{"id": "RHSA-2016:1262", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2016:1262) Important: chromium-browser security update", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 51.0.2704.103.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1704)", "published": "2016-06-20T23:18:07", "modified": "2018-06-07T09:04:31", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2016:1262", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-1704"], "lastseen": "2019-08-13T18:45:12", "viewCount": 1, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2019-08-13T18:45:12", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-1704"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_51_0_2704_103.NASL", "OPENSUSE-2016-741.NASL", "MACOSX_GOOGLE_CHROME_51_0_2704_103.NASL", "UBUNTU_USN-3015-1.NASL", "OPENSUSE-2016-756.NASL", "REDHAT-RHSA-2016-1262.NASL", "OPENSUSE-2016-744.NASL", "FREEBSD_PKG_D59EBED434BE11E6BE253065EC8FD3EC.NASL", "DEBIAN_DSA-3637.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703637", "OPENVAS:1361412562310808234", "OPENVAS:1361412562310851345", "OPENVAS:1361412562310842818", "OPENVAS:1361412562310851346", "OPENVAS:703637", "OPENVAS:1361412562310851355", "OPENVAS:1361412562310808233", "OPENVAS:1361412562310808232"]}, {"type": "kaspersky", "idList": ["KLA10833"]}, {"type": "freebsd", "idList": ["D59EBED4-34BE-11E6-BE25-3065EC8FD3EC"]}, {"type": "ubuntu", "idList": ["USN-3015-1"]}, {"type": "archlinux", "idList": ["ASA-201606-20"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1624-1", "OPENSUSE-SU-2016:1655-1", "OPENSUSE-SU-2016:1626-1", "OPENSUSE-SU-2016:1623-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3637-1:68841"]}], "modified": "2019-08-13T18:45:12", "rev": 2}, "vulnersScore": 6.9}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "chromium-browser-debuginfo", "packageVersion": "51.0.2704.103-1.el6", "packageFilename": "chromium-browser-debuginfo-51.0.2704.103-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "chromium-browser", "packageVersion": "51.0.2704.103-1.el6", "packageFilename": "chromium-browser-51.0.2704.103-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "chromium-browser-debuginfo", "packageVersion": "51.0.2704.103-1.el6", "packageFilename": "chromium-browser-debuginfo-51.0.2704.103-1.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "chromium-browser", "packageVersion": "51.0.2704.103-1.el6", "packageFilename": "chromium-browser-51.0.2704.103-1.el6.i686.rpm", "operator": "lt"}]}

{"cve": [{"lastseen": "2020-12-09T20:07:35", "description": "Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-03T21:59:00", "title": "CVE-2016-1704", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1704"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:opensuse:opensuse:13.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:novell:suse_package_hub_for_suse_linux_enterprise:12", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:google:chrome:51.0.2704.84", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:opensuse:leap:42.1", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2016-1704", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1704", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:google:chrome:51.0.2704.84:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:37:21", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1704"], "description": "Multiple security issues were discovered in Chromium. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to read uninitialized memory, cause a denial \nof service via application crash, or execute arbitrary code. \n(CVE-2016-1704)", "edition": 5, "modified": "2016-06-30T00:00:00", "published": "2016-06-30T00:00:00", "id": "USN-3015-1", "href": "https://ubuntu.com/security/notices/USN-3015-1", "title": "Oxide vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:49:55", "bulletinFamily": "info", "cvelist": ["CVE-2016-1704"], "description": "### *Detect date*:\n06/15/2016\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple unspecified vulnerability were found in Google Chrome.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 51.0.2704.103\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Google Chrome](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Google Chrome releases blog entry](<http://feedproxy.google.com/~r/GoogleChromeReleases/~3/BnJyGIksm6w/stable-channel-update_16.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2016-1704](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1704>)6.8High", "edition": 40, "modified": "2020-05-22T00:00:00", "published": "2016-06-15T00:00:00", "id": "KLA10833", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10833", "title": "\r KLA10833Multiple unknown vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-07-19T22:11:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1704"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-06-21T00:00:00", "id": "OPENVAS:1361412562310808232", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808232", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update_16-2016-06)-Windows", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update_16-2016-06)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808232\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-1704\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-21 13:31:03 +0530 (Tue, 21 Jun 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update_16-2016-06)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaws exist due to there is a hidden\n prototype, and 'documentWrapper->GetPrototype()' actually returns itself, or\n fallbacked attributes are data-type properties.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause some unspecified impact.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 51.0.2704.103 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 51.0.2704.103 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/06/stable-channel-update_16.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"51.0.2704.103\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"51.0.2704.103\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1704"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-07-01T00:00:00", "id": "OPENVAS:1361412562310842818", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842818", "type": "openvas", "title": "Ubuntu Update for oxide-qt USN-3015-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for oxide-qt USN-3015-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842818\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-01 05:25:18 +0200 (Fri, 01 Jul 2016)\");\n script_cve_id(\"CVE-2016-1704\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for oxide-qt USN-3015-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered\n in Chromium. If a user were tricked in to opening a specially crafted website,\n an attacker could potentially exploit these to read uninitialized memory,\n cause a denial of service via application crash, or execute arbitrary code.\n (CVE-2016-1704)\");\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 16.04 LTS,\n Ubuntu 15.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3015-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3015-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.15.8-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.15.8-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.15.8-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.15.8-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.15.8-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.15.8-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:11:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1704"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-06-21T00:00:00", "id": "OPENVAS:1361412562310808233", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808233", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update_16-2016-06)-Linux", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update_16-2016-06)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808233\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-1704\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-21 13:31:03 +0530 (Tue, 21 Jun 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update_16-2016-06)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaws exist due to there is a hidden\n prototype, and 'documentWrapper->GetPrototype()' actually returns itself, or\n fallbacked attributes are data-type properties.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause some unspecified impact.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 51.0.2704.103 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 51.0.2704.103 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/06/stable-channel-update_16.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"51.0.2704.103\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"51.0.2704.103\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:11:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1704"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-06-21T00:00:00", "id": "OPENVAS:1361412562310808234", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808234", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update_16-2016-06)-MAC OS X", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update_16-2016-06)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808234\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-1704\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-06-21 13:31:03 +0530 (Tue, 21 Jun 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update_16-2016-06)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaws exist due to there is a hidden\n prototype, and 'documentWrapper->GetPrototype()' actually returns itself, or\n fallbacked attributes are data-type properties.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause some unspecified impact.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 51.0.2704.103 on MAC OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 51.0.2704.103 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/06/stable-channel-update_16.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"51.0.2704.103\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"51.0.2704.103\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:35:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1704"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-06-19T00:00:00", "id": "OPENVAS:1361412562310851345", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851345", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1624-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851345\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-19 05:20:26 +0200 (Sun, 19 Jun 2016)\");\n script_cve_id(\"CVE-2016-1704\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1624-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium was updated to 51.0.2704.103 to fix three vulnerabilities:\n\n - CVE-2016-1704: Various fixes from internal audits, fuzzing and other\n initiatives (shared identifier) (boo#985397)\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1624-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~51.0.2704.103~57.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~51.0.2704.103~57.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~51.0.2704.103~57.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~51.0.2704.103~57.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~51.0.2704.103~57.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~51.0.2704.103~57.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~51.0.2704.103~57.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~51.0.2704.103~57.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~51.0.2704.103~57.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:36:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1704"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-06-20T00:00:00", "id": "OPENVAS:1361412562310851346", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851346", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1626-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851346\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-20 05:19:06 +0200 (Mon, 20 Jun 2016)\");\n script_cve_id(\"CVE-2016-1704\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1626-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium was updated to 51.0.2704.103 to fix three vulnerabilities:\n\n - CVE-2016-1704: Various fixes from internal audits, fuzzing and other\n initiatives (shared identifier) (boo#985397)\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1626-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~51.0.2704.103~108.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~51.0.2704.103~108.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~51.0.2704.103~108.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~51.0.2704.103~108.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~51.0.2704.103~108.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~51.0.2704.103~108.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~51.0.2704.103~108.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~51.0.2704.103~108.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~51.0.2704.103~108.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:36:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1667", "CVE-2016-1665", "CVE-2016-1668", "CVE-2016-1669", "CVE-2016-1666", "CVE-2016-1704", "CVE-2016-1663", "CVE-2016-1661", "CVE-2016-1664", "CVE-2016-1662", "CVE-2016-1670", "CVE-2016-1660"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-06-23T00:00:00", "id": "OPENVAS:1361412562310851355", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851355", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1655-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851355\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-23 05:24:43 +0200 (Thu, 23 Jun 2016)\");\n script_cve_id(\"CVE-2016-1660\", \"CVE-2016-1661\", \"CVE-2016-1662\", \"CVE-2016-1663\",\n \"CVE-2016-1664\", \"CVE-2016-1665\", \"CVE-2016-1666\", \"CVE-2016-1667\",\n \"CVE-2016-1668\", \"CVE-2016-1669\", \"CVE-2016-1670\", \"CVE-2016-1704\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1655-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium was updated to 51.0.2704.103 to fix three vulnerabilities:\n\n - CVE-2016-1704: Various fixes from internal audits, fuzzing and other\n initiatives (shared identifier) (boo#985397)\n\n Includes vulnerability fixes from 50.0.2661.102 (boo#979859):\n\n - CVE-2016-1667: Same origin bypass in DOM\n\n - CVE-2016-1668: Same origin bypass in Blink V8 bindings\n\n - CVE-2016-1669: Buffer overflow in V8\n\n - CVE-2016-1670: Race condition in loader\n\n Includes vulnerability fixes from 50.0.2661.94 (boo#977830):\n\n - CVE-2016-1660: Out-of-bounds write in Blink\n\n - CVE-2016-1661: Memory corruption in cross-process frames\n\n - CVE-2016-1662: Use-after-free in extensions\n\n - CVE-2016-1663: Use-after-free in Blink's V8 bindings\n\n - CVE-2016-1664: Address bar spoofing\n\n - CVE-2016-1665: Information leak in V8\n\n - CVE-2016-1666: Various fixes from internal audits, fuzzing and other\n initiatives\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1655-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~51.0.2704.103~147.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~51.0.2704.103~147.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~51.0.2704.103~147.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~51.0.2704.103~147.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~51.0.2704.103~147.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~51.0.2704.103~147.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~51.0.2704.103~147.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~51.0.2704.103~147.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~51.0.2704.103~147.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1704", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1704\nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1705\nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1706\nPinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707\nxisigr discovered a URL spoofing issue.\n\nCVE-2016-1708\nAdam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709\nChenQin discovered a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710\nMariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711\nMariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127\ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128\nA same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129\nJeonghoon Shin discovered a memory corruption issue in the v8 javascript\nlibrary.\n\nCVE-2016-5130\nWidih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131\nNick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132\nBen Kelly discovered a same-origin bypass.\n\nCVE-2016-5133\nPatch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134\nPaul Stone discovered an information leak in the Proxy Auto-Config\nfeature.\n\nCVE-2016-5135\nShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136\nRob Wu discovered a use-after-free issue.\n\nCVE-2016-5137\nXiaoyin Liu discovered a way to discover whether an HSTS web side had been\nvisited.", "modified": "2019-03-18T00:00:00", "published": "2016-08-04T00:00:00", "id": "OPENVAS:1361412562310703637", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703637", "type": "openvas", "title": "Debian Security Advisory DSA 3637-1 (chromium-browser - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3637.nasl 3798 2016-08-04 11:01:10Z antu123 $\n# Auto-generated from advisory DSA 3637-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703637\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-1704\", \"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\",\n \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\",\n \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\",\n \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\",\n \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_name(\"Debian Security Advisory DSA 3637-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:39 +0530 (Thu, 04 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3637.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 52.0.2743.82-1~deb8u1.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems\nhave been fixed in version 52.0.2743.82-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1704\nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1705\nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1706\nPinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707\nxisigr discovered a URL spoofing issue.\n\nCVE-2016-1708\nAdam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709\nChenQin discovered a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710\nMariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711\nMariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127\ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128\nA same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129\nJeonghoon Shin discovered a memory corruption issue in the v8 javascript\nlibrary.\n\nCVE-2016-5130\nWidih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131\nNick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132\nBen Kelly discovered a same-origin bypass.\n\nCVE-2016-5133\nPatch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134\nPaul Stone discovered an information leak in the Proxy Auto-Config\nfeature.\n\nCVE-2016-5135\nShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136\nRob Wu discovered a use-after-free issue.\n\nCVE-2016-5137\nXiaoyin Liu discovered a way to discover whether an HSTS web side had been\nvisited.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.82-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.82-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.82-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1704", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1704 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1705 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1706 \nPinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707 \nxisigr discovered a URL spoofing issue.\n\nCVE-2016-1708 \nAdam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709 \nChenQin discovered a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710 \nMariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711 \nMariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127 \ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128 \nA same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129 \nJeonghoon Shin discovered a memory corruption issue in the v8 javascript\nlibrary.\n\nCVE-2016-5130 \nWidih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131 \nNick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132 \nBen Kelly discovered a same-origin bypass.\n\nCVE-2016-5133 \nPatch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134 \nPaul Stone discovered an information leak in the Proxy Auto-Config\nfeature.\n\nCVE-2016-5135 \nShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136 \nRob Wu discovered a use-after-free issue.\n\nCVE-2016-5137 \nXiaoyin Liu discovered a way to discover whether an HSTS web side had been\nvisited.", "modified": "2017-07-07T00:00:00", "published": "2016-08-04T00:00:00", "id": "OPENVAS:703637", "href": "http://plugins.openvas.org/nasl.php?oid=703637", "type": "openvas", "title": "Debian Security Advisory DSA 3637-1 (chromium-browser - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3637.nasl 3798 2016-08-04 11:01:10Z antu123 $\n# Auto-generated from advisory DSA 3637-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703637);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-1704\", \"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\",\n \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\",\n \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\",\n \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\",\n \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_name(\"Debian Security Advisory DSA 3637-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:39 +0530 (Thu, 04 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3637.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 52.0.2743.82-1~deb8u1.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems\nhave been fixed in version 52.0.2743.82-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1704 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1705 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1706 \nPinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707 \nxisigr discovered a URL spoofing issue.\n\nCVE-2016-1708 \nAdam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709 \nChenQin discovered a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710 \nMariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711 \nMariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127 \ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128 \nA same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129 \nJeonghoon Shin discovered a memory corruption issue in the v8 javascript\nlibrary.\n\nCVE-2016-5130 \nWidih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131 \nNick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132 \nBen Kelly discovered a same-origin bypass.\n\nCVE-2016-5133 \nPatch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134 \nPaul Stone discovered an information leak in the Proxy Auto-Config\nfeature.\n\nCVE-2016-5135 \nShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136 \nRob Wu discovered a use-after-free issue.\n\nCVE-2016-5137 \nXiaoyin Liu discovered a way to discover whether an HSTS web side had been\nvisited.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.82-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.82-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.82-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1704"], "description": "Chromium was updated to 51.0.2704.103 to fix three vulnerabilities:\n\n - CVE-2016-1704: Various fixes from internal audits, fuzzing and other\n initiatives (shared identifier) (boo#985397)\n\n", "edition": 1, "modified": "2016-06-19T16:08:09", "published": "2016-06-19T16:08:09", "id": "OPENSUSE-SU-2016:1626-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00039.html", "type": "suse", "title": "Security update for Chromium (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:47:01", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1704"], "description": "Chromium was updated to 51.0.2704.103 to fix three vulnerabilities:\n\n - CVE-2016-1704: Various fixes from internal audits, fuzzing and other\n initiatives (shared identifier) (boo#985397)\n\n", "edition": 1, "modified": "2016-06-18T20:07:55", "published": "2016-06-18T20:07:55", "id": "OPENSUSE-SU-2016:1623-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00036.html", "type": "suse", "title": "Security update for Chromium (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:32:37", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1704"], "description": "Chromium was updated to 51.0.2704.103 to fix three vulnerabilities:\n\n - CVE-2016-1704: Various fixes from internal audits, fuzzing and other\n initiatives (shared identifier) (boo#985397)\n\n", "edition": 1, "modified": "2016-06-18T20:08:08", "published": "2016-06-18T20:08:08", "id": "OPENSUSE-SU-2016:1624-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00037.html", "type": "suse", "title": "Security update for Chromium (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:22:07", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1667", "CVE-2016-1665", "CVE-2016-1668", "CVE-2016-1669", "CVE-2016-1666", "CVE-2016-1704", "CVE-2016-1663", "CVE-2016-1661", "CVE-2016-1664", "CVE-2016-1662", "CVE-2016-1670", "CVE-2016-1660"], "description": "Chromium was updated to 51.0.2704.103 to fix three vulnerabilities:\n\n - CVE-2016-1704: Various fixes from internal audits, fuzzing and other\n initiatives (shared identifier) (boo#985397)\n\n Includes vulnerability fixes from 50.0.2661.102 (boo#979859):\n\n - CVE-2016-1667: Same origin bypass in DOM\n - CVE-2016-1668: Same origin bypass in Blink V8 bindings\n - CVE-2016-1669: Buffer overflow in V8\n - CVE-2016-1670: Race condition in loader\n\n Includes vulnerability fixes from 50.0.2661.94 (boo#977830):\n\n - CVE-2016-1660: Out-of-bounds write in Blink\n - CVE-2016-1661: Memory corruption in cross-process frames\n - CVE-2016-1662: Use-after-free in extensions\n - CVE-2016-1663: Use-after-free in Blink\u00c3\u00a2\u00c2\u0080\u00c2\u0099s V8 bindings\n - CVE-2016-1664: Address bar spoofing\n - CVE-2016-1665: Information leak in V8\n - CVE-2016-1666: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "edition": 1, "modified": "2016-06-22T15:16:20", "published": "2016-06-22T15:16:20", "id": "OPENSUSE-SU-2016:1655-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html", "type": "suse", "title": "Security update for Chromium (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1704"], "description": "Various fixes from internal audits, fuzzing and other initiatives,\nincluding multiple issues in the processing of malformed web content.", "modified": "2016-06-25T00:00:00", "published": "2016-06-25T00:00:00", "id": "ASA-201606-20", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html", "type": "archlinux", "title": "chromium: arbitrary code execution", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:40", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1704"], "description": "\nGoogle Chrome Releases reports:\n\n3 security fixes in this release, including:\n\n[620742] CVE-2016-1704: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n\n\n", "edition": 4, "modified": "2016-06-16T00:00:00", "published": "2016-06-16T00:00:00", "id": "D59EBED4-34BE-11E6-BE25-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/d59ebed4-34be-11e6-be25-3065ec8fd3ec.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T03:30:24", "description": "The version of Google Chrome installed on the remote Mac OS X host is\nprior to 51.0.2704.103. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A flaw exists in the individualCharacterRanges()\n function in CachingWordShaper.cpp that is triggered when\n handling invalid glyph shaping results. A remote\n attacker can exploit this issue to corrupt memory,\n resulting in the execution of code.\n\n - A use-after-free error exists in the OnChannelMessage()\n function in node_channel.cc that allows a remote\n attacker to dereference already freed memory, resulting\n in the execution of arbitrary code.\n\n - An unspecified flaw exists in\n shared_worker_devtools_manager.cc that allows a remote\n attacker to have an unspecified impact.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-06-20T00:00:00", "title": "Google Chrome < 51.0.2704.103 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1704"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_51_0_2704_103.NASL", "href": "https://www.tenable.com/plugins/nessus/91717", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91717);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\"CVE-2016-1704\");\n\n script_name(english:\"Google Chrome < 51.0.2704.103 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Mac OS X host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 51.0.2704.103. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A flaw exists in the individualCharacterRanges()\n function in CachingWordShaper.cpp that is triggered when\n handling invalid glyph shaping results. A remote\n attacker can exploit this issue to corrupt memory,\n resulting in the execution of code.\n\n - A use-after-free error exists in the OnChannelMessage()\n function in node_channel.cc that allows a remote\n attacker to dereference already freed memory, resulting\n in the execution of arbitrary code.\n\n - An unspecified flaw exists in\n shared_worker_devtools_manager.cc that allows a remote\n attacker to have an unspecified impact.\");\n # https://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0892ec7f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 51.0.2704.103 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1704\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'51.0.2704.103', severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:05:49", "description": "The version of Google Chrome installed on the remote Windows host is\nprior to 51.0.2704.103. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A flaw exists in the individualCharacterRanges()\n function in CachingWordShaper.cpp that is triggered when\n handling invalid glyph shaping results. A remote\n attacker can exploit this issue to corrupt memory,\n resulting in the execution of code.\n\n - A use-after-free error exists in the OnChannelMessage()\n function in node_channel.cc that allows a remote\n attacker to dereference already freed memory, resulting\n in the execution of arbitrary code.\n\n - An unspecified flaw exists in\n shared_worker_devtools_manager.cc that allows a remote\n attacker to have an unspecified impact.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-06-20T00:00:00", "title": "Google Chrome < 51.0.2704.103 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1704"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_51_0_2704_103.NASL", "href": "https://www.tenable.com/plugins/nessus/91716", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91716);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\"CVE-2016-1704\");\n\n script_name(english:\"Google Chrome < 51.0.2704.103 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 51.0.2704.103. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A flaw exists in the individualCharacterRanges()\n function in CachingWordShaper.cpp that is triggered when\n handling invalid glyph shaping results. A remote\n attacker can exploit this issue to corrupt memory,\n resulting in the execution of code.\n\n - A use-after-free error exists in the OnChannelMessage()\n function in node_channel.cc that allows a remote\n attacker to dereference already freed memory, resulting\n in the execution of arbitrary code.\n\n - An unspecified flaw exists in\n shared_worker_devtools_manager.cc that allows a remote\n attacker to have an unspecified impact.\");\n # https://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0892ec7f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 51.0.2704.103 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1704\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'51.0.2704.103', severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:43:48", "description": "Multiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-1704).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-07-01T00:00:00", "title": "Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : oxide-qt vulnerabilities (USN-3015-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1704"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:15.10", "p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3015-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91914", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3015-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91914);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2016-1704\");\n script_xref(name:\"USN\", value:\"3015-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : oxide-qt vulnerabilities (USN-3015-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash, or execute arbitrary code.\n(CVE-2016-1704).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3015-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected liboxideqtcore0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.15.8-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"liboxideqtcore0\", pkgver:\"1.15.8-0ubuntu0.15.10.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.15.8-0ubuntu0.16.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:58:46", "description": "Google Chrome Releases reports :\n\n3 security fixes in this release, including :\n\n- [620742] CVE-2016-1704: Various fixes from internal audits, fuzzing\nand other initiatives.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-06-20T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (d59ebed4-34be-11e6-be25-3065ec8fd3ec)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1704"], "modified": "2016-06-20T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium-npapi", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium-pulse", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_D59EBED434BE11E6BE253065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/91700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91700);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-1704\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (d59ebed4-34be-11e6-be25-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n3 security fixes in this release, including :\n\n- [620742] CVE-2016-1704: Various fixes from internal audits, fuzzing\nand other initiatives.\"\n );\n # https://googlechromereleases.blogspot.nl/2016/06/stable-channel-update_16.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c238766\"\n );\n # https://vuxml.freebsd.org/freebsd/d59ebed4-34be-11e6-be25-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8d140b39\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<51.0.2704.103\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<51.0.2704.103\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<51.0.2704.103\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T20:09:34", "description": "An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 51.0.2704.103.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Chromium\nto crash, execute arbitrary code, or disclose sensitive information\nwhen visited by the victim. (CVE-2016-1704)", "edition": 20, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-06-21T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2016:1262)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1704"], "modified": "2016-06-21T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "p-cpe:/a:redhat:enterprise_linux:chromium-browser", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-1262.NASL", "href": "https://www.tenable.com/plugins/nessus/91724", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1262. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91724);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-1704\");\n script_xref(name:\"RHSA\", value:\"2016:1262\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2016:1262)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 51.0.2704.103.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Chromium\nto crash, execute arbitrary code, or disclose sensitive information\nwhen visited by the victim. (CVE-2016-1704)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1704\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1262\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-51.0.2704.103-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-51.0.2704.103-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-51.0.2704.103-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-51.0.2704.103-1.el6\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:30:36", "description": "Chromium was updated to 51.0.2704.103 to fix three vulnerabilities :\n\n - CVE-2016-1704: Various fixes from internal audits,\n fuzzing and other initiatives (shared identifier)\n (boo#985397)", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-06-20T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2016-741)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1704"], "modified": "2016-06-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2016-741.NASL", "href": "https://www.tenable.com/plugins/nessus/91707", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-741.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91707);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1704\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-741)\");\n script_summary(english:\"Check for the openSUSE-2016-741 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 51.0.2704.103 to fix three vulnerabilities :\n\n - CVE-2016-1704: Various fixes from internal audits,\n fuzzing and other initiatives (shared identifier)\n (boo#985397)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985397\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-51.0.2704.103-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-debuginfo-51.0.2704.103-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-51.0.2704.103-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-debuginfo-51.0.2704.103-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-debugsource-51.0.2704.103-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-gnome-51.0.2704.103-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-kde-51.0.2704.103-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-ffmpegsumo-51.0.2704.103-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-ffmpegsumo-debuginfo-51.0.2704.103-57.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:30:37", "description": "Chromium was updated to 51.0.2704.103 to fix three vulnerabilities :\n\n - CVE-2016-1704: Various fixes from internal audits,\n fuzzing and other initiatives (shared identifier)\n (boo#985397)", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-06-20T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2016-744)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1704"], "modified": "2016-06-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2016-744.NASL", "href": "https://www.tenable.com/plugins/nessus/91709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-744.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91709);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1704\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-744)\");\n script_summary(english:\"Check for the openSUSE-2016-744 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 51.0.2704.103 to fix three vulnerabilities :\n\n - CVE-2016-1704: Various fixes from internal audits,\n fuzzing and other initiatives (shared identifier)\n (boo#985397)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985397\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-51.0.2704.103-108.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-51.0.2704.103-108.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-51.0.2704.103-108.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-51.0.2704.103-108.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-51.0.2704.103-108.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-51.0.2704.103-108.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-51.0.2704.103-108.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-51.0.2704.103-108.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-51.0.2704.103-108.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:30:40", "description": "Chromium was updated to 51.0.2704.103 to fix three vulnerabilities :\n\n - CVE-2016-1704: Various fixes from internal audits,\n fuzzing and other initiatives (shared identifier)\n (boo#985397)\n\nIncludes vulnerability fixes from 50.0.2661.102 (boo#979859) :\n\n - CVE-2016-1667: Same origin bypass in DOM\n\n - CVE-2016-1668: Same origin bypass in Blink V8 bindings\n\n - CVE-2016-1669: Buffer overflow in V8\n\n - CVE-2016-1670: Race condition in loader\n\nIncludes vulnerability fixes from 50.0.2661.94 (boo#977830) :\n\n - CVE-2016-1660: Out-of-bounds write in Blink\n\n - CVE-2016-1661: Memory corruption in cross-process frames\n\n - CVE-2016-1662: Use-after-free in extensions\n\n - CVE-2016-1663: Use-after-free in Blink&rsquo;s V8\n bindings\n\n - CVE-2016-1664: Address bar spoofing\n\n - CVE-2016-1665: Information leak in V8\n\n - CVE-2016-1666: Various fixes from internal audits,\n fuzzing and other initiatives", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-27T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2016-756)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1667", "CVE-2016-1665", "CVE-2016-1668", "CVE-2016-1669", "CVE-2016-1666", "CVE-2016-1704", "CVE-2016-1663", "CVE-2016-1661", "CVE-2016-1664", "CVE-2016-1662", "CVE-2016-1670", "CVE-2016-1660"], "modified": "2016-06-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2016-756.NASL", "href": "https://www.tenable.com/plugins/nessus/91848", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-756.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91848);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1660\", \"CVE-2016-1661\", \"CVE-2016-1662\", \"CVE-2016-1663\", \"CVE-2016-1664\", \"CVE-2016-1665\", \"CVE-2016-1666\", \"CVE-2016-1667\", \"CVE-2016-1668\", \"CVE-2016-1669\", \"CVE-2016-1670\", \"CVE-2016-1704\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-756)\");\n script_summary(english:\"Check for the openSUSE-2016-756 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 51.0.2704.103 to fix three vulnerabilities :\n\n - CVE-2016-1704: Various fixes from internal audits,\n fuzzing and other initiatives (shared identifier)\n (boo#985397)\n\nIncludes vulnerability fixes from 50.0.2661.102 (boo#979859) :\n\n - CVE-2016-1667: Same origin bypass in DOM\n\n - CVE-2016-1668: Same origin bypass in Blink V8 bindings\n\n - CVE-2016-1669: Buffer overflow in V8\n\n - CVE-2016-1670: Race condition in loader\n\nIncludes vulnerability fixes from 50.0.2661.94 (boo#977830) :\n\n - CVE-2016-1660: Out-of-bounds write in Blink\n\n - CVE-2016-1661: Memory corruption in cross-process frames\n\n - CVE-2016-1662: Use-after-free in extensions\n\n - CVE-2016-1663: Use-after-free in Blink&rsquo;s V8\n bindings\n\n - CVE-2016-1664: Address bar spoofing\n\n - CVE-2016-1665: Information leak in V8\n\n - CVE-2016-1666: Various fixes from internal audits,\n fuzzing and other initiatives\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985397\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-51.0.2704.103-147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-51.0.2704.103-147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-51.0.2704.103-147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-51.0.2704.103-147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-51.0.2704.103-147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-51.0.2704.103-147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-51.0.2704.103-147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-51.0.2704.103-147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-51.0.2704.103-147.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:49:44", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2016-1704\n The chrome development team found and fixed various\n issues during internal auditing.\n\n - CVE-2016-1705\n The chrome development team found and fixed various\n issues during internal auditing.\n\n - CVE-2016-1706\n Pinkie Pie discovered a way to escape the Pepper Plugin\n API sandbox.\n\n - CVE-2016-1707\n xisigr discovered a URL spoofing issue.\n\n - CVE-2016-1708\n Adam Varsan discovered a use-after-free issue.\n\n - CVE-2016-1709\n ChenQin discovered a buffer overflow issue in the sfntly\n library.\n\n - CVE-2016-1710\n Mariusz Mlynski discovered a same-origin bypass.\n\n - CVE-2016-1711\n Mariusz Mlynski discovered another same-origin bypass.\n\n - CVE-2016-5127\n cloudfuzzer discovered a use-after-free issue.\n\n - CVE-2016-5128\n A same-origin bypass issue was discovered in the v8\n JavaScript library.\n\n - CVE-2016-5129\n Jeonghoon Shin discovered a memory corruption issue in\n the v8 JavaScript library.\n\n - CVE-2016-5130\n Widih Matar discovered a URL spoofing issue.\n\n - CVE-2016-5131\n Nick Wellnhofer discovered a use-after-free issue in the\n libxml2 library.\n\n - CVE-2016-5132\n Ben Kelly discovered a same-origin bypass.\n\n - CVE-2016-5133\n Patch Eudor discovered an issue in proxy authentication.\n\n - CVE-2016-5134\n Paul Stone discovered an information leak in the Proxy\n Auto-Config feature.\n\n - CVE-2016-5135\n ShenYeYinJiu discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2016-5136\n Rob Wu discovered a use-after-free issue.\n\n - CVE-2016-5137\n Xiaoyin Liu discovered a way to discover whether an HSTS\n website had been visited.", "edition": 26, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2016-08-02T00:00:00", "title": "Debian DSA-3637-1 : chromium-browser - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1704", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2016-08-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:chromium-browser"], "id": "DEBIAN_DSA-3637.NASL", "href": "https://www.tenable.com/plugins/nessus/92666", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3637. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92666);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1704\", \"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_xref(name:\"DSA\", value:\"3637\");\n\n script_name(english:\"Debian DSA-3637-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2016-1704\n The chrome development team found and fixed various\n issues during internal auditing.\n\n - CVE-2016-1705\n The chrome development team found and fixed various\n issues during internal auditing.\n\n - CVE-2016-1706\n Pinkie Pie discovered a way to escape the Pepper Plugin\n API sandbox.\n\n - CVE-2016-1707\n xisigr discovered a URL spoofing issue.\n\n - CVE-2016-1708\n Adam Varsan discovered a use-after-free issue.\n\n - CVE-2016-1709\n ChenQin discovered a buffer overflow issue in the sfntly\n library.\n\n - CVE-2016-1710\n Mariusz Mlynski discovered a same-origin bypass.\n\n - CVE-2016-1711\n Mariusz Mlynski discovered another same-origin bypass.\n\n - CVE-2016-5127\n cloudfuzzer discovered a use-after-free issue.\n\n - CVE-2016-5128\n A same-origin bypass issue was discovered in the v8\n JavaScript library.\n\n - CVE-2016-5129\n Jeonghoon Shin discovered a memory corruption issue in\n the v8 JavaScript library.\n\n - CVE-2016-5130\n Widih Matar discovered a URL spoofing issue.\n\n - CVE-2016-5131\n Nick Wellnhofer discovered a use-after-free issue in the\n libxml2 library.\n\n - CVE-2016-5132\n Ben Kelly discovered a same-origin bypass.\n\n - CVE-2016-5133\n Patch Eudor discovered an issue in proxy authentication.\n\n - CVE-2016-5134\n Paul Stone discovered an information leak in the Proxy\n Auto-Config feature.\n\n - CVE-2016-5135\n ShenYeYinJiu discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2016-5136\n Rob Wu discovered a use-after-free issue.\n\n - CVE-2016-5137\n Xiaoyin Liu discovered a way to discover whether an HSTS\n website had been visited.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3637\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 52.0.2743.82-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"chromedriver\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-dbg\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-inspector\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-l10n\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T01:03:52", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1704", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3637-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJuly 31, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2016-1704 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707\n CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711\n CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130\n CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134\n CVE-2016-5135 CVE-2016-5136 CVE-2016-5137\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2016-1704\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nCVE-2016-1705\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nCVE-2016-1706\n\n Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707\n\n xisigr discovered a URL spoofing issue.\n\nCVE-2016-1708\n\n Adam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709\n\n ChenQin a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710\n\n Mariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711\n\n Mariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127\n\n cloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128\n\n A same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129\n\n Jeonghoon Shin discovered a memory corruption issue in the v8 javascript\n library.\n\nCVE-2016-5130\n\n Widih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131\n\n Nick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132\n\n Ben Kelly discovered a same-origin bypass.\n\nCVE-2016-5133\n\n Patch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134\n\n Paul Stone discovered an information leak in the Proxy Auto-Config\n feature.\n\nCVE-2016-5135\n\n ShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136\n\n Rob Wu discovered a use-after-free issue.\n\nCVE-2016-5137\n\n Xiaoyin Liu discovered a way to discover whether an HSTS web side had been\n visited.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 52.0.2743.82-1~deb8u1.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems\nhave been fixed in version 52.0.2743.82-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2016-07-31T21:48:40", "published": "2016-07-31T21:48:40", "id": "DEBIAN:DSA-3637-1:68841", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00215.html", "title": "[SECURITY] [DSA 3637-1] chromium-browser security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}