheme bypass in CSP\n * CVE-2015-6787: Various fixes from internal audits, fuzzing and other\n initiatives.\n * Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch\n (currently 4.7.80.23)\n\n", "edition": 1, "modified": "2015-12-17T13:10:52", "published": "2015-12-17T13:10:52", "id": "OPENSUSE-SU-2015:2290-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:50", "bulletinFamily": "unix", "cvelist": ["CVE-2015-6776", "CVE-2016-1628", "CVE-2016-1634", "CVE-2015-6775", "CVE-2016-1638", "CVE-2015-6789", "CVE-2015-6766", "CVE-2015-6762", "CVE-2015-8126", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-6764", "CVE-2016-1612", "CVE-2015-6770", "CVE-2015-6760", "CVE-2015-6781", "CVE-2015-1291", "CVE-2016-1615", "CVE-2015-1275", "CVE-2016-1626", "CVE-2016-1618", "CVE-2015-1297", "CVE-2015-1286", "CVE-2016-1613", "CVE-2015-1298", "CVE-2015-1295", "CVE-2015-6771", "CVE-2015-1289", "CVE-2015-1296", "CVE-2015-1270", "CVE-2015-6784", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1300", "CVE-2015-1287", "CVE-2016-1621", "CVE-2016-1631", "CVE-2015-6774", "CVE-2015-6778", "CVE-2016-1640", "CVE-2016-1632", "CVE-2015-1282", "CVE-2016-1622", "CVE-2015-6772", "CVE-2015-1285", "CVE-2016-1639", "CVE-2016-1616", "CVE-2015-1302", "CVE-2015-1293", "CVE-2015-6758", "CVE-2015-1303", "CVE-2015-1294", "CVE-2016-1635", "CVE-2015-1276", "CVE-2015-1278", "CVE-2016-1620", "CVE-2015-6767", "CVE-2015-6783", "CVE-2016-1636", "CVE-2015-6787", "CVE-2015-6792", "CVE-2015-1277", "CVE-2016-1627", "CVE-2015-6786", "CVE-2016-1641", "CVE-2016-1633", "CVE-2016-1624", "CVE-2016-1617", "CVE-2015-6791", "CVE-2016-1629", "CVE-2015-6780", "CVE-2015-6785", "CVE-2015-6790", "CVE-2016-1619", "CVE-2015-1271", "CVE-2015-1292", "CVE-2015-6779", "CVE-2015-6788", "CVE-2015-6759", "CVE-2015-1273", "CVE-2015-6756", "CVE-2015-6768", "CVE-2015-6763", "CVE-2016-1630", "CVE-2016-1637", "CVE-2015-6765", "CVE-2015-6755", "CVE-2015-6769", "CVE-2015-6773", "CVE-2015-1304", "CVE-2015-6777", "CVE-2015-1280", "CVE-2015-1299", "CVE-2015-6757", "CVE-2016-1623", "CVE-2015-6782", "CVE-2016-1625", "CVE-2015-1284", "CVE-2016-1614", "CVE-2015-6761"], "edition": 1, "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-49.0.2623.87\"", "modified": "2016-03-12T00:00:00", "published": "2016-03-12T00:00:00", "id": "GLSA-201603-09", "href": "https://security.gentoo.org/glsa/201603-09", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
