{"id": "RHSA-2018:3004", "hash": "9756f74fafeffc38265e431ed8924993", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2018:3004) Important: chromium-browser security update", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 70.0.3538.67.\n\nSecurity Fix(es):\n\n* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)\n\n* chromium-browser: Remote code execution in V8 (CVE-2018-17463)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)\n\n* chromium-browser: Use after free in V8 (CVE-2018-17465)\n\n* chromium-browser: Memory corruption in Angle (CVE-2018-17466)\n\n* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)\n\n* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)\n\n* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)\n\n* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)\n\n* chromium-browser: Use after free in Blink (CVE-2018-17474)\n\n* chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476)\n\n* chromium-browser: UI spoof in Extensions (CVE-2018-17477)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2018-10-25T00:52:49", "modified": "2018-10-25T00:57:50", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2018:3004", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "lastseen": "2019-08-13T18:47:05", "history": [{"bulletin": {"id": "RHSA-2018:3004", "hash": "6b1db27c53c848bfd41abe6b7291895f", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2018:3004) Important: chromium-browser security update", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 70.0.3538.67.\n\nSecurity Fix(es):\n\n* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)\n\n* chromium-browser: Remote code execution in V8 (CVE-2018-17463)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)\n\n* chromium-browser: Use after free in V8 (CVE-2018-17465)\n\n* chromium-browser: Memory corruption in Angle (CVE-2018-17466)\n\n* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)\n\n* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)\n\n* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)\n\n* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)\n\n* chromium-browser: Use after free in Blink (CVE-2018-17474)\n\n* chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476)\n\n* chromium-browser: UI spoof in Extensions (CVE-2018-17477)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2018-10-25T00:52:49", "modified": "2018-10-25T00:57:50", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://access.redhat.com/errata/RHSA-2018:3004", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "lastseen": "2018-10-24T22:25:01", "history": [], "viewCount": 108, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-10-24T22:25:01"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "chromium-browser", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-70.0.3538.67-1.el6_10.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "chromium-browser", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "chromium-browser-debuginfo", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "chromium-browser-debuginfo", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm", "operator": "lt"}]}, "lastseen": "2018-10-24T22:25:01", "differentElements": ["cvss"], "edition": 1}, {"bulletin": {"id": "RHSA-2018:3004", "hash": "acd4ae927d247f99350e5e7ee97d055e", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2018:3004) Important: chromium-browser security update", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 70.0.3538.67.\n\nSecurity Fix(es):\n\n* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)\n\n* chromium-browser: Remote code execution in V8 (CVE-2018-17463)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)\n\n* chromium-browser: Use after free in V8 (CVE-2018-17465)\n\n* chromium-browser: Memory corruption in Angle (CVE-2018-17466)\n\n* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)\n\n* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)\n\n* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)\n\n* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)\n\n* chromium-browser: Use after free in Blink (CVE-2018-17474)\n\n* chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476)\n\n* chromium-browser: UI spoof in Extensions (CVE-2018-17477)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2018-10-25T00:52:49", "modified": "2018-10-25T00:57:50", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2018:3004", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "lastseen": "2018-11-06T08:37:56", "history": [], "viewCount": 108, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-11-06T08:37:56"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "chromium-browser", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-70.0.3538.67-1.el6_10.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "chromium-browser", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "chromium-browser-debuginfo", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "chromium-browser-debuginfo", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm", "operator": "lt"}]}, "lastseen": "2018-11-06T08:37:56", "differentElements": ["affectedPackage"], "edition": 2}, {"bulletin": {"id": "RHSA-2018:3004", "hash": "39a6f26d449d1f01a70da6c2e275351f", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2018:3004) Important: chromium-browser security update", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 70.0.3538.67.\n\nSecurity Fix(es):\n\n* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)\n\n* chromium-browser: Remote code execution in V8 (CVE-2018-17463)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)\n\n* chromium-browser: Use after free in V8 (CVE-2018-17465)\n\n* chromium-browser: Memory corruption in Angle (CVE-2018-17466)\n\n* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)\n\n* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)\n\n* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)\n\n* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)\n\n* chromium-browser: Use after free in Blink (CVE-2018-17474)\n\n* chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476)\n\n* chromium-browser: UI spoof in Extensions (CVE-2018-17477)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2018-10-25T00:52:49", "modified": "2018-10-25T00:57:50", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2018:3004", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "lastseen": "2018-12-11T21:41:35", "history": [], "viewCount": 111, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-12-11T21:41:35"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "chromium-browser", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-70.0.3538.67-1.el6_10.i686.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T21:41:35", "differentElements": ["cvss"], "edition": 3}, {"bulletin": {"id": "RHSA-2018:3004", "hash": "a31a1c77c33f1bb41d994544be6a2747", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2018:3004) Important: chromium-browser security update", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 70.0.3538.67.\n\nSecurity Fix(es):\n\n* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)\n\n* chromium-browser: Remote code execution in V8 (CVE-2018-17463)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)\n\n* chromium-browser: Use after free in V8 (CVE-2018-17465)\n\n* chromium-browser: Memory corruption in Angle (CVE-2018-17466)\n\n* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)\n\n* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)\n\n* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)\n\n* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)\n\n* chromium-browser: Use after free in Blink (CVE-2018-17474)\n\n* chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476)\n\n* chromium-browser: UI spoof in Extensions (CVE-2018-17477)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2018-10-25T00:52:49", "modified": "2018-10-25T00:57:50", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2018:3004", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "lastseen": "2018-12-19T09:56:16", "history": [], "viewCount": 111, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-12-19T09:56:16"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310875299", "OPENVAS:1361412562310876138", "OPENVAS:1361412562310851948", "OPENVAS:1361412562310814096", "OPENVAS:1361412562310704330", "OPENVAS:1361412562310814094", "OPENVAS:1361412562310814095", "OPENVAS:1361412562310851995", "OPENVAS:1361412562310704284", "OPENVAS:1361412562310875139"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2018-3004.NASL", "FEDORA_2018-34F7F68029.NASL", "FEDORA_2018-FD194A1F14.NASL", "OPENSUSE-2018-1253.NASL", "MACOSX_GOOGLE_CHROME_70_0_3538_67.NASL", "OPENSUSE-2018-1208.NASL", "DEBIAN_DSA-4330.NASL", "GOOGLE_CHROME_70_0_3538_67.NASL", "GENTOO_GLSA-201811-10.NASL", "SUSE_SU-2018-3498-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3273-1", "OPENSUSE-SU-2018:3396-1", "OPENSUSE-SU-2018:3835-1", "OPENSUSE-SU-2018:3529-1", "OPENSUSE-SU-2018:4112-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4330-1:C6D67", "DEBIAN:DSA-4284-1:5963D", "DEBIAN:DLA-1496-1:2F059", "DEBIAN:DSA-4354-1:2E2F6", "DEBIAN:DLA-1605-1:758B9"]}, {"type": "kaspersky", "idList": ["KLA11338", "KLA11406"]}, {"type": "threatpost", "idList": ["THREATPOST:2EA02E029D18D4A6E2F53BF8057CCD57"]}, {"type": "cve", "idList": ["CVE-2018-17470", "CVE-2018-17475", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17468", "CVE-2018-17473", "CVE-2018-17471", "CVE-2018-17467", "CVE-2018-16435", "CVE-2018-17476"]}, {"type": "gentoo", "idList": ["GLSA-201811-10"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:AFE5A77EBE4E39A2F02201C20DDD401B"]}, {"type": "ubuntu", "idList": ["USN-3770-1", "USN-3770-2"]}, {"type": "centos", "idList": ["CESA-2018:3833", "CESA-2018:3831", "CESA-2019:0160"]}, {"type": "redhat", "idList": ["RHSA-2018:3833", "RHSA-2019:0160", "RHSA-2018:3831"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3833", "ELSA-2019-0159", "ELSA-2018-3831", "ELSA-2019-0160"]}, {"type": "slackware", "idList": ["SSA-2018-345-01"]}], "modified": "2018-12-19T09:56:16"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "chromium-browser", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-70.0.3538.67-1.el6_10.i686.rpm", "operator": "lt"}]}, "lastseen": "2018-12-19T09:56:16", "differentElements": ["cvss"], "edition": 4}, {"bulletin": {"id": "RHSA-2018:3004", "hash": "df61d01b3be15605e6683e658af1ad01", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2018:3004) Important: chromium-browser security update", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 70.0.3538.67.\n\nSecurity Fix(es):\n\n* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)\n\n* chromium-browser: Remote code execution in V8 (CVE-2018-17463)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)\n\n* chromium-browser: Use after free in V8 (CVE-2018-17465)\n\n* chromium-browser: Memory corruption in Angle (CVE-2018-17466)\n\n* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)\n\n* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)\n\n* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)\n\n* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)\n\n* chromium-browser: Use after free in Blink (CVE-2018-17474)\n\n* chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476)\n\n* chromium-browser: UI spoof in Extensions (CVE-2018-17477)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2018-10-25T00:52:49", "modified": "2018-10-25T00:57:50", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2018:3004", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "lastseen": "2019-05-29T14:33:39", "history": [], "viewCount": 111, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2019-05-29T14:33:39"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310876138", "OPENVAS:1361412562310875299", "OPENVAS:1361412562310851995", "OPENVAS:1361412562310704330", "OPENVAS:1361412562310814094", "OPENVAS:1361412562310814095", "OPENVAS:1361412562310851948", "OPENVAS:1361412562310814096", "OPENVAS:1361412562310704284", "OPENVAS:1361412562310875106"]}, {"type": "nessus", "idList": ["FEDORA_2018-FD194A1F14.NASL", "FEDORA_2018-34F7F68029.NASL", "REDHAT-RHSA-2018-3004.NASL", "DEBIAN_DSA-4330.NASL", "OPENSUSE-2018-1208.NASL", "GOOGLE_CHROME_70_0_3538_67.NASL", "MACOSX_GOOGLE_CHROME_70_0_3538_67.NASL", "OPENSUSE-2018-1253.NASL", "GENTOO_GLSA-201811-10.NASL", "SUSE_SU-2018-3498-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3835-1", "OPENSUSE-SU-2018:3396-1", "OPENSUSE-SU-2018:3273-1", "OPENSUSE-SU-2018:3529-1", "OPENSUSE-SU-2018:4112-1"]}, {"type": "kaspersky", "idList": ["KLA11338", "KLA11406"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4330-1:C6D67", "DEBIAN:DSA-4284-1:5963D", "DEBIAN:DLA-1496-1:2F059", "DEBIAN:DSA-4354-1:2E2F6", "DEBIAN:DLA-1605-1:758B9"]}, {"type": "threatpost", "idList": ["THREATPOST:2EA02E029D18D4A6E2F53BF8057CCD57"]}, {"type": "cve", "idList": ["CVE-2018-17470", "CVE-2018-17475", "CVE-2018-17463", "CVE-2018-17473", "CVE-2018-17471", "CVE-2018-17476", "CVE-2018-17464", "CVE-2018-17467", "CVE-2018-17477", "CVE-2018-17474"]}, {"type": "gentoo", "idList": ["GLSA-201811-10"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:AFE5A77EBE4E39A2F02201C20DDD401B"]}, {"type": "ubuntu", "idList": ["USN-3770-1", "USN-3770-2"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3833", "ELSA-2019-0159", "ELSA-2018-3831", "ELSA-2019-0160"]}, {"type": "redhat", "idList": ["RHSA-2019:0160", "RHSA-2018:3833", "RHSA-2018:3831", "RHSA-2019:0159"]}, {"type": "centos", "idList": ["CESA-2018:3833", "CESA-2018:3831"]}, {"type": "slackware", "idList": ["SSA-2018-345-01"]}], "modified": "2019-05-29T14:33:39"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "chromium-browser", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-70.0.3538.67-1.el6_10.i686.rpm", "operator": "lt"}]}, "lastseen": "2019-05-29T14:33:39", "differentElements": ["affectedPackage"], "edition": 5}], "viewCount": 115, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2019-08-13T18:47:05"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310876138", "OPENVAS:1361412562310875299", "OPENVAS:1361412562310814095", "OPENVAS:1361412562310814094", "OPENVAS:1361412562310704330", "OPENVAS:1361412562310851995", "OPENVAS:1361412562310851948", "OPENVAS:1361412562310814096", "OPENVAS:1361412562310704284", "OPENVAS:1361412562310875139"]}, {"type": "nessus", "idList": ["FEDORA_2018-FD194A1F14.NASL", "FEDORA_2018-34F7F68029.NASL", "REDHAT-RHSA-2018-3004.NASL", "MACOSX_GOOGLE_CHROME_70_0_3538_67.NASL", "OPENSUSE-2018-1253.NASL", "OPENSUSE-2018-1208.NASL", "DEBIAN_DSA-4330.NASL", "GOOGLE_CHROME_70_0_3538_67.NASL", "OPENSUSE-2019-712.NASL", "GENTOO_GLSA-201811-10.NASL"]}, {"type": "kaspersky", "idList": ["KLA11338"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3396-1", "OPENSUSE-SU-2018:3835-1", "OPENSUSE-SU-2018:3273-1", "OPENSUSE-SU-2018:3529-1", "OPENSUSE-SU-2018:4112-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4330-1:C6D67", "DEBIAN:DSA-4284-1:5963D", "DEBIAN:DLA-1496-1:2F059", "DEBIAN:DSA-4354-1:2E2F6"]}, {"type": "threatpost", "idList": ["THREATPOST:2EA02E029D18D4A6E2F53BF8057CCD57"]}, {"type": "cve", "idList": ["CVE-2018-17464", "CVE-2018-17468", "CVE-2018-17475", "CVE-2018-17470", "CVE-2018-17463", "CVE-2018-17473", "CVE-2018-17471", "CVE-2018-17469", "CVE-2018-17477", "CVE-2018-17467"]}, {"type": "gentoo", "idList": ["GLSA-201811-10"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:AFE5A77EBE4E39A2F02201C20DDD401B"]}, {"type": "ubuntu", "idList": ["USN-3770-1", "USN-3770-2"]}, {"type": "myhack58", "idList": ["MYHACK58:62201996030"]}, {"type": "centos", "idList": ["CESA-2018:3833", "CESA-2018:3831", "CESA-2019:0159", "CESA-2019:0160"]}, {"type": "redhat", "idList": ["RHSA-2019:0160", "RHSA-2018:3833", "RHSA-2019:0159"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3833", "ELSA-2018-3831", "ELSA-2019-0160"]}], "modified": "2019-08-13T18:47:05"}, "vulnersScore": 7.0}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "chromium-browser", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-70.0.3538.67-1.el6_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "chromium-browser-debuginfo", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-debuginfo-70.0.3538.67-1.el6_10.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "chromium-browser-debuginfo", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-debuginfo-70.0.3538.67-1.el6_10.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "chromium-browser", "packageVersion": "70.0.3538.67-1.el6_10", "packageFilename": "chromium-browser-70.0.3538.67-1.el6_10.i686.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}

{"openvas": [{"lastseen": "2019-07-19T21:52:37", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2018-10-17T00:00:00", "id": "OPENVAS:1361412562310814095", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814095", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Linux", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814095\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17476\", \"CVE-2018-17475\",\n \"CVE-2018-17474\", \"CVE-2018-17473\", \"CVE-2018-17462\", \"CVE-2018-17471\",\n \"CVE-2018-17470\", \"CVE-2018-17469\", \"CVE-2018-17468\", \"CVE-2018-17467\",\n \"CVE-2018-17466\", \"CVE-2018-17465\", \"CVE-2018-17464\", \"CVE-2018-17463\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 11:15:02 +0530 (Wed, 17 Oct 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Sandbox escape in AppCache.\n\n - An input validation error in V8.\n\n - Heap buffer overflow error in Little CMS in PDFium.\n\n - Multiple URL and UI spoofing errors in Omnibox and Extensions.\n\n - Multiple memory corruption errors in Angle and GPU Internals.\n\n - Multiple use after free errors in V8 and Blink.\n\n - Lack of limits on 'update' function in ServiceWorker.\n\n - Security UI occlusion in full screen mode.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attackers\n to bypass security restrictions, execute arbitrary code, conduct spoofing attack\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 70.0.3538.67 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 70.0.3538.67\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"70.0.3538.67\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"70.0.3538.67\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T21:53:47", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2018-10-17T00:00:00", "id": "OPENVAS:1361412562310814094", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814094", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Windows", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814094\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17476\", \"CVE-2018-17475\",\n \"CVE-2018-17474\", \"CVE-2018-17473\", \"CVE-2018-17462\", \"CVE-2018-17471\",\n \"CVE-2018-17470\", \"CVE-2018-17469\", \"CVE-2018-17468\", \"CVE-2018-17467\",\n \"CVE-2018-17466\", \"CVE-2018-17465\", \"CVE-2018-17464\", \"CVE-2018-17463\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 10:35:08 +0530 (Wed, 17 Oct 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Sandbox escape in AppCache.\n\n - An input validation error in V8.\n\n - Heap buffer overflow error in Little CMS in PDFium.\n\n - Multiple URL and UI spoofing errors in Omnibox and Extensions.\n\n - Multiple memory corruption errors in Angle and GPU Internals.\n\n - Multiple use after free errors in V8 and Blink.\n\n - Lack of limits on 'update' function in ServiceWorker.\n\n - Security UI occlusion in full screen mode.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attackers\n to bypass security restrictions, execute arbitrary code, conduct spoofing attack\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 70.0.3538.67 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 70.0.3538.67\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"70.0.3538.67\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"70.0.3538.67\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:55:37", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-5179\nYannic Boneberger discovered an error in the ServiceWorker implementation.\n\nCVE-2018-17462\nNed Williamson and Niklas Baumstark discovered a way to escape the sandbox.\n\nCVE-2018-17463\nNed Williamson and Niklas Baumstark discovered a remote code execution\nissue in the v8 javascript library.\n\nCVE-2018-17464\nxisigr discovered a URL spoofing issue.\n\nCVE-2018-17465\nLin Zuojian discovered a use-after-free issue in the v8 javascript\nlibrary.\n\nCVE-2018-17466\nOmair discovered a memory corruption issue in the angle library.\n\nCVE-2018-17467\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17468\nJams Lee discovered an information disclosure issue.\n\nCVE-2018-17469\nZhen Zhou discovered a buffer overflow issue in the pdfium library.\n\nCVE-2018-17470\nZhe Jin discovered a memory corruption issue in the GPU backend\nimplementation.\n\nCVE-2018-17471\nLnyas Zhang discovered an issue with the full screen user interface.\n\nCVE-2018-17473\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17474\nZhe Jin discovered a use-after-free issue.\n\nCVE-2018-17475\nVladimir Metnew discovered a URL spoofing issue.\n\nCVE-2018-17476\nKhalil Zhani discovered an issue with the full screen user interface.\n\nCVE-2018-17477\nAaron Muir Hamilton discovered a user interface spoofing issue in the\nextensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library included\nwith chromium.", "modified": "2019-07-04T00:00:00", "published": "2018-11-02T00:00:00", "id": "OPENVAS:1361412562310704330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704330", "title": "Debian Security Advisory DSA 4330-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4330-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704330\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\",\n \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\",\n \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\",\n \"CVE-2018-5179\");\n script_name(\"Debian Security Advisory DSA 4330-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-02 00:00:00 +0100 (Fri, 02 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4330.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 70.0.3538.67-1~deb9u1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/chromium-browser\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-5179\nYannic Boneberger discovered an error in the ServiceWorker implementation.\n\nCVE-2018-17462\nNed Williamson and Niklas Baumstark discovered a way to escape the sandbox.\n\nCVE-2018-17463\nNed Williamson and Niklas Baumstark discovered a remote code execution\nissue in the v8 javascript library.\n\nCVE-2018-17464\nxisigr discovered a URL spoofing issue.\n\nCVE-2018-17465\nLin Zuojian discovered a use-after-free issue in the v8 javascript\nlibrary.\n\nCVE-2018-17466\nOmair discovered a memory corruption issue in the angle library.\n\nCVE-2018-17467\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17468\nJams Lee discovered an information disclosure issue.\n\nCVE-2018-17469\nZhen Zhou discovered a buffer overflow issue in the pdfium library.\n\nCVE-2018-17470\nZhe Jin discovered a memory corruption issue in the GPU backend\nimplementation.\n\nCVE-2018-17471\nLnyas Zhang discovered an issue with the full screen user interface.\n\nCVE-2018-17473\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17474\nZhe Jin discovered a use-after-free issue.\n\nCVE-2018-17475\nVladimir Metnew discovered a URL spoofing issue.\n\nCVE-2018-17476\nKhalil Zhani discovered an issue with the full screen user interface.\n\nCVE-2018-17477\nAaron Muir Hamilton discovered a user interface spoofing issue in the\nextensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library included\nwith chromium.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"chromedriver\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-driver\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-shell\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-widevine\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:52:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-07-02T00:00:00", "published": "2018-12-04T00:00:00", "id": "OPENVAS:1361412562310875299", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875299", "title": "Fedora Update for chromium FEDORA-2018-fd194a1f14", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for chromium FEDORA-2018-fd194a1f14\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875299\");\n script_version(\"2019-07-02T10:26:41+0000\");\n script_cve_id(\"CVE-2018-17478\", \"CVE-2018-17479\", \"CVE-2018-16435\", \"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17472\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-02 10:26:41 +0000 (Tue, 02 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 08:19:58 +0100 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for chromium FEDORA-2018-fd194a1f14\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-fd194a1f14\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGYVJ7TOEEFWMXPEHXQHYSD6LDOEY736\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the FEDORA-2018-fd194a1f14 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"chromium on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~70.0.3538.110~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310876138", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876138", "title": "Fedora Update for chromium FEDORA-2018-34f7f68029", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876138\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-16435\", \"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17472\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:36:12 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for chromium FEDORA-2018-34f7f68029\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2018-34f7f68029\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KYL6GLSQ3DFIIUGOB2ARZJOC7JED6YW\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the FEDORA-2018-34f7f68029 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium is an open-source web browser, powered by WebKit (Blink).\");\n\n script_tag(name:\"affected\", value:\"'chromium' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~70.0.3538.77~4.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-05-03T00:00:00", "published": "2018-10-25T00:00:00", "id": "OPENVAS:1361412562310851948", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851948", "title": "SuSE Update for Chromium openSUSE-SU-2018:3396-1 (Chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for Chromium openSUSE-SU-2018:3396-1 (Chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851948\");\n script_version(\"2019-05-03T10:20:18+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 10:20:18 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-25 06:00:36 +0200 (Thu, 25 Oct 2018)\");\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Chromium openSUSE-SU-2018:3396-1 (Chromium)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\n Security issues fixed (bsc#1112111):\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen mode\n\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\n VAAPI hardware accelerated rendering is now enabled by default.\n\n This update contains the following packaging changes:\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1253=1\");\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 42.3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3396_1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00062.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~70.0.3538.67~179.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T21:52:56", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2018-10-17T00:00:00", "id": "OPENVAS:1361412562310814096", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814096", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Mac OS X", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Mac OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814096\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17476\", \"CVE-2018-17475\",\n \"CVE-2018-17474\", \"CVE-2018-17473\", \"CVE-2018-17462\", \"CVE-2018-17471\",\n \"CVE-2018-17470\", \"CVE-2018-17469\", \"CVE-2018-17468\", \"CVE-2018-17467\",\n \"CVE-2018-17466\", \"CVE-2018-17465\", \"CVE-2018-17464\", \"CVE-2018-17463\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 11:15:41 +0530 (Wed, 17 Oct 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Mac OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Sandbox escape in AppCache.\n\n - An input validation error in V8.\n\n - Heap buffer overflow error in Little CMS in PDFium.\n\n - Multiple URL and UI spoofing errors in Omnibox and Extensions.\n\n - Multiple memory corruption errors in Angle and GPU Internals.\n\n - Multiple use after free errors in V8 and Blink.\n\n - Lack of limits on 'update' function in ServiceWorker.\n\n - Security UI occlusion in full screen mode.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attackers\n to bypass security restrictions, execute arbitrary code, conduct spoofing attack\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 70.0.3538.67 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 70.0.3538.67\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"70.0.3538.67\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"70.0.3538.67\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:40", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-05-03T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310851995", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851995", "title": "SuSE Update for Chromium openSUSE-SU-2018:3273-1 (Chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for Chromium openSUSE-SU-2018:3273-1 (Chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851995\");\n script_version(\"2019-05-03T10:20:18+0000\");\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 10:20:18 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:30:34 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"SuSE Update for Chromium openSUSE-SU-2018:3273-1 (Chromium)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3273_1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the openSUSE-SU-2018:3273_1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\n Security issues fixed (bsc#1112111):\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen mode\n\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\n VAAPI hardware accelerated rendering is now enabled by default.\n\n This update contains the following packaging changes:\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1208=1\n\n - openSUSE Backports SLE-15:\n\n zypper in -t patch openSUSE-2018-1208=1\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"openSUSELeap15.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~70.0.3538.67~lp150.2.20.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:07", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-10-05T00:00:00", "id": "OPENVAS:1361412562310875139", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875139", "title": "Fedora Update for lcms2 FEDORA-2018-3e9f26489b", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_3e9f26489b_lcms2_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for lcms2 FEDORA-2018-3e9f26489b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875139\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-05 08:39:51 +0200 (Fri, 05 Oct 2018)\");\n script_cve_id(\"CVE-2018-16435\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for lcms2 FEDORA-2018-3e9f26489b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lcms2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"lcms2 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-3e9f26489b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM6HH7URNVX5H4FWGH3OHYVTXLUXMS2N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"lcms2\", rpm:\"lcms2~2.8~6.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:44", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2018-10-28T00:00:00", "id": "OPENVAS:1361412562310852105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852105", "title": "SuSE Update for lcms2 openSUSE-SU-2018:3529-1 (lcms2)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2018_3529_1.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# SuSE Update for lcms2 openSUSE-SU-2018:3529-1 (lcms2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852105\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2018-16435\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-28 06:04:16 +0100 (Sun, 28 Oct 2018)\");\n script_name(\"SuSE Update for lcms2 openSUSE-SU-2018:3529-1 (lcms2)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3529_1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00081.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lcms2'\n package(s) announced via the openSUSE-SU-2018:3529_1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for lcms2 fixes the following issues:\n\n - CVE-2018-16435: Heap-based buffer overflow via a crafted file in the\n second argument to cmsIT8LoadFromFile (bsc#1108813)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1327=1\");\n\n script_tag(name:\"affected\", value:\"lcms2 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"openSUSELeap15.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"lcms2\", rpm:\"lcms2~2.9~lp150.2.3.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lcms2-debuginfo\", rpm:\"lcms2-debuginfo~2.9~lp150.2.3.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lcms2-debugsource\", rpm:\"lcms2-debugsource~2.9~lp150.2.3.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblcms2-2\", rpm:\"liblcms2-2~2.9~lp150.2.3.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblcms2-2-debuginfo\", rpm:\"liblcms2-2-debuginfo~2.9~lp150.2.3.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblcms2-devel\", rpm:\"liblcms2-devel~2.9~lp150.2.3.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblcms2-doc\", rpm:\"liblcms2-doc~2.9~lp150.2.3.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblcms2-2-32bit\", rpm:\"liblcms2-2-32bit~2.9~lp150.2.3.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblcms2-2-32bit-debuginfo\", rpm:\"liblcms2-2-32bit-debuginfo~2.9~lp150.2.3.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblcms2-devel-32bit\", rpm:\"liblcms2-devel-32bit~2.9~lp150.2.3.1\", rls:\"openSUSELeap15.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "kaspersky": [{"lastseen": "2019-03-21T00:14:41", "bulletinFamily": "info", "description": "### *Detect date*:\n10/16/2018\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service and obtain sensitive information.\n\n### *Affected products*:\nGoogle Chrome earlier than 70.0.3538.67\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Google Chrome download page](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2018-17462](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17462>)6.5High \n[CVE-2018-17463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17463>)8.8High \n[CVE-2018-17464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17464>)4.3High \n[CVE-2018-17465](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17465>)8.8High \n[CVE-2018-17466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466>)0.0High \n[CVE-2018-17467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17467>)4.3High \n[CVE-2018-17468](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17468>)6.5High \n[CVE-2018-17469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17469>)8.8High \n[CVE-2018-17470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17470>)0.0High \n[CVE-2018-17471](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17471>)4.3High \n[CVE-2018-17472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17472>)9.6High \n[CVE-2018-17473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17473>)4.3High \n[CVE-2018-17474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17474>)8.8High \n[CVE-2018-17475](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17475>)4.3High \n[CVE-2018-17476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17476>)4.3High \n[CVE-2018-5179](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5179>)0.0High \n[CVE-2018-17477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17477>)4.3High", "modified": "2019-03-07T00:00:00", "published": "2018-10-16T00:00:00", "id": "KLA11338", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11338", "title": "\r KLA11338Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2018-10-24T22:31:11", "bulletinFamily": "unix", "description": "This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\n Security issues fixed (bsc#1112111):\n\n - CVE-2018-17462: Sandbox escape in AppCache\n - CVE-2018-17463: Remote code execution in V8\n - Heap buffer overflow in Little CMS in PDFium\n - CVE-2018-17464: URL spoof in Omnibox\n - CVE-2018-17465: Use after free in V8\n - CVE-2018-17466: Memory corruption in Angle\n - CVE-2018-17467: URL spoof in Omnibox\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n - CVE-2018-17469: Heap buffer overflow in PDFium\n - CVE-2018-17470: Memory corruption in GPU Internals\n - CVE-2018-17471: Security UI occlusion in full screen mode\n - CVE-2018-17473: URL spoof in Omnibox\n - CVE-2018-17474: Use after free in Blink\n - CVE-2018-17475: URL spoof in Omnibox\n - CVE-2018-17476: Security UI occlusion in full screen mode\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n - CVE-2018-17477: UI spoof in Extensions\n\n VAAPI hardware accelerated rendering is now enabled by default.\n\n This update contains the following packaging changes:\n\n - Use the system libusb-1.0 library\n - Use bundled harfbuzz library\n - Disable gnome-keyring to avoid crashes\n\n", "modified": "2018-10-24T21:09:13", "published": "2018-10-24T21:09:13", "id": "OPENSUSE-SU-2018:3396-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00062.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-10-22T16:31:01", "bulletinFamily": "unix", "description": "This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\n Security issues fixed (bsc#1112111):\n\n - CVE-2018-17462: Sandbox escape in AppCache\n - CVE-2018-17463: Remote code execution in V8\n - Heap buffer overflow in Little CMS in PDFium\n - CVE-2018-17464: URL spoof in Omnibox\n - CVE-2018-17465: Use after free in V8\n - CVE-2018-17466: Memory corruption in Angle\n - CVE-2018-17467: URL spoof in Omnibox\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n - CVE-2018-17469: Heap buffer overflow in PDFium\n - CVE-2018-17470: Memory corruption in GPU Internals\n - CVE-2018-17471: Security UI occlusion in full screen mode\n - CVE-2018-17473: URL spoof in Omnibox\n - CVE-2018-17474: Use after free in Blink\n - CVE-2018-17475: URL spoof in Omnibox\n - CVE-2018-17476: Security UI occlusion in full screen mode\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n - CVE-2018-17477: UI spoof in Extensions\n\n VAAPI hardware accelerated rendering is now enabled by default.\n\n This update contains the following packaging changes:\n\n - Use the system libusb-1.0 library\n - Use bundled harfbuzz library\n - Disable gnome-keyring to avoid crashes\n\n", "modified": "2018-10-22T15:16:54", "published": "2018-10-22T15:16:54", "id": "OPENSUSE-SU-2018:3273-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00044.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-11-21T03:16:50", "bulletinFamily": "unix", "description": "This update contains Chromium 70.0.3538.102 and fixes security issues and\n bugs.\n\n Vulnerabilities fixed in 70.0.3538.102:\n\n - CVE-2018-17478: Out of bounds memory access in V8 (boo#1115537)\n\n Vulnerabilities fixed in 70.0.3538.67 (bsc#1112111):\n\n - CVE-2018-17462: Sandbox escape in AppCache\n - CVE-2018-17463: Remote code execution in V8\n - Heap buffer overflow in Little CMS in PDFium\n - CVE-2018-17464: URL spoof in Omnibox\n - CVE-2018-17465: Use after free in V8\n - CVE-2018-17466: Memory corruption in Angle\n - CVE-2018-17467: URL spoof in Omnibox\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n - CVE-2018-17469: Heap buffer overflow in PDFium\n - CVE-2018-17470: Memory corruption in GPU Internals\n - CVE-2018-17471: Security UI occlusion in full screen mode\n - CVE-2018-17473: URL spoof in Omnibox\n - CVE-2018-17474: Use after free in Blink\n - CVE-2018-17475: URL spoof in Omnibox\n - CVE-2018-17476: Security UI occlusion in full screen mode\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n - CVE-2018-17477: UI spoof in Extensions\n\n This update contains the following packaging changes:\n\n - VAAPI hardware accelerated rendering is now enabled by default.\n - Use the system libusb-1.0 library\n - Use bundled harfbuzz library\n - Disable gnome-keyring to avoid crashes\n - noto-emoji-fonts is no longer a recommended dependency\n\n", "modified": "2018-11-21T00:11:39", "published": "2018-11-21T00:11:39", "id": "OPENSUSE-SU-2018:3835-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00035.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-10-27T14:31:32", "bulletinFamily": "unix", "description": "This update for lcms2 fixes the following issues:\n\n - CVE-2018-16435: Heap-based buffer overflow via a crafted file in the\n second argument to cmsIT8LoadFromFile (bsc#1108813)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "modified": "2018-10-27T12:08:37", "published": "2018-10-27T12:08:37", "id": "OPENSUSE-SU-2018:3529-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00081.html", "title": "Security update for lcms2 (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-13T15:37:03", "bulletinFamily": "unix", "description": "This update to Mozilla Firefox 60.4.0 ESR fixes security issues and bugs.\n\n Security issues fixed as part of the MFSA 2018-30 advisory (boo#1119105):\n\n - CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library\n with TextureStorage11\n - CVE-2018-18492: Use-after-free with select element\n - CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia\n - CVE-2018-18494: Same-origin policy violation using location attribute\n and performance.getEntries to steal cross-origin URLs\n - CVE-2018-18498: Integer overflow when calculating buffer sizes for images\n - CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR\n 60.4\n\n The following changes are included:\n\n - now requires NSS &gt;= 3.36.6\n - Updated list of currency codes to include Unidad Previsional (UYW)\n\n", "modified": "2018-12-13T12:09:13", "published": "2018-12-13T12:09:13", "id": "OPENSUSE-SU-2018:4112-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00029.html", "title": "Security update for Mozilla Firefox (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2020-01-01T00:31:12", "bulletinFamily": "scanner", "description": "This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\nVAAPI hardware accelerated rendering is now enabled by default. This\nupdate contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes", "modified": "2020-01-02T00:00:00", "id": "OPENSUSE-2018-1253.NASL", "href": "https://www.tenable.com/plugins/nessus/118386", "published": "2018-10-25T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2018-1253)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1253.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118386);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/20 11:08:46\");\n\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2018-1253)\");\n script_summary(english:\"Check for the openSUSE-2018-1253 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\nVAAPI hardware accelerated rendering is now enabled by default. This\nupdate contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112111\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-debuginfo-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debuginfo-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debugsource-70.0.3538.67-179.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T00:10:05", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote macOS host is\nprior to 70.0.3538.67. It is, therefore, affected by multiple\nvulnerabilities as noted in Google Chrome stable channel update\nrelease notes for 2018/10/16. Please refer to the release notes for\nadditional information. Note that Nessus has not attempted to exploit\nthese issues but has instead relied only on the application", "modified": "2020-01-02T00:00:00", "id": "MACOSX_GOOGLE_CHROME_70_0_3538_67.NASL", "href": "https://www.tenable.com/plugins/nessus/118152", "published": "2018-10-16T00:00:00", "title": "Google Chrome < 70.0.3538.67 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118152);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-5179\",\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\"\n );\n\n script_name(english:\"Google Chrome < 70.0.3538.67 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by\nmultiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is\nprior to 70.0.3538.67. It is, therefore, affected by multiple\nvulnerabilities as noted in Google Chrome stable channel update\nrelease notes for 2018/10/16. Please refer to the release notes for\nadditional information. Note that Nessus has not attempted to exploit\nthese issues but has instead relied only on the application's self-\nreported version number.\");\n # https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c8f5c86\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 70.0.3538.67 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'70.0.3538.67', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T01:24:06", "bulletinFamily": "scanner", "description": "An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 70.0.3538.67.\n\nSecurity Fix(es) :\n\n* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)\n\n* chromium-browser: Remote code execution in V8 (CVE-2018-17463)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)\n\n* chromium-browser: Use after free in V8 (CVE-2018-17465)\n\n* chromium-browser: Memory corruption in Angle (CVE-2018-17466)\n\n* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading\nto heap-based buffer overflow (CVE-2018-16435)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)\n\n* chromium-browser: Cross-origin URL disclosure in Blink\n(CVE-2018-17468)\n\n* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)\n\n* chromium-browser: Memory corruption in GPU Internals\n(CVE-2018-17470)\n\n* chromium-browser: Security UI occlusion in full screen mode\n(CVE-2018-17471)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)\n\n* chromium-browser: Use after free in Blink (CVE-2018-17474)\n\n* chromium-browser: Lack of limits on update() in ServiceWorker\n(CVE-2018-5179)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)\n\n* chromium-browser: Security UI occlusion in full screen mode\n(CVE-2018-17476)\n\n* chromium-browser: UI spoof in Extensions (CVE-2018-17477)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.", "modified": "2020-01-02T00:00:00", "id": "REDHAT-RHSA-2018-3004.NASL", "href": "https://www.tenable.com/plugins/nessus/118373", "published": "2018-10-25T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2018:3004)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3004. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118373);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2018-16435\", \"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_xref(name:\"RHSA\", value:\"2018:3004\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2018:3004)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 70.0.3538.67.\n\nSecurity Fix(es) :\n\n* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)\n\n* chromium-browser: Remote code execution in V8 (CVE-2018-17463)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)\n\n* chromium-browser: Use after free in V8 (CVE-2018-17465)\n\n* chromium-browser: Memory corruption in Angle (CVE-2018-17466)\n\n* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading\nto heap-based buffer overflow (CVE-2018-16435)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)\n\n* chromium-browser: Cross-origin URL disclosure in Blink\n(CVE-2018-17468)\n\n* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)\n\n* chromium-browser: Memory corruption in GPU Internals\n(CVE-2018-17470)\n\n* chromium-browser: Security UI occlusion in full screen mode\n(CVE-2018-17471)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)\n\n* chromium-browser: Use after free in Blink (CVE-2018-17474)\n\n* chromium-browser: Lack of limits on update() in ServiceWorker\n(CVE-2018-5179)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)\n\n* chromium-browser: Security UI occlusion in full screen mode\n(CVE-2018-17476)\n\n* chromium-browser: UI spoof in Extensions (CVE-2018-17477)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:3004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-17477\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:3004\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-70.0.3538.67-1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-70.0.3538.67-1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-70.0.3538.67-1.el6_10\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-70.0.3538.67-1.el6_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T07:16:24", "bulletinFamily": "scanner", "description": "Update to chromium 70.0.3538.77. Fixes CVE-2018-16435 CVE-2018-17462\nCVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466\nCVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470\nCVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475\nCVE-2018-17476 CVE-2018-5179 CVE-2018-17477\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2020-01-02T00:00:00", "id": "FEDORA_2018-34F7F68029.NASL", "href": "https://www.tenable.com/plugins/nessus/120342", "published": "2019-01-03T00:00:00", "title": "Fedora 29 : chromium (2018-34f7f68029)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-34f7f68029.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120342);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/25 17:12:11\");\n\n script_cve_id(\"CVE-2018-16435\", \"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_xref(name:\"FEDORA\", value:\"2018-34f7f68029\");\n\n script_name(english:\"Fedora 29 : chromium (2018-34f7f68029)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to chromium 70.0.3538.77. Fixes CVE-2018-16435 CVE-2018-17462\nCVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466\nCVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470\nCVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475\nCVE-2018-17476 CVE-2018-5179 CVE-2018-17477\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-34f7f68029\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"chromium-70.0.3538.77-4.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T07:24:49", "bulletinFamily": "scanner", "description": "Security fix for CVE-2018-17478 CVE-2018-17479. Update to\n70.0.3538.110.\n\n----\n\nUpdate to chromium 70.0.3538.77. Fixes CVE-2018-16435 CVE-2018-17462\nCVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466\nCVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470\nCVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475\nCVE-2018-17476 CVE-2018-5179 CVE-2018-17477\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2020-01-02T00:00:00", "id": "FEDORA_2018-FD194A1F14.NASL", "href": "https://www.tenable.com/plugins/nessus/120933", "published": "2019-01-03T00:00:00", "title": "Fedora 28 : chromium (2018-fd194a1f14)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-fd194a1f14.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120933);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/23 11:21:09\");\n\n script_cve_id(\"CVE-2018-16435\", \"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-17478\", \"CVE-2018-17479\", \"CVE-2018-5179\");\n script_xref(name:\"FEDORA\", value:\"2018-fd194a1f14\");\n\n script_name(english:\"Fedora 28 : chromium (2018-fd194a1f14)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-17478 CVE-2018-17479. Update to\n70.0.3538.110.\n\n----\n\nUpdate to chromium 70.0.3538.77. Fixes CVE-2018-16435 CVE-2018-17462\nCVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466\nCVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470\nCVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475\nCVE-2018-17476 CVE-2018-5179 CVE-2018-17477\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fd194a1f14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"chromium-70.0.3538.110-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T00:58:16", "bulletinFamily": "scanner", "description": "This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware\n accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes", "modified": "2020-01-02T00:00:00", "id": "OPENSUSE-2019-712.NASL", "href": "https://www.tenable.com/plugins/nessus/123310", "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2019-712)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-712.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123310);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/03/27 11:14:30\");\n\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2019-712)\");\n script_summary(english:\"Check for the openSUSE-2019-712 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware\n accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112111\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-debuginfo-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debuginfo-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debugsource-70.0.3538.67-lp150.2.20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T00:31:07", "bulletinFamily": "scanner", "description": "This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware\n accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes", "modified": "2020-01-02T00:00:00", "id": "OPENSUSE-2018-1208.NASL", "href": "https://www.tenable.com/plugins/nessus/118317", "published": "2018-10-23T00:00:00", "title": "openSUSE Security Update : Chromium (openSUSE-2018-1208)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1208.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118317);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/20 11:08:46\");\n\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2018-1208)\");\n script_summary(english:\"Check for the openSUSE-2018-1208 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware\n accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112111\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-debuginfo-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debuginfo-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debugsource-70.0.3538.67-lp150.2.20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T06:58:22", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2018-5179\n Yannic Boneberger discovered an error in the\n ServiceWorker implementation.\n\n - CVE-2018-17462\n Ned Williamson and Niklas Baumstark discovered a way to\n escape the sandbox.\n\n - CVE-2018-17463\n Ned Williamson and Niklas Baumstark discovered a remote\n code execution issue in the v8 JavaScript library.\n\n - CVE-2018-17464\n xisigr discovered a URL spoofing issue.\n\n - CVE-2018-17465\n Lin Zuojian discovered a use-after-free issue in the v8\n JavaScript library.\n\n - CVE-2018-17466\n Omair discovered a memory corruption issue in the angle\n library.\n\n - CVE-2018-17467\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-17468\n Jams Lee discovered an information disclosure issue.\n\n - CVE-2018-17469\n Zhen Zhou discovered a buffer overflow issue in the\n pdfium library.\n\n - CVE-2018-17470\n Zhe Jin discovered a memory corruption issue in the GPU\n backend implementation.\n\n - CVE-2018-17471\n Lnyas Zhang discovered an issue with the full screen\n user interface.\n\n - CVE-2018-17473\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-17474\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2018-17475\n Vladimir Metnew discovered a URL spoofing issue.\n\n - CVE-2018-17476\n Khalil Zhani discovered an issue with the full screen\n user interface.\n\n - CVE-2018-17477\n Aaron Muir Hamilton discovered a user interface spoofing\n issue in the extensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library\nincluded with chromium.", "modified": "2020-01-02T00:00:00", "id": "DEBIAN_DSA-4330.NASL", "href": "https://www.tenable.com/plugins/nessus/118719", "published": "2018-11-05T00:00:00", "title": "Debian DSA-4330-1 : chromium-browser - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4330. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118719);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/20 11:08:44\");\n\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_xref(name:\"DSA\", value:\"4330\");\n\n script_name(english:\"Debian DSA-4330-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2018-5179\n Yannic Boneberger discovered an error in the\n ServiceWorker implementation.\n\n - CVE-2018-17462\n Ned Williamson and Niklas Baumstark discovered a way to\n escape the sandbox.\n\n - CVE-2018-17463\n Ned Williamson and Niklas Baumstark discovered a remote\n code execution issue in the v8 JavaScript library.\n\n - CVE-2018-17464\n xisigr discovered a URL spoofing issue.\n\n - CVE-2018-17465\n Lin Zuojian discovered a use-after-free issue in the v8\n JavaScript library.\n\n - CVE-2018-17466\n Omair discovered a memory corruption issue in the angle\n library.\n\n - CVE-2018-17467\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-17468\n Jams Lee discovered an information disclosure issue.\n\n - CVE-2018-17469\n Zhen Zhou discovered a buffer overflow issue in the\n pdfium library.\n\n - CVE-2018-17470\n Zhe Jin discovered a memory corruption issue in the GPU\n backend implementation.\n\n - CVE-2018-17471\n Lnyas Zhang discovered an issue with the full screen\n user interface.\n\n - CVE-2018-17473\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-17474\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2018-17475\n Vladimir Metnew discovered a URL spoofing issue.\n\n - CVE-2018-17476\n Khalil Zhani discovered an issue with the full screen\n user interface.\n\n - CVE-2018-17477\n Aaron Muir Hamilton discovered a user interface spoofing\n issue in the extensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library\nincluded with chromium.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17477\"\n );\n # https://security-tracker.debian.org/tracker/source-package/chromium-browser\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e33901a2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4330\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 70.0.3538.67-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"chromedriver\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-driver\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-l10n\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-shell\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-widevine\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T08:03:33", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Windows host is\nprior to 70.0.3538.67. It is, therefore, affected by multiple\nvulnerabilities as noted in Google Chrome stable channel update\nrelease notes for 2018/10/16. Please refer to the release notes for\nadditional information. Note that Nessus has not attempted to exploit\nthese issues but has instead relied only on the application", "modified": "2020-01-02T00:00:00", "id": "GOOGLE_CHROME_70_0_3538_67.NASL", "href": "https://www.tenable.com/plugins/nessus/118153", "published": "2018-10-16T00:00:00", "title": "Google Chrome < 70.0.3538.67 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118153);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-5179\",\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\"\n );\n\n script_name(english:\"Google Chrome < 70.0.3538.67 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 70.0.3538.67. It is, therefore, affected by multiple\nvulnerabilities as noted in Google Chrome stable channel update\nrelease notes for 2018/10/16. Please refer to the release notes for\nadditional information. Note that Nessus has not attempted to exploit\nthese issues but has instead relied only on the application's self-\nreported version number.\");\n # https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c8f5c86\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 70.0.3538.67 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'70.0.3538.67', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T07:53:20", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201811-10\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the referenced CVE identifiers and Google Chrome\n Releases for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code, escalate privileges,\n cause a heap buffer overflow, obtain sensitive information, or spoof a\n URL.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2020-01-02T00:00:00", "id": "GENTOO_GLSA-201811-10.NASL", "href": "https://www.tenable.com/plugins/nessus/119130", "published": "2018-11-26T00:00:00", "title": "GLSA-201811-10 : Chromium: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201811-10.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119130);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\"CVE-2018-16065\", \"CVE-2018-16066\", \"CVE-2018-16067\", \"CVE-2018-16068\", \"CVE-2018-16069\", \"CVE-2018-16070\", \"CVE-2018-16071\", \"CVE-2018-16072\", \"CVE-2018-16073\", \"CVE-2018-16074\", \"CVE-2018-16075\", \"CVE-2018-16076\", \"CVE-2018-16077\", \"CVE-2018-16078\", \"CVE-2018-16079\", \"CVE-2018-16080\", \"CVE-2018-16081\", \"CVE-2018-16082\", \"CVE-2018-16083\", \"CVE-2018-16084\", \"CVE-2018-16085\", \"CVE-2018-16086\", \"CVE-2018-16087\", \"CVE-2018-16088\", \"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_xref(name:\"GLSA\", value:\"201811-10\");\n\n script_name(english:\"GLSA-201811-10 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201811-10\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the referenced CVE identifiers and Google Chrome\n Releases for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code, escalate privileges,\n cause a heap buffer overflow, obtain sensitive information, or spoof a\n URL.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201811-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-70.0.3538.67'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 70.0.3538.67\"), vulnerable:make_list(\"lt 70.0.3538.67\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:56", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4330-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nNovember 02, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2018-5179 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464\n CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468\n CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473\n CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-5179\n\n Yannic Boneberger discovered an error in the ServiceWorker implementation.\n\nCVE-2018-17462\n\n Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox.\n\nCVE-2018-17463\n\n Ned Williamson and Niklas Baumstark discovered a remote code execution\n issue in the v8 javascript library.\n\nCVE-2018-17464\n\n xisigr discovered a URL spoofing issue.\n\nCVE-2018-17465\n\n Lin Zuojian discovered a use-after-free issue in the v8 javascript\n library.\n\nCVE-2018-17466\n\n Omair discovered a memory corruption issue in the angle library.\n\nCVE-2018-17467\n\n Khalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17468\n\n Jams Lee discovered an information disclosure issue.\n\nCVE-2018-17469\n\n Zhen Zhou discovered a buffer overflow issue in the pdfium library.\n\nCVE-2018-17470\n\n Zhe Jin discovered a memory corruption issue in the GPU backend\n implementation.\n\nCVE-2018-17471\n\n Lnyas Zhang discovered an issue with the full screen user interface.\n\nCVE-2018-17473\n\n Khalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17474\n\n Zhe Jin discovered a use-after-free issue.\n\nCVE-2018-17475\n\n Vladimir Metnew discovered a URL spoofing issue.\n\nCVE-2018-17476\n\n Khalil Zhani discovered an issue with the full screen user interface.\n\nCVE-2018-17477\n\n Aaron Muir Hamilton discovered a user interface spoofing issue in the\n extensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library included\nwith chromium.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 70.0.3538.67-1~deb9u1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFor the detailed security status of chromium-browser please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium-browser\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2018-11-02T11:43:56", "published": "2018-11-02T11:43:56", "id": "DEBIAN:DSA-4330-1:C6D67", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00262.html", "title": "[SECURITY] [DSA 4330-1] chromium-browser security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-24T22:40:14", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4284-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 04, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lcms2\nCVE ID : CVE-2018-16435\n\nQuang Nguyen discovered an integer overflow in the Little CMS 2 colour\nmanagement library, which could in denial of service and potentially the\nexecution of arbitrary code if a malformed IT8 calibration file is\nprocessed.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.8-4+deb9u1.\n\nWe recommend that you upgrade your lcms2 packages.\n\nFor the detailed security status of lcms2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/lcms2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2018-09-04T21:07:53", "published": "2018-09-04T21:07:53", "id": "DEBIAN:DSA-4284-1:5963D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00214.html", "title": "[SECURITY] [DSA 4284-1] lcms2 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-10-24T22:36:16", "bulletinFamily": "unix", "description": "Package : lcms2\nVersion : 2.6-3+deb8u2\nCVE ID : CVE-2018-16435\nDebian Bug : #907983\n\nIt was discovered that there was an integer overflow vulnerability\nin the &quot;Little CMS 2&quot; colour management library. A specially-crafted\ninput file could lead to a heap-based buffer overflow.\n\nFor Debian 8 &quot;Jessie&quot;, this issue has been fixed in lcms2 version\n2.6-3+deb8u2.\n\nWe recommend that you upgrade your lcms2 packages.\n\n\nRegards,\n\n- -- \n ,&#x27;&#x27;`.\n : :&#x27; : Chris Lamb\n `. `&#x27;` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "modified": "2018-09-06T09:21:06", "published": "2018-09-06T09:21:06", "id": "DEBIAN:DLA-1496-1:2F059", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201809/msg00005.html", "title": "[SECURITY] [DLA 1496-1] lcms2 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-08T10:09:33", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4354-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 12, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2018-12405 CVE-2018-17466 CVE-2018-18492\n CVE-2018-18493 CVE-2018-18494 CVE-2018-18498\n\nMultiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode or bypass of the same-origin policy.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 60.4.0esr-1~deb9u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFor the detailed security status of firefox-esr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/firefox-esr\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2018-12-12T21:09:09", "published": "2018-12-12T21:09:09", "id": "DEBIAN:DSA-4354-1:2E2F6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00286.html", "title": "[SECURITY] [DSA 4354-1] firefox-esr security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2019-05-30T05:50:38", "bulletinFamily": "info", "description": "Google has lifted the curtain on its latest version of Chrome, which the tech giant has pledged touts more data privacy features, as well as fixes for high-priority vulnerabilities.\n\nThe release comes after Google had promised updates in Chrome 70 to \u201cbetter communicate our changes and offer more control over the experience.\u201d\n\nChrome 70 for Windows, Mac and Linux will roll out over the coming days and weeks, Google said in a Tuesday [posting](<https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html>).\n\n## New Privacy Feature\n\nMost notably, Chrome 70 includes a panel enabling users to have more control over how the browser behaves when they log into their Google accounts.\n\nThe pressure is on Google to prioritize privacy policies after the tech giant came under fire for a change in Chrome 69, launched [earlier in September](<https://threatpost.com/google-rolls-out-40-fixes-with-chrome-69/137210/>). After that release, an update to the browser\u2019s sign-in mechanism [automatically signed users into Chrome](<https://threatpost.com/googles-forced-sign-in-to-chrome-raises-privacy-red-flags/137651/>) when they signed into any other Google service.\n\nDigs at Google increased when a separate researcher also found that when he deleted the cookies.txt files in Chrome, the browser clears all cookies \u2013 except for Google cookies.\n\nBut the new control panel means that users have the option to turn off the automatic sign-in, Zach Koch, Chrome product manager, said in a [post](<https://www.blog.google/products/chrome/product-updates-based-your-feedback/>) on the matter.\n\n\u201cWhile we think sign-in consistency will help many of our users, we\u2019re adding a control that allows users to turn off linking web-based sign-in with browser-based sign-in\u2014that way users have more control over their experience,\u201d he said. \u201cFor users that disable this feature, signing into a Google website will not sign them into Chrome.\n\n## Fixed Vulnerabilities\n\nIn addition to new privacy features, Chrome 70 also [packs](<https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html>) 23 security fixes, including both \u201chigh\u201d and \u201cmedium\u201d priority bugs; as well as new security features.\n\nOf note are patches for a high-priority sandbox escape vulnerability (CVE-2018-17462) in AppCache; a high-priority remote code-execution flaw (CVE-2018-17463) in V8; a \u201chigh\u201d priority URL spoof bug (CVE-2018-17464) in Omnibox; and a \u201chigh\u201d memory corruption glitch (CVE-2018-17466) in Angle.\n\nOther bugs include a high-priority use-after-free flaw (CVE-2018-17465) in V8, and a high-priority heap buffer overflow vulnerability in Little CMS in PDFium (no CVE assigned yet).\n\nA full list of the security bugs and fixes are [here](<https://chromium.googlesource.com/chromium/src/+log/69.0.3497.100..70.0.3538.67?pretty=fuller&n=10000>).\n\nChrome 70 also features Web Bluetooth, which is also available in Windows 10, which allows sites to communicate with user-selected Bluetooth devices in a \u201csecure and privacy-preserving\u201d ways.\n\nAnd finally, Google released support for public key credentials in Chrome 70, which enables strong authentication to websites with public key cryptography, enabling password-less authentication and/or secure second-factor authentication without SMS texts.\n\n\u201cI\u2019m pretty excited about it because it allows sites to use my fingerprint for two-factor authentication,\u201d Pete LePage, developer advocate, said in a Tuesday [post](<https://developers.google.com/web/updates/2018/10/nic70>). \u201cBut, it also adds support for additional types of security keys and better security on the web.\u201d\n", "modified": "2018-10-17T14:04:48", "published": "2018-10-17T14:04:48", "id": "THREATPOST:2EA02E029D18D4A6E2F53BF8057CCD57", "href": "https://threatpost.com/on-heels-of-criticism-newly-released-google-chrome-70-prioritizes-privacy/138368/", "type": "threatpost", "title": "On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-01-15T13:03:59", "bulletinFamily": "NVD", "description": "Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.", "modified": "2018-12-19T20:59:00", "id": "CVE-2018-17468", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17468", "published": "2018-11-14T15:29:00", "title": "CVE-2018-17468", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-15T13:03:59", "bulletinFamily": "NVD", "description": "Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "modified": "2018-12-18T18:39:00", "id": "CVE-2018-17464", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17464", "published": "2018-11-14T15:29:00", "title": "CVE-2018-17464", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-15T13:04:00", "bulletinFamily": "NVD", "description": "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.", "modified": "2018-12-18T18:51:00", "id": "CVE-2018-17473", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17473", "published": "2018-11-14T15:29:00", "title": "CVE-2018-17473", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-15T13:04:00", "bulletinFamily": "NVD", "description": "Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.", "modified": "2018-12-21T19:53:00", "id": "CVE-2018-17471", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17471", "published": "2018-11-14T15:29:00", "title": "CVE-2018-17471", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-15T13:04:01", "bulletinFamily": "NVD", "description": "Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.", "modified": "2018-12-21T20:34:00", "id": "CVE-2018-17476", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17476", "published": "2018-11-14T15:29:00", "title": "CVE-2018-17476", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:19:52", "bulletinFamily": "NVD", "description": "Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.", "modified": "2018-11-05T20:46:00", "id": "CVE-2018-16435", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16435", "published": "2018-09-04T00:29:00", "title": "CVE-2018-16435", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-15T13:04:00", "bulletinFamily": "NVD", "description": "Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.", "modified": "2018-12-18T18:47:00", "id": "CVE-2018-17469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17469", "published": "2018-11-14T15:29:00", "title": "CVE-2018-17469", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-15T13:03:59", "bulletinFamily": "NVD", "description": "Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.", "modified": "2018-12-19T20:34:00", "id": "CVE-2018-17465", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17465", "published": "2018-11-14T15:29:00", "title": "CVE-2018-17465", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-15T13:03:59", "bulletinFamily": "NVD", "description": "Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.", "modified": "2018-12-19T18:53:00", "id": "CVE-2018-17462", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17462", "published": "2018-11-14T15:29:00", "title": "CVE-2018-17462", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-15T13:04:00", "bulletinFamily": "NVD", "description": "A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.", "modified": "2019-01-15T17:46:00", "id": "CVE-2018-17470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17470", "published": "2019-01-09T19:29:00", "title": "CVE-2018-17470", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2018-11-23T22:33:08", "bulletinFamily": "unix", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. \n\n### Impact\n\nA remote attacker could execute arbitrary code, escalate privileges, cause a heap buffer overflow, obtain sensitive information, or spoof a URL. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-70.0.3538.67\"", "modified": "2018-11-23T00:00:00", "published": "2018-11-23T00:00:00", "id": "GLSA-201811-10", "href": "https://security.gentoo.org/glsa/201811-10", "title": "Chromium: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:54", "bulletinFamily": "software", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nIbrahim El-Sayed discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-10165)\n\nQuang Nguyen discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-16435)\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.238.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.25.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.238.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.25.0 or later.\n\n# References\n\n * [USN-3770-1](<https://usn.ubuntu.com/3770-1>)\n * [CVE-2016-10165](<https://people.canonical.com/~ubuntu-security/cve/CVE-2016-10165>)\n * [CVE-2018-16435](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16435>)\n", "modified": "2018-09-25T00:00:00", "published": "2018-09-25T00:00:00", "id": "CFOUNDRY:AFE5A77EBE4E39A2F02201C20DDD401B", "href": "https://www.cloudfoundry.org/blog/usn-3770-1/", "title": "USN-3770-1: Little CMS vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:31", "bulletinFamily": "unix", "description": "Ibrahim El-Sayed discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-10165)\n\nQuang Nguyen discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-16435)", "modified": "2018-09-20T00:00:00", "published": "2018-09-20T00:00:00", "id": "USN-3770-1", "href": "https://usn.ubuntu.com/3770-1/", "title": "Little CMS vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T19:22:13", "bulletinFamily": "unix", "description": "USN-3770-1 fixed a vulnerability in Little CMS. This update provides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nPedro Ribeiro discoreved that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2013-4276)\n\nIbrahim El-Sayed discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-10165)\n\nQuang Nguyen discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-16435)", "modified": "2018-09-20T00:00:00", "published": "2018-09-20T00:00:00", "id": "USN-3770-2", "href": "https://usn.ubuntu.com/3770-2/", "title": "Little CMS vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "myhack58": [{"lastseen": "2019-09-17T10:34:08", "bulletinFamily": "info", "description": "In this article, we will Analysis on your iOS device to get the normal permissions of the shell of the WebKit exploit method, where all the vulnerabilities are available on iOS's sandboxed renderer process WebContent implemented shellcode code execution. Although on iOS Chrome will also be affected by these browser vulnerabilities to attack, but the attacker would just use them to locate the Safari and the iPhone's location. \nThis article will first briefly describe each use of the WebKit vulnerabilities and an attacker how from build a memory read/write primitives, and then outlines for shellcode code execution techniques as well as how to bypass the existing JIT code injection mitigation measures. \nInterestingly, these vulnerabilities do not have a vulnerability to bypass on the A12 on the device are enabled based on PAC JIT strengthen mitigation measures. Exploits by vulnerability to support the latest iOS version, if the exploit is missing in the version check, it will be based on the repair date and prior to the vulnerability to guess the supported version range. \nThe sandboxed renderer process using the first get memory read/write functions, and then the shellcode injected into the JIT area to obtain the native code execution privileges. It seems every time you broke a new major can exploit the vulnerability, the new vulnerability will be added to the framework to use to do read/write check, and then inserted into the existing exploit frameworks. The exploits used are also common exploit techniques, for example, first create addrof and fakeobj primitive, then fake JS object to implement the read/write. \nFor many exploit programs, it is unclear whether they have in some 0day or 1day on successful use. Now also don't know the attacker is how to first get these vulnerability information. Typically, they are used to repair the finish after the release of the public exploit to use. WebKit in the fix version is sent to the user before publishing the vulnerability details. CVE-2019-8518 is in 2019 2 May 9, WebKit HEAD disclosed in repair, submitted for 4a23c92e6883 it. This commit contains a test case, the test cases triggered a vulnerability and lead to a JSArray of cross-border access, this situation is usually very easy to exploit. However, the fixes only in 2019 3 December 25 release iOS 12.2 user post, is in about the vulnerability details publicly after a month and a half before release. The technical ability of the user to be within a few days time to replace the underlying vulnerabilities, thereby obtaining the advantage of the latest capabilities of the device, without self-tap new holes. This may occur at least in some of the following vulnerabilities in. \nIn order to do the comparison, the following is a list of the other browser vendors is how to deal with this vulnerability window problems: \nGoogle and Chromium the same problem exists, for example, submitted 52a9e67a477b fix for CVE-2018-17463-in. However, it seems some of the recent vulnerabilities release no longer contains the JavaScript test cases. For example, our team members Sergey Glazunov reported the following two for the vulnerability fix: aa00ee22f8f7 for vulnerability 1784 and 4edcc8605461 for vulnerability 1793 in. \nMicrosoft will open source the Chakra engine in the security fixes that confidential treatment until the fix has been sent to the user before the public. Then released the repair after the procedure and publishes the CVE number. For this example, see commit 7f0d390ad77d it. However, it should be noted that the Chakra will soon be the Edge of the V8\uff08Chromium's JavaScript engine replaced. \nMozilla directly prohibits a public repository of security fixes, they will directly release the next version. In addition, it is not disclosed for triggering a vulnerability in the JavaScript test cases. \nHowever, it is worth noting that, even if the Don't get the JavaScript test case, you can still through a code patch written in the PoC and eventually exploit the vulnerability. \n\n0x01 exploit 1: iOS 10.0~10.3.2 \nThis exploits the target is CVE-2017-2505, initially by lokihardt report for Project Zero issue 1137, and in 2017 to 3 January 11, on the WebKit HEAD by submission 4a23c92e6883 repair. The fix is then in the 5 on 15, publishing to the iOS 10.3.2 the user. Interestingly, the exploit exp is almost the WebKit repository in the bug report and test file exactly the same. You can see in the image below, the left image is displayed in the WebKit code repository publish a test with the example on the right shows the triggering of vulnerabilities in the wild exploit code part. \n! [](/Article/UploadPic/2019-9/2019917134229760. png) \nThe vulnerability will lead to the use of controlled data writes to achieve the JSC heap bounds. Attacker destruction of controlled JSObject one of the first QWord, changing its structure ID to the run-time type information with JSCell associated with to make it appear as a Uint32Array with. Thus, they actually created a fake TypedArray, will directly allow them to construct a memory read/write primitives. \n\n0x02 exploit 2: iOS 10.3~10.3.3 \nThe exploit is for CVE-2017-7064 or its variant, which was originally by lokihardt found and reported as issue 1236 in. The vulnerability has been in 2017 4 November 18 in the WebKit HEAD by submission ad6d74945b13 repair, and in 2017, the 7 on 19, released to the iOS 10.3.3 of the user. The vulnerabilities could cause uninitialized memory to be treated as JS array of content, through reactor operation technology, you can control the uninitialized data, this time by the double-precision and JSValues between the type of confused structure addrof and fakeobj primitive, so that by construction forged TypedArray get memory read/write. \n\n0x03 exploit 3: iOS 11.0~11.3 \nThis exploit is a WebKit vulnerability 181867, the CVE number might be CVE-2018-4122\u3002 It in 2018 1 November 19 in the WebKit HEAD in repair, and in 2018 3 May 29, released to iOS 11.3 the user. The vulnerability is typical of the JIT side-effect problems. It is unclear how the attacker is in early 2018 will know of this vulnerability. The vulnerability through the confusion is not initialized double, and Whether the array built addrof and fakeobj primitive, and then again by forgery to obtain memory read/write a typed array of objects. \n\n0x04 exploits 4: iOS 11.3~11.4.1 \nThis exploit is for the 2018 \u5e74 5 \u6708 16 filed in the b4e567d371fd fix the vulnerability, and corresponding to the WebKit bug report 185694 it. Unfortunately, we are unable to determine the allocation to this issue of the CVE, but it seems that the patches in 2018 7 May 9, publishing to the iOS 11.4.1 the user. This is another JIT side-effect issues, similar to the previous vulnerability, again constructed fakeobj primitive to forge a JS object. However, it has now been released Gigacage mitigation measures. Therefore, construction of the pseudo-ArrayBuffers / TypedArrays are no longer useful. \nThe exploit constructs a fake unboxed double Array, and get an initial, limited memory read/write primitives. Then using the initial primitive to disable Gigacage mitigation measures, and then continue to use TypedArrays to perform behind the exploits. \n\n0x05 exploit 5: iOS 11.4.1 \nThe exploit is for CVE-2018-4438 vulnerability, the lokihardt report of 1649 it. This vulnerability is in 2018 10 May 26 using the commit 8deb8bd96f4a repair, and in 2018, 12 \u6708 5 issued to the iOS 12.1.1 the user. The wrong hole you can build a proxy the prototype of the array, and then, by the JIT-compiled code in the trigger change, this vulnerability is converted to the JIT side-effect problems. The vulnerability before the vulnerability is very similar, first using the limited JS array read/write disable Gigacage mitigation measures, and then by TypedArrays perform a full read/write the shellcode to be injected. \n\n\n**[1] [[2]](<96030_2.htm>) [next](<96030_2.htm>)**\n", "modified": "2019-09-17T00:00:00", "published": "2019-09-17T00:00:00", "id": "MYHACK58:62201996030", "href": "http://www.myhack58.com/Article/html/3/62/2019/96030.htm", "title": "In-depth exploration found in the wild iOS exploit chain VI-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:45", "bulletinFamily": "unix", "description": "[60.4.0-1.0.1]\n- fix LD_LIBRARY_PATH\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one\n[60.4.0-1]\n- Update to 60.4.0 ESR\n[60.3.0-2]\n- Added firefox-gnome-shell-extension", "modified": "2018-12-18T00:00:00", "published": "2018-12-18T00:00:00", "id": "ELSA-2018-3831", "href": "http://linux.oracle.com/errata/ELSA-2018-3831.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:52", "bulletinFamily": "unix", "description": "[60.4.0-1.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[60.4.0-1]\n- Update to 60.4.0", "modified": "2019-01-25T00:00:00", "published": "2019-01-25T00:00:00", "id": "ELSA-2019-0160", "href": "http://linux.oracle.com/errata/ELSA-2019-0160.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:41", "bulletinFamily": "unix", "description": "[60.4.0-1.0.1]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n[60.4.0-1]\n- Update to 60.4.0 ESR\n[60.3.0-2]\n- Added firefox-gnome-shell-extension\n[60.3.0-1]\n- Update to 60.3.0 ESR", "modified": "2018-12-18T00:00:00", "published": "2018-12-18T00:00:00", "id": "ELSA-2018-3833", "href": "http://linux.oracle.com/errata/ELSA-2018-3833.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:29:18", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2019:0159\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.4.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405)\n\n* chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466)\n\n* Mozilla: Use-after-free with select element (CVE-2018-18492)\n\n* Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493)\n\n* Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494)\n\n* Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-February/023188.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "modified": "2019-02-01T23:14:30", "published": "2019-02-01T23:14:30", "id": "CESA-2019:0159", "href": "http://lists.centos.org/pipermail/centos-announce/2019-February/023188.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:26:39", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2019:0160\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.4.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405)\n\n* chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466)\n\n* Mozilla: Use-after-free with select element (CVE-2018-18492)\n\n* Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493)\n\n* Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494)\n\n* Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-February/023154.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "modified": "2019-02-01T23:12:43", "published": "2019-02-01T23:12:43", "id": "CESA-2019:0160", "href": "http://lists.centos.org/pipermail/centos-announce/2019-February/023154.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:27:20", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2018:3831\n\n\nMozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.4.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405)\n\n* Mozilla: Memory corruption in Angle (CVE-2018-17466)\n\n* Mozilla: Use-after-free with select element (CVE-2018-18492)\n\n* Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493)\n\n* Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494)\n\n* Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-December/023138.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\n", "modified": "2018-12-21T19:07:59", "published": "2018-12-21T19:07:59", "id": "CESA-2018:3831", "href": "http://lists.centos.org/pipermail/centos-announce/2018-December/023138.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:23:57", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2018:3833\n\n\nMozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.4.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405)\n\n* Mozilla: Memory corruption in Angle (CVE-2018-17466)\n\n* Mozilla: Use-after-free with select element (CVE-2018-18492)\n\n* Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493)\n\n* Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494)\n\n* Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-December/023139.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\n", "modified": "2018-12-21T19:08:51", "published": "2018-12-21T19:08:51", "id": "CESA-2018:3833", "href": "http://lists.centos.org/pipermail/centos-announce/2018-December/023139.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:34", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.4.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405)\n\n* chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466)\n\n* Mozilla: Use-after-free with select element (CVE-2018-18492)\n\n* Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493)\n\n* Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494)\n\n* Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.", "modified": "2019-01-25T02:48:41", "published": "2019-01-25T02:47:18", "id": "RHSA-2019:0159", "href": "https://access.redhat.com/errata/RHSA-2019:0159", "type": "redhat", "title": "(RHSA-2019:0159) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:35", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.4.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405)\n\n* chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466)\n\n* Mozilla: Use-after-free with select element (CVE-2018-18492)\n\n* Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493)\n\n* Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494)\n\n* Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.", "modified": "2019-01-25T02:49:46", "published": "2019-01-25T02:48:12", "id": "RHSA-2019:0160", "href": "https://access.redhat.com/errata/RHSA-2019:0160", "type": "redhat", "title": "(RHSA-2019:0160) Important: thunderbird security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:28", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.4.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405)\n\n* Mozilla: Memory corruption in Angle (CVE-2018-17466)\n\n* Mozilla: Use-after-free with select element (CVE-2018-18492)\n\n* Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493)\n\n* Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494)\n\n* Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.", "modified": "2018-12-17T19:12:26", "published": "2018-12-17T19:10:13", "id": "RHSA-2018:3833", "href": "https://access.redhat.com/errata/RHSA-2018:3833", "type": "redhat", "title": "(RHSA-2018:3833) Critical: firefox security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}