{"securityvulns": [{"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2476-1\r\nJanuary 26, 2015\r\n\r\noxide-qt vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in Oxide.\r\n\r\nSoftware Description:\r\n- oxide-qt: Web browser engine library for Qt (QML plugin)\r\n\r\nDetails:\r\n\r\nSeveral memory corruption bugs were discovered in ICU. If a user were\r\ntricked in to opening a specially crafted website, an attacker could\r\npotentially exploit these to cause a denial of service via renderer crash\r\nor execute arbitrary code with the privileges of the sandboxed render\r\nprocess. (CVE-2014-7923, CVE-2014-7926)\r\n\r\nA use-after-free was discovered in the IndexedDB implementation. If a user\r\nwere tricked in to opening a specially crafted website, an attacker could\r\npotentially exploit this to cause a denial of service via application\r\ncrash or execute arbitrary code with the privileges of the user invoking\r\nthe program. (CVE-2014-7924)\r\n\r\nA use-after free was discovered in the WebAudio implementation in Blink.\r\nIf a user were tricked in to opening a specially crafted website, an\r\nattacker could potentially exploit this to cause a denial of service via\r\nrenderer crash or execute arbitrary code with the privileges of the\r\nsandboxed render process. (CVE-2014-7925)\r\n\r\nSeveral memory corruption bugs were discovered in V8. If a user were\r\ntricked in to opening a specially crafted website, an attacker could\r\npotentially exploit these to cause a denial of service via renderer crash\r\nor execute arbitrary code with the privileges of the sandboxed render\r\nprocess. (CVE-2014-7927, CVE-2014-7928, CVE-2014-7931)\r\n\r\nSeveral use-after free bugs were discovered in the DOM implementation in\r\nBlink. If a user were tricked in to opening a specially crafted website,\r\nan attacker could potentially exploit these to cause a denial of service\r\nvia renderer crash or execute arbitrary code with the privileges of the\r\nsandboxed render process. (CVE-2014-7929, CVE-2014-7930, CVE-2014-7932,\r\nCVE-2014-7934)\r\n\r\nA use-after free was discovered in FFmpeg. If a user were tricked in to\r\nopening a specially crafted website, an attacker could potentially exploit\r\nthis to cause a denial of service via renderer crash or execute arbitrary\r\ncode with the privileges of the sandboxed render process. (CVE-2014-7933)\r\n\r\nMultiple off-by-one errors were discovered in FFmpeg. If a user were\r\ntricked in to opening a specially crafted website, an attacker could\r\npotentially exploit this to cause a denial of service via renderer crash\r\nor execute arbitrary code with the privileges of the sandboxed render\r\nprocess. (CVE-2014-7937)\r\n\r\nA memory corruption bug was discovered in the fonts implementation. If a\r\nuser were tricked in to opening a specially crafted website, an attacker\r\ncould potentially exploit this to cause a denial of service via renderer\r\ncrash or execute arbitrary code with the privileges of the sandboxed\r\nrender process. (CVE-2014-7938)\r\n\r\nIt was discovered that ICU did not initialize memory for a data structure\r\ncorrectly. If a user were tricked in to opening a specially crafted\r\nwebsite, an attacker could potentially exploit this to cause a denial of\r\nservice via renderer crash or execute arbitrary code with the privileges\r\nof the sandboxed render process. (CVE-2014-7940)\r\n\r\nIt was discovered that the fonts implementation did not initialize memory\r\nfor a data structure correctly. If a user were tricked in to opening a\r\nspecially crafted website, an attacker could potentially exploit this to\r\ncause a denial of service via renderer crash or execute arbitrary code\r\nwith the privileges of the sandboxed render process. (CVE-2014-7942)\r\n\r\nAn out-of-bounds read was discovered in Skia. If a user were tricked in to\r\nopening a specially crafted website, an attacker could potentially exploit\r\nthis to cause a denial of service via renderer crash. (CVE-2014-7943)\r\n\r\nAn out-of-bounds read was discovered in Blink. If a user were tricked in to\r\nopening a specially crafted website, an attacker could potentially exploit\r\nthis to cause a denial of service via renderer crash. (CVE-2014-7946)\r\n\r\nIt was discovered that the AppCache proceeded with caching for SSL\r\nsessions even if there is a certificate error. A remote attacker could\r\npotentially exploit this by conducting a MITM attack to modify HTML\r\napplication content. (CVE-2014-7948)\r\n\r\nMultiple security issues were discovered in Chromium. If a user were\r\ntricked in to opening a specially crafted website, an attacker could\r\npotentially exploit these to read uninitialized memory, cause a denial\r\nof service via application crash or execute arbitrary code with the\r\nprivileges of the user invoking the program. (CVE-2015-1205)\r\n\r\nMultiple security issues were discovered in V8. If a user were tricked\r\nin to opening a specially crafted website, an attacker could potentially\r\nexploit these to read uninitialized memory, cause a denial of service via\r\nrenderer crash or execute arbitrary code with the privileges of the\r\nsandboxed render process. (CVE-2015-1346)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n liboxideqtcore0 1.4.2-0ubuntu0.14.10.1\r\n oxideqt-codecs 1.4.2-0ubuntu0.14.10.1\r\n oxideqt-codecs-extra 1.4.2-0ubuntu0.14.10.1\r\n\r\nUbuntu 14.04 LTS:\r\n liboxideqtcore0 1.4.2-0ubuntu0.14.04.1\r\n oxideqt-codecs 1.4.2-0ubuntu0.14.04.1\r\n oxideqt-codecs-extra 1.4.2-0ubuntu0.14.04.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2476-1\r\n CVE-2014-7923, CVE-2014-7924, CVE-2014-7925, CVE-2014-7926,\r\n CVE-2014-7927, CVE-2014-7928, CVE-2014-7929, CVE-2014-7930,\r\n CVE-2014-7931, CVE-2014-7932, CVE-2014-7933, CVE-2014-7934,\r\n CVE-2014-7937, CVE-2014-7938, CVE-2014-7940, CVE-2014-7942,\r\n CVE-2014-7943, CVE-2014-7946, CVE-2014-7948, CVE-2015-1205,\r\n CVE-2015-1346\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/oxide-qt/1.4.2-0ubuntu0.14.10.1\r\n https://launchpad.net/ubuntu/+source/oxide-qt/1.4.2-0ubuntu0.14.04.1\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:DOC:31688", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31688", "title": "[USN-2476-1] Oxide vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2522-1\r\nMarch 05, 2015\r\n\r\nicu vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nICU could be made to crash or run programs as your login if it processed\r\nspecially crafted data.\r\n\r\nSoftware Description:\r\n- icu: International Components for Unicode library\r\n\r\nDetails:\r\n\r\nIt was discovered that ICU incorrectly handled memory operations when\r\nprocessing fonts. If an application using ICU processed crafted data, an\r\nattacker could cause it to crash or potentially execute arbitrary code with\r\nthe privileges of the user invoking the program. This issue only affected\r\nUbuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384,\r\nCVE-2013-2419)\r\n\r\nIt was discovered that ICU incorrectly handled memory operations when\r\nprocessing fonts. If an application using ICU processed crafted data, an\r\nattacker could cause it to crash or potentially execute arbitrary code with\r\nthe privileges of the user invoking the program. (CVE-2014-6585,\r\nCVE-2014-6591)\r\n\r\nIt was discovered that ICU incorrectly handled memory operations when\r\nprocessing regular expressions. If an application using ICU processed\r\ncrafted data, an attacker could cause it to crash or potentially execute\r\narbitrary code with the privileges of the user invoking the program.\r\n(CVE-2014-7923, CVE-2014-7926, CVE-2014-9654)\r\n\r\nIt was discovered that ICU collator implementation incorrectly handled\r\nmemory operations. If an application using ICU processed crafted data, an\r\nattacker could cause it to crash or potentially execute arbitrary code with\r\nthe privileges of the user invoking the program. (CVE-2014-7940)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n libicu52 52.1-6ubuntu0.2\r\n\r\nUbuntu 14.04 LTS:\r\n libicu52 52.1-3ubuntu0.2\r\n\r\nUbuntu 12.04 LTS:\r\n libicu48 4.8.1.1-3ubuntu0.3\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2522-1\r\n CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419,\r\n CVE-2014-6585, CVE-2014-6591, CVE-2014-7923, CVE-2014-7926,\r\n CVE-2014-7940, CVE-2014-9654\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/icu/52.1-6ubuntu0.2\r\n https://launchpad.net/ubuntu/+source/icu/52.1-3ubuntu0.2\r\n https://launchpad.net/ubuntu/+source/icu/4.8.1.1-3ubuntu0.3\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "modified": "2015-03-07T00:00:00", "published": "2015-03-07T00:00:00", "id": "SECURITYVULNS:DOC:31765", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31765", "title": "[USN-2522-1] ICU vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "description": "Multiple memory corruptions.", "modified": "2015-03-07T00:00:00", "published": "2015-03-07T00:00:00", "id": "SECURITYVULNS:VULN:14291", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14291", "title": "libicu multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:20:45", "bulletinFamily": "scanner", "description": "Several memory corruption bugs were discovered in ICU. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-7923, CVE-2014-7926)\n\nA use-after-free was discovered in the IndexedDB implementation. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash or execute arbitrary code with the privileges of\nthe user invoking the program. (CVE-2014-7924)\n\nA use-after free was discovered in the WebAudio implementation in\nBlink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via renderer crash or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2014-7925)\n\nSeveral memory corruption bugs were discovered in V8. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-7927, CVE-2014-7928, CVE-2014-7931)\n\nSeveral use-after free bugs were discovered in the DOM implementation\nin Blink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial\nof service via renderer crash or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2014-7929,\nCVE-2014-7930, CVE-2014-7932, CVE-2014-7934)\n\nA use-after free was discovered in FFmpeg. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7933)\n\nMultiple off-by-one errors were discovered in FFmpeg. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-7937)\n\nA memory corruption bug was discovered in the fonts implementation. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia renderer crash or execute arbitrary code with the privileges of\nthe sandboxed render process. (CVE-2014-7938)\n\nIt was discovered that ICU did not initialize memory for a data\nstructure correctly. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via renderer crash or execute arbitrary code with\nthe privileges of the sandboxed render process. (CVE-2014-7940)\n\nIt was discovered that the fonts implementation did not initialize\nmemory for a data structure correctly. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7942)\n\nAn out-of-bounds read was discovered in Skia. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash. (CVE-2014-7943)\n\nAn out-of-bounds read was discovered in Blink. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash. (CVE-2014-7946)\n\nIt was discovered that the AppCache proceeded with caching for SSL\nsessions even if there is a certificate error. A remote attacker could\npotentially exploit this by conducting a MITM attack to modify HTML\napplication content. (CVE-2014-7948)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1205)\n\nMultiple security issues were discovered in V8. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via renderer crash or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2015-1346).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2015-01-27T00:00:00", "id": "UBUNTU_USN-2476-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81016", "title": "Ubuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2476-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2476-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81016);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-7923\", \"CVE-2014-7924\", \"CVE-2014-7925\", \"CVE-2014-7926\", \"CVE-2014-7927\", \"CVE-2014-7928\", \"CVE-2014-7929\", \"CVE-2014-7930\", \"CVE-2014-7931\", \"CVE-2014-7932\", \"CVE-2014-7933\", \"CVE-2014-7934\", \"CVE-2014-7937\", \"CVE-2014-7938\", \"CVE-2014-7940\", \"CVE-2014-7942\", \"CVE-2014-7943\", \"CVE-2014-7946\", \"CVE-2014-7948\", \"CVE-2015-1205\", \"CVE-2015-1346\");\n script_bugtraq_id(72288);\n script_xref(name:\"USN\", value:\"2476-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2476-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several memory corruption bugs were discovered in ICU. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-7923, CVE-2014-7926)\n\nA use-after-free was discovered in the IndexedDB implementation. If a\nuser were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia application crash or execute arbitrary code with the privileges of\nthe user invoking the program. (CVE-2014-7924)\n\nA use-after free was discovered in the WebAudio implementation in\nBlink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via renderer crash or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2014-7925)\n\nSeveral memory corruption bugs were discovered in V8. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-7927, CVE-2014-7928, CVE-2014-7931)\n\nSeveral use-after free bugs were discovered in the DOM implementation\nin Blink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial\nof service via renderer crash or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2014-7929,\nCVE-2014-7930, CVE-2014-7932, CVE-2014-7934)\n\nA use-after free was discovered in FFmpeg. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7933)\n\nMultiple off-by-one errors were discovered in FFmpeg. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-7937)\n\nA memory corruption bug was discovered in the fonts implementation. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia renderer crash or execute arbitrary code with the privileges of\nthe sandboxed render process. (CVE-2014-7938)\n\nIt was discovered that ICU did not initialize memory for a data\nstructure correctly. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via renderer crash or execute arbitrary code with\nthe privileges of the sandboxed render process. (CVE-2014-7940)\n\nIt was discovered that the fonts implementation did not initialize\nmemory for a data structure correctly. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7942)\n\nAn out-of-bounds read was discovered in Skia. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash. (CVE-2014-7943)\n\nAn out-of-bounds read was discovered in Blink. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash. (CVE-2014-7946)\n\nIt was discovered that the AppCache proceeded with caching for SSL\nsessions even if there is a certificate error. A remote attacker could\npotentially exploit this by conducting a MITM attack to modify HTML\napplication content. (CVE-2014-7948)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1205)\n\nMultiple security issues were discovered in V8. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via renderer crash or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2015-1346).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2476-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected liboxideqtcore0, oxideqt-codecs and / or\noxideqt-codecs-extra packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.4.2-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"oxideqt-codecs\", pkgver:\"1.4.2-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"oxideqt-codecs-extra\", pkgver:\"1.4.2-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"liboxideqtcore0\", pkgver:\"1.4.2-0ubuntu0.14.10.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"oxideqt-codecs\", pkgver:\"1.4.2-0ubuntu0.14.10.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"oxideqt-codecs-extra\", pkgver:\"1.4.2-0ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0 / oxideqt-codecs / oxideqt-codecs-extra\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:46", "bulletinFamily": "scanner", "description": "Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Chromium. (CVE-2014-7923, CVE-2014-7924, CVE-2014-7925,\nCVE-2014-7926, CVE-2014-7927, CVE-2014-7928, CVE-2014-7929,\nCVE-2014-7930, CVE-2014-7931, CVE-2014-7932, CVE-2014-7933,\nCVE-2014-7934, CVE-2014-7935, CVE-2014-7936, CVE-2014-7937,\nCVE-2014-7938, CVE-2014-7939, CVE-2014-7940, CVE-2014-7941,\nCVE-2014-7942, CVE-2014-7943, CVE-2014-7944, CVE-2014-7945,\nCVE-2014-7946, CVE-2014-7947, CVE-2014-7948)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 40.0.2214.91, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.", "modified": "2018-12-20T00:00:00", "published": "2015-01-28T00:00:00", "id": "REDHAT-RHSA-2015-0093.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81035", "title": "RHEL 6 : chromium-browser (RHSA-2015:0093)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0093. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81035);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2014-7923\", \"CVE-2014-7924\", \"CVE-2014-7925\", \"CVE-2014-7926\", \"CVE-2014-7927\", \"CVE-2014-7928\", \"CVE-2014-7929\", \"CVE-2014-7930\", \"CVE-2014-7931\", \"CVE-2014-7932\", \"CVE-2014-7933\", \"CVE-2014-7934\", \"CVE-2014-7935\", \"CVE-2014-7936\", \"CVE-2014-7937\", \"CVE-2014-7938\", \"CVE-2014-7939\", \"CVE-2014-7940\", \"CVE-2014-7941\", \"CVE-2014-7942\", \"CVE-2014-7943\", \"CVE-2014-7944\", \"CVE-2014-7945\", \"CVE-2014-7946\", \"CVE-2014-7947\", \"CVE-2014-7948\", \"CVE-2015-1346\");\n script_bugtraq_id(72288);\n script_xref(name:\"RHSA\", value:\"2015:0093\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2015:0093)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Chromium. (CVE-2014-7923, CVE-2014-7924, CVE-2014-7925,\nCVE-2014-7926, CVE-2014-7927, CVE-2014-7928, CVE-2014-7929,\nCVE-2014-7930, CVE-2014-7931, CVE-2014-7932, CVE-2014-7933,\nCVE-2014-7934, CVE-2014-7935, CVE-2014-7936, CVE-2014-7937,\nCVE-2014-7938, CVE-2014-7939, CVE-2014-7940, CVE-2014-7941,\nCVE-2014-7942, CVE-2014-7943, CVE-2014-7944, CVE-2014-7945,\nCVE-2014-7946, CVE-2014-7947, CVE-2014-7948)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 40.0.2214.91, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.\"\n );\n # http://googlechromereleases.blogspot.com/2015/01/stable-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/2015/01/stable-update.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7932\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0093\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-40.0.2214.91-1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-40.0.2214.91-1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-40.0.2214.91-1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-40.0.2214.91-1.el6_6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:42", "bulletinFamily": "scanner", "description": "Google Chrome Releases reports :\n\n62 security fixes in this release, including :\n\n- [430353] High CVE-2014-7923: Memory corruption in ICU. Credit to\nyangdingning.\n\n- [435880] High CVE-2014-7924: Use-after-free in IndexedDB. Credit to\nCollin Payne.\n\n- [434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit to\nmark.buer.\n\n- [422824] High CVE-2014-7926: Memory corruption in ICU. Credit to\nyangdingning.\n\n- [444695] High CVE-2014-7927: Memory corruption in V8. Credit to\nChristian Holler.\n\n- [435073] High CVE-2014-7928: Memory corruption in V8. Credit to\nChristian Holler.\n\n- [442806] High CVE-2014-7930: Use-after-free in DOM. Credit to\ncloudfuzzer.\n\n- [442710] High CVE-2014-7931: Memory corruption in V8. Credit to\ncloudfuzzer.\n\n- [443115] High CVE-2014-7929: Use-after-free in DOM. Credit to\ncloudfuzzer.\n\n- [429666] High CVE-2014-7932: Use-after-free in DOM. Credit to Atte\nKettunen of OUSPG.\n\n- [427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit to\naohelin.\n\n- [427249] High CVE-2014-7934: Use-after-free in DOM. Credit to\ncloudfuzzer.\n\n- [402957] High CVE-2014-7935: Use-after-free in Speech. Credit to\nKhalil Zhani.\n\n- [428561] High CVE-2014-7936: Use-after-free in Views. Credit to\nChristoph Diehl.\n\n- [419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit to\nAtte Kettunen of OUSPG.\n\n- [416323] High CVE-2014-7938: Memory corruption in Fonts. Credit to\nAtte Kettunen of OUSPG.\n\n- [399951] High CVE-2014-7939: Same-origin-bypass in V8. Credit to\nTakeshi Terada.\n\n- [433866] Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to\nmiaubiz.\n\n- [428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to\nAtte Kettunen of OUSPG and Christoph Diehl.\n\n- [426762] Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit\nto miaubiz.\n\n- [422492] Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to\nAtte Kettunen of OUSPG.\n\n- [418881] Medium CVE-2014-7944: Out-of-bounds read in PDFium. Credit\nto cloudfuzzer.\n\n- [414310] Medium CVE-2014-7945: Out-of-bounds read in PDFium. Credit\nto cloudfuzzer.\n\n- [414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit\nto miaubiz.\n\n- [430566] Medium CVE-2014-7947: Out-of-bounds read in PDFium. Credit\nto fuzztercluck.\n\n- [414026] Medium CVE-2014-7948: Caching error in AppCache. Credit to\njiayaoqijia.\n\n- [449894] CVE-2015-1205: Various fixes from internal audits, fuzzing\nand other initiatives.\n\n- Multiple vulnerabilities in V8 fixed at the tip of the 3.30 branch\n(currently 3.30.33.15).", "modified": "2018-12-19T00:00:00", "published": "2015-01-22T00:00:00", "id": "FREEBSD_PKG_E30E0C99A1B711E4B85C00262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80898", "title": "FreeBSD : chromium -- multiple vulnerabilities (e30e0c99-a1b7-11e4-b85c-00262d5ed8ee)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80898);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2014-7923\", \"CVE-2014-7924\", \"CVE-2014-7925\", \"CVE-2014-7926\", \"CVE-2014-7927\", \"CVE-2014-7928\", \"CVE-2014-7929\", \"CVE-2014-7930\", \"CVE-2014-7931\", \"CVE-2014-7932\", \"CVE-2014-7933\", \"CVE-2014-7934\", \"CVE-2014-7935\", \"CVE-2014-7936\", \"CVE-2014-7937\", \"CVE-2014-7938\", \"CVE-2014-7939\", \"CVE-2014-7940\", \"CVE-2014-7941\", \"CVE-2014-7942\", \"CVE-2014-7943\", \"CVE-2014-7944\", \"CVE-2014-7945\", \"CVE-2014-7946\", \"CVE-2014-7947\", \"CVE-2014-7948\", \"CVE-2015-1205\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (e30e0c99-a1b7-11e4-b85c-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n62 security fixes in this release, including :\n\n- [430353] High CVE-2014-7923: Memory corruption in ICU. Credit to\nyangdingning.\n\n- [435880] High CVE-2014-7924: Use-after-free in IndexedDB. Credit to\nCollin Payne.\n\n- [434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit to\nmark.buer.\n\n- [422824] High CVE-2014-7926: Memory corruption in ICU. Credit to\nyangdingning.\n\n- [444695] High CVE-2014-7927: Memory corruption in V8. Credit to\nChristian Holler.\n\n- [435073] High CVE-2014-7928: Memory corruption in V8. Credit to\nChristian Holler.\n\n- [442806] High CVE-2014-7930: Use-after-free in DOM. Credit to\ncloudfuzzer.\n\n- [442710] High CVE-2014-7931: Memory corruption in V8. Credit to\ncloudfuzzer.\n\n- [443115] High CVE-2014-7929: Use-after-free in DOM. Credit to\ncloudfuzzer.\n\n- [429666] High CVE-2014-7932: Use-after-free in DOM. Credit to Atte\nKettunen of OUSPG.\n\n- [427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit to\naohelin.\n\n- [427249] High CVE-2014-7934: Use-after-free in DOM. Credit to\ncloudfuzzer.\n\n- [402957] High CVE-2014-7935: Use-after-free in Speech. Credit to\nKhalil Zhani.\n\n- [428561] High CVE-2014-7936: Use-after-free in Views. Credit to\nChristoph Diehl.\n\n- [419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit to\nAtte Kettunen of OUSPG.\n\n- [416323] High CVE-2014-7938: Memory corruption in Fonts. Credit to\nAtte Kettunen of OUSPG.\n\n- [399951] High CVE-2014-7939: Same-origin-bypass in V8. Credit to\nTakeshi Terada.\n\n- [433866] Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to\nmiaubiz.\n\n- [428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to\nAtte Kettunen of OUSPG and Christoph Diehl.\n\n- [426762] Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit\nto miaubiz.\n\n- [422492] Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to\nAtte Kettunen of OUSPG.\n\n- [418881] Medium CVE-2014-7944: Out-of-bounds read in PDFium. Credit\nto cloudfuzzer.\n\n- [414310] Medium CVE-2014-7945: Out-of-bounds read in PDFium. Credit\nto cloudfuzzer.\n\n- [414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit\nto miaubiz.\n\n- [430566] Medium CVE-2014-7947: Out-of-bounds read in PDFium. Credit\nto fuzztercluck.\n\n- [414026] Medium CVE-2014-7948: Caching error in AppCache. Credit to\njiayaoqijia.\n\n- [449894] CVE-2015-1205: Various fixes from internal audits, fuzzing\nand other initiatives.\n\n- Multiple vulnerabilities in V8 fixed at the tip of the 3.30 branch\n(currently 3.30.33.15).\"\n );\n # http://googlechromereleases.blogspot.nl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/\"\n );\n # https://vuxml.freebsd.org/freebsd/e30e0c99-a1b7-11e4-b85c-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5dc2ca63\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<40.0.2214.91\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<40.0.2214.91\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:58", "bulletinFamily": "scanner", "description": "chromium was updated to version 40.0.2214.111 to fix 31\nvulnerabilities.\n\nThese security issues were fixed :\n\n - CVE-2015-1209: Use-after-free in DOM (bnc#916841).\n\n - CVE-2015-1210: Cross-origin-bypass in V8 bindings\n (bnc#916843).\n\n - CVE-2015-1211: Privilege escalation using service\n workers (bnc#916838).\n\n - CVE-2015-1212: Various fixes from internal audits,\n fuzzing and other initiatives (bnc#916840).\n\n - CVE-2014-7923: Memory corruption in ICU (bnc#914468).\n\n - CVE-2014-7924: Use-after-free in IndexedDB (bnc#914468).\n\n - CVE-2014-7925: Use-after-free in WebAudio (bnc#914468).\n\n - CVE-2014-7926: Memory corruption in ICU (bnc#914468).\n\n - CVE-2014-7927: Memory corruption in V8 (bnc#914468).\n\n - CVE-2014-7928: Memory corruption in V8 (bnc#914468).\n\n - CVE-2014-7930: Use-after-free in DOM (bnc#914468).\n\n - CVE-2014-7931: Memory corruption in V8 (bnc#914468).\n\n - CVE-2014-7929: Use-after-free in DOM (bnc#914468).\n\n - CVE-2014-7932: Use-after-free in DOM (bnc#914468).\n\n - CVE-2014-7933: Use-after-free in FFmpeg (bnc#914468).\n\n - CVE-2014-7934: Use-after-free in DOM (bnc#914468).\n\n - CVE-2014-7935: Use-after-free in Speech (bnc#914468).\n\n - CVE-2014-7936: Use-after-free in Views (bnc#914468).\n\n - CVE-2014-7937: Use-after-free in FFmpeg (bnc#914468).\n\n - CVE-2014-7938: Memory corruption in Fonts (bnc#914468).\n\n - CVE-2014-7939: Same-origin-bypass in V8 (bnc#914468).\n\n - CVE-2014-7940: Uninitialized-value in ICU (bnc#914468).\n\n - CVE-2014-7941: Out-of-bounds read in UI (bnc#914468).\n\n - CVE-2014-7942: Uninitialized-value in Fonts\n (bnc#914468).\n\n - CVE-2014-7943: Out-of-bounds read in Skia\n\n - CVE-2014-7944: Out-of-bounds read in PDFium\n\n - CVE-2014-7945: Out-of-bounds read in PDFium\n\n - CVE-2014-7946: Out-of-bounds read in Fonts\n\n - CVE-2014-7947: Out-of-bounds read in PDFium\n\n - CVE-2014-7948: Caching error in AppCache\n\n - CVE-2015-1205: Various fixes from internal audits,\n fuzzing and other initiatives\n\nThese non-security issues were fixed :\n\n - Fix using 'echo' command in chromium-browser.sh script", "modified": "2015-04-11T00:00:00", "published": "2015-03-09T00:00:00", "id": "OPENSUSE-2015-204.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81692", "title": "openSUSE Security Update : chromium (openSUSE-2015-204)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-204.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81692);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/04/11 15:46:02 $\");\n\n script_cve_id(\"CVE-2014-7923\", \"CVE-2014-7924\", \"CVE-2014-7925\", \"CVE-2014-7926\", \"CVE-2014-7927\", \"CVE-2014-7928\", \"CVE-2014-7929\", \"CVE-2014-7930\", \"CVE-2014-7931\", \"CVE-2014-7932\", \"CVE-2014-7933\", \"CVE-2014-7934\", \"CVE-2014-7935\", \"CVE-2014-7936\", \"CVE-2014-7937\", \"CVE-2014-7938\", \"CVE-2014-7939\", \"CVE-2014-7940\", \"CVE-2014-7941\", \"CVE-2014-7942\", \"CVE-2014-7943\", \"CVE-2014-7944\", \"CVE-2014-7945\", \"CVE-2014-7946\", \"CVE-2014-7947\", \"CVE-2014-7948\", \"CVE-2015-1205\", \"CVE-2015-1209\", \"CVE-2015-1210\", \"CVE-2015-1211\", \"CVE-2015-1212\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2015-204)\");\n script_summary(english:\"Check for the openSUSE-2015-204 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"chromium was updated to version 40.0.2214.111 to fix 31\nvulnerabilities.\n\nThese security issues were fixed :\n\n - CVE-2015-1209: Use-after-free in DOM (bnc#916841).\n\n - CVE-2015-1210: Cross-origin-bypass in V8 bindings\n (bnc#916843).\n\n - CVE-2015-1211: Privilege escalation using service\n workers (bnc#916838).\n\n - CVE-2015-1212: Various fixes from internal audits,\n fuzzing and other initiatives (bnc#916840).\n\n - CVE-2014-7923: Memory corruption in ICU (bnc#914468).\n\n - CVE-2014-7924: Use-after-free in IndexedDB (bnc#914468).\n\n - CVE-2014-7925: Use-after-free in WebAudio (bnc#914468).\n\n - CVE-2014-7926: Memory corruption in ICU (bnc#914468).\n\n - CVE-2014-7927: Memory corruption in V8 (bnc#914468).\n\n - CVE-2014-7928: Memory corruption in V8 (bnc#914468).\n\n - CVE-2014-7930: Use-after-free in DOM (bnc#914468).\n\n - CVE-2014-7931: Memory corruption in V8 (bnc#914468).\n\n - CVE-2014-7929: Use-after-free in DOM (bnc#914468).\n\n - CVE-2014-7932: Use-after-free in DOM (bnc#914468).\n\n - CVE-2014-7933: Use-after-free in FFmpeg (bnc#914468).\n\n - CVE-2014-7934: Use-after-free in DOM (bnc#914468).\n\n - CVE-2014-7935: Use-after-free in Speech (bnc#914468).\n\n - CVE-2014-7936: Use-after-free in Views (bnc#914468).\n\n - CVE-2014-7937: Use-after-free in FFmpeg (bnc#914468).\n\n - CVE-2014-7938: Memory corruption in Fonts (bnc#914468).\n\n - CVE-2014-7939: Same-origin-bypass in V8 (bnc#914468).\n\n - CVE-2014-7940: Uninitialized-value in ICU (bnc#914468).\n\n - CVE-2014-7941: Out-of-bounds read in UI (bnc#914468).\n\n - CVE-2014-7942: Uninitialized-value in Fonts\n (bnc#914468).\n\n - CVE-2014-7943: Out-of-bounds read in Skia\n\n - CVE-2014-7944: Out-of-bounds read in PDFium\n\n - CVE-2014-7945: Out-of-bounds read in PDFium\n\n - CVE-2014-7946: Out-of-bounds read in Fonts\n\n - CVE-2014-7947: Out-of-bounds read in PDFium\n\n - CVE-2014-7948: Caching error in AppCache\n\n - CVE-2015-1205: Various fixes from internal audits,\n fuzzing and other initiatives\n\nThese non-security issues were fixed :\n\n - Fix using 'echo' command in chromium-browser.sh script\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=914468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916843\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-40.0.2214.111-68.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-40.0.2214.111-68.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-40.0.2214.111-68.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-40.0.2214.111-68.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-40.0.2214.111-68.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-40.0.2214.111-68.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-40.0.2214.111-68.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-40.0.2214.111-68.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-40.0.2214.111-68.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-40.0.2214.111-13.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-40.0.2214.111-13.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-40.0.2214.111-13.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-40.0.2214.111-13.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-40.0.2214.111-13.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-40.0.2214.111-13.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-40.0.2214.111-13.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-40.0.2214.111-13.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-40.0.2214.111-13.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:44", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Windows host is a\nversion prior to 40.0.2214.91. It is, therefore, affected by\nvulnerabilities in the following components :\n\n - AppCache\n - DOM\n - FFmpeg\n - Fonts\n - ICU\n - IndexedDB\n - PDFium\n - Skia\n - Speech\n - UI\n - V8\n - Views\n - WebAudio", "modified": "2018-07-12T00:00:00", "published": "2015-01-23T00:00:00", "id": "GOOGLE_CHROME_40_0_2214_91.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80951", "title": "Google Chrome < 40.0.2214.91 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80951);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\n \"CVE-2014-7923\",\n \"CVE-2014-7924\",\n \"CVE-2014-7925\",\n \"CVE-2014-7926\",\n \"CVE-2014-7927\",\n \"CVE-2014-7928\",\n \"CVE-2014-7929\",\n \"CVE-2014-7930\",\n \"CVE-2014-7931\",\n \"CVE-2014-7932\",\n \"CVE-2014-7933\",\n \"CVE-2014-7934\",\n \"CVE-2014-7935\",\n \"CVE-2014-7936\",\n \"CVE-2014-7937\",\n \"CVE-2014-7938\",\n \"CVE-2014-7939\",\n \"CVE-2014-7940\",\n \"CVE-2014-7941\",\n \"CVE-2014-7942\",\n \"CVE-2014-7943\",\n \"CVE-2014-7944\",\n \"CVE-2014-7945\",\n \"CVE-2014-7946\",\n \"CVE-2014-7947\",\n \"CVE-2014-7948\",\n \"CVE-2015-1205\",\n \"CVE-2015-1346\",\n \"CVE-2015-1359\",\n \"CVE-2015-1360\"\n );\n script_bugtraq_id(72288, 72858, 73076, 73077);\n\n script_name(english:\"Google Chrome < 40.0.2214.91 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is a\nversion prior to 40.0.2214.91. It is, therefore, affected by\nvulnerabilities in the following components :\n\n - AppCache\n - DOM\n - FFmpeg\n - Fonts\n - ICU\n - IndexedDB\n - PDFium\n - Skia\n - Speech\n - UI\n - V8\n - Views\n - WebAudio\");\n script_set_attribute(attribute:\"see_also\", value:\"http://googlechromereleases.blogspot.com/2015/01/stable-update.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Google Chrome 40.0.2214.91 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'40.0.2214.91', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:44", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 40.0.2214.91. It is, therefore, affected by\nvulnerabilities in the following components :\n\n - AppCache\n - DOM\n - FFmpeg\n - Fonts\n - ICU\n - IndexedDB\n - PDFium\n - Skia\n - Speech\n - UI\n - V8\n - Views\n - WebAudio", "modified": "2018-07-14T00:00:00", "published": "2015-01-23T00:00:00", "id": "MACOSX_GOOGLE_CHROME_40_0_2214_91.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80950", "title": "Google Chrome < 40.0.2214.91 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80950);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-7923\",\n \"CVE-2014-7924\",\n \"CVE-2014-7925\",\n \"CVE-2014-7926\",\n \"CVE-2014-7927\",\n \"CVE-2014-7928\",\n \"CVE-2014-7929\",\n \"CVE-2014-7930\",\n \"CVE-2014-7931\",\n \"CVE-2014-7932\",\n \"CVE-2014-7933\",\n \"CVE-2014-7934\",\n \"CVE-2014-7935\",\n \"CVE-2014-7936\",\n \"CVE-2014-7937\",\n \"CVE-2014-7938\",\n \"CVE-2014-7939\",\n \"CVE-2014-7940\",\n \"CVE-2014-7941\",\n \"CVE-2014-7942\",\n \"CVE-2014-7943\",\n \"CVE-2014-7944\",\n \"CVE-2014-7945\",\n \"CVE-2014-7946\",\n \"CVE-2014-7947\",\n \"CVE-2014-7948\",\n \"CVE-2015-1205\",\n \"CVE-2015-1359\",\n \"CVE-2015-1360\"\n );\n script_bugtraq_id(72288, 73076, 73077);\n\n script_name(english:\"Google Chrome < 40.0.2214.91 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 40.0.2214.91. It is, therefore, affected by\nvulnerabilities in the following components :\n\n - AppCache\n - DOM\n - FFmpeg\n - Fonts\n - ICU\n - IndexedDB\n - PDFium\n - Skia\n - Speech\n - UI\n - V8\n - Views\n - WebAudio\");\n script_set_attribute(attribute:\"see_also\", value:\"http://googlechromereleases.blogspot.com/2015/01/stable-update.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Google Chrome 40.0.2214.91 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'40.0.2214.91', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:52", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201502-13\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\nImpact :\n\n A remote attacker may be able to cause a Denial of Service condition,\n gain privileges via a filesystem: URI, or have other unspecified impact.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2018-07-12T00:00:00", "published": "2015-02-18T00:00:00", "id": "GENTOO_GLSA-201502-13.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81396", "title": "GLSA-201502-13 : Chromium: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201502-13.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81396);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2014-7923\", \"CVE-2014-7924\", \"CVE-2014-7925\", \"CVE-2014-7926\", \"CVE-2014-7927\", \"CVE-2014-7928\", \"CVE-2014-7929\", \"CVE-2014-7930\", \"CVE-2014-7931\", \"CVE-2014-7932\", \"CVE-2014-7933\", \"CVE-2014-7934\", \"CVE-2014-7935\", \"CVE-2014-7936\", \"CVE-2014-7937\", \"CVE-2014-7938\", \"CVE-2014-7939\", \"CVE-2014-7940\", \"CVE-2014-7941\", \"CVE-2014-7942\", \"CVE-2014-7943\", \"CVE-2014-7944\", \"CVE-2014-7945\", \"CVE-2014-7946\", \"CVE-2014-7947\", \"CVE-2014-7948\", \"CVE-2014-9646\", \"CVE-2014-9647\", \"CVE-2014-9648\", \"CVE-2015-1205\", \"CVE-2015-1209\", \"CVE-2015-1210\", \"CVE-2015-1211\", \"CVE-2015-1212\", \"CVE-2015-1346\", \"CVE-2015-1359\", \"CVE-2015-1360\", \"CVE-2015-1361\");\n script_xref(name:\"GLSA\", value:\"201502-13\");\n\n script_name(english:\"GLSA-201502-13 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201502-13\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to cause a Denial of Service condition,\n gain privileges via a filesystem: URI, or have other unspecified impact.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201502-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-40.0.2214.111'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 40.0.2214.111\"), vulnerable:make_list(\"lt 40.0.2214.111\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:50", "bulletinFamily": "scanner", "description": "Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Chromium. (CVE-2015-1209, CVE-2015-1210, CVE-2015-1211,\nCVE-2015-1212)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 40.0.2214.111, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.", "modified": "2018-11-10T00:00:00", "published": "2015-02-11T00:00:00", "id": "REDHAT-RHSA-2015-0163.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81290", "title": "RHEL 6 : chromium-browser (RHSA-2015:0163)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0163. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81290);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2015-1209\", \"CVE-2015-1210\", \"CVE-2015-1211\", \"CVE-2015-1212\");\n script_bugtraq_id(72497);\n script_xref(name:\"RHSA\", value:\"2015:0163\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2015:0163)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Chromium. (CVE-2015-1209, CVE-2015-1210, CVE-2015-1211,\nCVE-2015-1212)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 40.0.2214.111, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.\"\n );\n # http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9661eacd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1209\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0163\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-40.0.2214.111-1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-40.0.2214.111-1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-40.0.2214.111-1.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-40.0.2214.111-1.el6_6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:50", "bulletinFamily": "scanner", "description": "A use-after-free bug was discovered in the DOM implementation in\nBlink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via renderer crash or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2015-1209)\n\nIt was discovered that V8 did not properly consider frame access\nrestrictions when throwing exceptions in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to bypass same origin restrictions.\n(CVE-2015-1210)\n\nIt was discovered that Chromium did not properly restrict the URI\nscheme during ServiceWorker registration. If a user were tricked in to\ndownloading and opening a specially crafted HTML file, an attacker\ncould potentially exploit this to bypass security restrictions.\n(CVE-2015-1211)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1212).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2015-02-11T00:00:00", "id": "UBUNTU_USN-2495-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81296", "title": "Ubuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2495-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2495-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81296);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2015-1209\", \"CVE-2015-1210\", \"CVE-2015-1211\", \"CVE-2015-1212\");\n script_bugtraq_id(72497);\n script_xref(name:\"USN\", value:\"2495-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2495-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free bug was discovered in the DOM implementation in\nBlink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via renderer crash or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2015-1209)\n\nIt was discovered that V8 did not properly consider frame access\nrestrictions when throwing exceptions in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to bypass same origin restrictions.\n(CVE-2015-1210)\n\nIt was discovered that Chromium did not properly restrict the URI\nscheme during ServiceWorker registration. If a user were tricked in to\ndownloading and opening a specially crafted HTML file, an attacker\ncould potentially exploit this to bypass security restrictions.\n(CVE-2015-1211)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1212).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2495-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected liboxideqtcore0, oxideqt-codecs and / or\noxideqt-codecs-extra packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.4.3-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"oxideqt-codecs\", pkgver:\"1.4.3-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"oxideqt-codecs-extra\", pkgver:\"1.4.3-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"liboxideqtcore0\", pkgver:\"1.4.3-0ubuntu0.14.10.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"oxideqt-codecs\", pkgver:\"1.4.3-0ubuntu0.14.10.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"oxideqt-codecs-extra\", pkgver:\"1.4.3-0ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0 / oxideqt-codecs / oxideqt-codecs-extra\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:20:49", "bulletinFamily": "scanner", "description": "Chrome Releases reports :\n\n11 security fixes in this release, including :\n\n- [447906] High CVE-2015-1209: Use-after-free in DOM. Credit to\nMaksymillian.\n\n- [453979] High CVE-2015-1210: Cross-origin-bypass in V8 bindings.\nCredit to anonymous.\n\n- [453982] High CVE-2015-1211: Privilege escalation using service\nworkers. Credit to anonymous.\n\n- [455225] CVE-2015-1212: Various fixes from internal audits, fuzzing\nand other initiatives.", "modified": "2018-12-19T00:00:00", "published": "2015-02-09T00:00:00", "id": "FREEBSD_PKG_A6EB239FADBE11E49FCE080027593B9A.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81223", "title": "FreeBSD : chromium -- multiple vulnerabilities (a6eb239f-adbe-11e4-9fce-080027593b9a)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81223);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2015-1209\", \"CVE-2015-1210\", \"CVE-2015-1211\", \"CVE-2015-1212\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (a6eb239f-adbe-11e4-9fce-080027593b9a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chrome Releases reports :\n\n11 security fixes in this release, including :\n\n- [447906] High CVE-2015-1209: Use-after-free in DOM. Credit to\nMaksymillian.\n\n- [453979] High CVE-2015-1210: Cross-origin-bypass in V8 bindings.\nCredit to anonymous.\n\n- [453982] High CVE-2015-1211: Privilege escalation using service\nworkers. Credit to anonymous.\n\n- [455225] CVE-2015-1212: Various fixes from internal audits, fuzzing\nand other initiatives.\"\n );\n # http://googlechromereleases.blogspot.nl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/\"\n );\n # https://vuxml.freebsd.org/freebsd/a6eb239f-adbe-11e4-9fce-080027593b9a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1eb691a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<40.0.2214.111\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<40.0.2214.111\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-11-19T13:02:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:1361412562310842073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842073", "title": "Ubuntu Update for oxide-qt USN-2476-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for oxide-qt USN-2476-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842073\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 05:50:26 +0100 (Tue, 27 Jan 2015)\");\n script_cve_id(\"CVE-2014-7923\", \"CVE-2014-7926\", \"CVE-2014-7924\", \"CVE-2014-7925\",\n \"CVE-2014-7927\", \"CVE-2014-7928\", \"CVE-2014-7931\", \"CVE-2014-7929\",\n \"CVE-2014-7930\", \"CVE-2014-7932\", \"CVE-2014-7934\", \"CVE-2014-7933\",\n \"CVE-2014-7937\", \"CVE-2014-7938\", \"CVE-2014-7940\", \"CVE-2014-7942\",\n \"CVE-2014-7943\", \"CVE-2014-7946\", \"CVE-2014-7948\", \"CVE-2015-1205\",\n \"CVE-2015-1346\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for oxide-qt USN-2476-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Several memory corruption bugs were discovered\nin ICU. If a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit these to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7923, CVE-2014-7926)\n\nA use-after-free was discovered in the IndexedDB implementation. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash or execute arbitrary code with the privileges of the user invoking\nthe program. (CVE-2014-7924)\n\nA use-after free was discovered in the WebAudio implementation in Blink.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\nrenderer crash or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2014-7925)\n\nSeveral memory corruption bugs were discovered in V8. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via renderer crash\nor execute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7927, CVE-2014-7928, CVE-2014-7931)\n\nSeveral use-after free bugs were discovered in the DOM implementation in\nBlink. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit these to cause a denial of service\nvia renderer crash or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2014-7929, CVE-2014-7930, CVE-2014-7932,\nCVE-2014-7934)\n\nA use-after free was discovered in FFmpeg. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via renderer crash or execute arbitrary\ncode with the privileges of the sandboxed render process. (CVE-2014-7933)\n\nMultiple off-by-one errors were discovered in FFmpeg. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer crash\nor execute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7937)\n\nA memory corruption bug was discovered in the fonts implementation. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-7938)\n\nIt w ..\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 14.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2476-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2476-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.4.2-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.4.2-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:i386\", ver:\"1.4.2-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:amd64\", ver:\"1.4.2-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:i386\", ver:\"1.4.2-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:amd64\", ver:\"1.4.2-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.4.2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.4.2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:i386\", ver:\"1.4.2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:amd64\", ver:\"1.4.2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:i386\", ver:\"1.4.2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:amd64\", ver:\"1.4.2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:01:06", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-03-06T00:00:00", "id": "OPENVAS:1361412562310850639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850639", "title": "SuSE Update for chromium openSUSE-SU-2015:0441-1 (chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0441_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for chromium openSUSE-SU-2015:0441-1 (chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850639\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-06 14:17:10 +0100 (Fri, 06 Mar 2015)\");\n script_cve_id(\"CVE-2014-7923\", \"CVE-2014-7924\", \"CVE-2014-7925\", \"CVE-2014-7926\", \"CVE-2014-7927\", \"CVE-2014-7928\", \"CVE-2014-7929\", \"CVE-2014-7930\", \"CVE-2014-7931\", \"CVE-2014-7932\", \"CVE-2014-7933\", \"CVE-2014-7934\", \"CVE-2014-7935\", \"CVE-2014-7936\", \"CVE-2014-7937\", \"CVE-2014-7938\", \"CVE-2014-7939\", \"CVE-2014-7940\", \"CVE-2014-7941\", \"CVE-2014-7942\", \"CVE-2014-7943\", \"CVE-2014-7944\", \"CVE-2014-7945\", \"CVE-2014-7946\", \"CVE-2014-7947\", \"CVE-2014-7948\", \"CVE-2015-1205\", \"CVE-2015-1209\", \"CVE-2015-1210\", \"CVE-2015-1211\", \"CVE-2015-1212\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for chromium openSUSE-SU-2015:0441-1 (chromium)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"chromium was updated to version 40.0.2214.111 to fix 31 vulnerabilities.\n\n These security issues were fixed:\n\n - CVE-2015-1209: Use-after-free in DOM (bnc#916841).\n\n - CVE-2015-1210: Cross-origin-bypass in V8 bindings (bnc#916843).\n\n - CVE-2015-1211: Privilege escalation using service workers (bnc#916838).\n\n - CVE-2015-1212: Various fixes from internal audits, fuzzing and other\n initiatives (bnc#916840).\n\n - CVE-2014-7923: Memory corruption in ICU (bnc#914468).\n\n - CVE-2014-7924: Use-after-free in IndexedDB (bnc#914468).\n\n - CVE-2014-7925: Use-after-free in WebAudio (bnc#914468).\n\n - CVE-2014-7926: Memory corruption in ICU (bnc#914468).\n\n - CVE-2014-7927: Memory corruption in V8 (bnc#914468).\n\n - CVE-2014-7928: Memory corruption in V8 (bnc#914468).\n\n - CVE-2014-7930: Use-after-free in DOM (bnc#914468).\n\n - CVE-2014-7931: Memory corruption in V8 (bnc#914468).\n\n - CVE-2014-7929: Use-after-free in DOM (bnc#914468).\n\n - CVE-2014-7932: Use-after-free in DOM (bnc#914468).\n\n - CVE-2014-7933: Use-after-free in FFmpeg (bnc#914468).\n\n - CVE-2014-7934: Use-after-free in DOM (bnc#914468).\n\n - CVE-2014-7935: Use-after-free in Speech (bnc#914468).\n\n - CVE-2014-7936: Use-after-free in Views (bnc#914468).\n\n - CVE-2014-7937: Use-after-free in FFmpeg (bnc#914468).\n\n - CVE-2014-7938: Memory corruption in Fonts (bnc#914468).\n\n - CVE-2014-7939: Same-origin-bypass in V8 (bnc#914468).\n\n - CVE-2014-7940: Uninitialized-value in ICU (bnc#914468).\n\n - CVE-2014-7941: Out-of-bounds read in UI (bnc#914468).\n\n - CVE-2014-7942: Uninitialized-value in Fonts (bnc#914468).\n\n - CVE-2014-7943: Out-of-bounds read in Skia\n\n - CVE-2014-7944: Out-of-bounds read in PDFium\n\n - CVE-2014-7945: Out-of-bounds read in PDFium\n\n - CVE-2014-7946: Out-of-bounds read in Fonts\n\n - CVE-2014-7947: Out-of-bounds read in PDFium\n\n - CVE-2014-7948: Caching error in AppCache\n\n - CVE-2015-1205: Various fixes from internal audits, fuzzing and other\n initiatives\n\n These non-security issues were fixed:\n\n - Fix using 'echo' command in chromium-browser.sh script\");\n script_tag(name:\"affected\", value:\"chromium on openSUSE 13.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:0441_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~40.0.2214.111~68.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~40.0.2214.111~68.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~40.0.2214.111~68.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~40.0.2214.111~68.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~40.0.2214.111~68.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~40.0.2214.111~68.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~40.0.2214.111~68.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~40.0.2214.111~68.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~40.0.2214.111~68.2\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:38:11", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:1361412562310805421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805421", "title": "Google Chrome Multiple Vulnerabilities -02 Jan15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln02_jan15_win.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Google Chrome Multiple Vulnerabilities -02 Jan15 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805421\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-1346\", \"CVE-2015-1205\", \"CVE-2014-7948\", \"CVE-2014-7947\",\n \"CVE-2014-7946\", \"CVE-2014-7945\", \"CVE-2014-7944\", \"CVE-2014-7943\",\n \"CVE-2014-7942\", \"CVE-2014-7941\", \"CVE-2014-7940\", \"CVE-2014-7939\",\n \"CVE-2014-7938\", \"CVE-2014-7937\", \"CVE-2014-7936\", \"CVE-2014-7935\",\n \"CVE-2014-7934\", \"CVE-2014-7933\", \"CVE-2014-7932\", \"CVE-2014-7931\",\n \"CVE-2014-7930\", \"CVE-2014-7929\", \"CVE-2014-7928\", \"CVE-2014-7927\",\n \"CVE-2014-7926\", \"CVE-2014-7925\", \"CVE-2014-7924\", \"CVE-2014-7923\",\n \"CVE-2014-9648\", \"CVE-2014-9647\", \"CVE-2014-9646\", \"CVE-2015-1361\",\n \"CVE-2015-1360\", \"CVE-2015-1359\", \"CVE-2015-1248\", \"CVE-2014-9654\");\n script_bugtraq_id(72288);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 17:11:51 +0530 (Tue, 27 Jan 2015)\");\n script_name(\"Google Chrome Multiple Vulnerabilities -02 Jan15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For more details\n about the vulnerabilities, refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service attack, man-in-the-middle attack, bypass\n certain security restrictions and compromise a user's system, bypass the\n SafeBrowsing or possibly have unspecified other impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 40.0.2214.91 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 40.0.2214.91 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62383\");\n script_xref(name:\"URL\", value:\"https://code.google.com/p/chromium/issues/detail?id=380663\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/01/stable-update.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nchr_ver = infos['version'];\nchrPath = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"40.0.2214.91\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"40.0.2214.91\", install_path:chrPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:39:36", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:1361412562310805423", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805423", "title": "Google Chrome Multiple Vulnerabilities -02 Jan15 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln02_jan15_lin.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Google Chrome Multiple Vulnerabilities -02 Jan15 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805423\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-1346\", \"CVE-2015-1205\", \"CVE-2014-7948\", \"CVE-2014-7947\",\n \"CVE-2014-7946\", \"CVE-2014-7945\", \"CVE-2014-7944\", \"CVE-2014-7943\",\n \"CVE-2014-7942\", \"CVE-2014-7941\", \"CVE-2014-7940\", \"CVE-2014-7939\",\n \"CVE-2014-7938\", \"CVE-2014-7937\", \"CVE-2014-7936\", \"CVE-2014-7935\",\n \"CVE-2014-7934\", \"CVE-2014-7933\", \"CVE-2014-7932\", \"CVE-2014-7931\",\n \"CVE-2014-7930\", \"CVE-2014-7929\", \"CVE-2014-7928\", \"CVE-2014-7927\",\n \"CVE-2014-7926\", \"CVE-2014-7925\", \"CVE-2014-7924\", \"CVE-2014-7923\",\n \"CVE-2014-9648\", \"CVE-2014-9647\", \"CVE-2014-9646\", \"CVE-2015-1361\",\n \"CVE-2015-1360\", \"CVE-2015-1359\", \"CVE-2015-1248\", \"CVE-2014-9654\");\n script_bugtraq_id(72288);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 17:11:51 +0530 (Tue, 27 Jan 2015)\");\n script_name(\"Google Chrome Multiple Vulnerabilities -02 Jan15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For more details\n about the vulnerabilities, refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service attack, man-in-the-middle attack, bypass\n certain security restrictions and compromise a user's system, bypass the\n SafeBrowsing or possibly have unspecified other impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 40.0.2214.91 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 40.0.2214.91 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62383\");\n script_xref(name:\"URL\", value:\"https://code.google.com/p/chromium/issues/detail?id=380663\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/01/stable-update.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nchr_ver = infos['version'];\nchrPath = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"40.0.2214.91\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"40.0.2214.91\", install_path:chrPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:38:05", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:1361412562310805422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805422", "title": "Google Chrome Multiple Vulnerabilities -02 Jan15 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln02_jan15_macosx.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Google Chrome Multiple Vulnerabilities -02 Jan15 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805422\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-1346\", \"CVE-2015-1205\", \"CVE-2014-7948\", \"CVE-2014-7947\",\n \"CVE-2014-7946\", \"CVE-2014-7945\", \"CVE-2014-7944\", \"CVE-2014-7943\",\n \"CVE-2014-7942\", \"CVE-2014-7941\", \"CVE-2014-7940\", \"CVE-2014-7939\",\n \"CVE-2014-7938\", \"CVE-2014-7937\", \"CVE-2014-7936\", \"CVE-2014-7935\",\n \"CVE-2014-7934\", \"CVE-2014-7933\", \"CVE-2014-7932\", \"CVE-2014-7931\",\n \"CVE-2014-7930\", \"CVE-2014-7929\", \"CVE-2014-7928\", \"CVE-2014-7927\",\n \"CVE-2014-7926\", \"CVE-2014-7925\", \"CVE-2014-7924\", \"CVE-2014-7923\",\n \"CVE-2014-9648\", \"CVE-2014-9647\", \"CVE-2014-9646\", \"CVE-2015-1361\",\n \"CVE-2015-1360\", \"CVE-2015-1359\", \"CVE-2015-1248\", \"CVE-2014-9654\");\n script_bugtraq_id(72288);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 17:11:51 +0530 (Tue, 27 Jan 2015)\");\n script_name(\"Google Chrome Multiple Vulnerabilities -02 Jan15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For more details\n about the vulnerabilities, refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service attack, man-in-the-middle attack, bypass\n certain security restrictions and compromise a user's system, bypass the\n SafeBrowsing or possibly have unspecified other impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 40.0.2214.91 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 40.0.2214.91 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62383\");\n script_xref(name:\"URL\", value:\"https://code.google.com/p/chromium/issues/detail?id=380663\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/01/stable-update.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nchr_ver = infos['version'];\nchrPath = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"40.0.2214.91\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"40.0.2214.91\", install_path:chrPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-29T12:40:21", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201502-13", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121352", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121352", "title": "Gentoo Security Advisory GLSA 201502-13", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201502-13.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121352\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:34 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201502-13\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201502-13\");\n script_cve_id(\"CVE-2014-7923\", \"CVE-2014-7924\", \"CVE-2014-7925\", \"CVE-2014-7926\", \"CVE-2014-7927\", \"CVE-2014-7928\", \"CVE-2014-7929\", \"CVE-2014-7930\", \"CVE-2014-7931\", \"CVE-2014-7932\", \"CVE-2014-7933\", \"CVE-2014-7934\", \"CVE-2014-7935\", \"CVE-2014-7936\", \"CVE-2014-7937\", \"CVE-2014-7938\", \"CVE-2014-7939\", \"CVE-2014-7940\", \"CVE-2014-7941\", \"CVE-2014-7942\", \"CVE-2014-7943\", \"CVE-2014-7944\", \"CVE-2014-7945\", \"CVE-2014-7946\", \"CVE-2014-7947\", \"CVE-2014-7948\", \"CVE-2014-9646\", \"CVE-2014-9647\", \"CVE-2014-9648\", \"CVE-2015-1205\", \"CVE-2015-1209\", \"CVE-2015-1210\", \"CVE-2015-1211\", \"CVE-2015-1212\", \"CVE-2015-1346\", \"CVE-2015-1359\", \"CVE-2015-1360\", \"CVE-2015-1361\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201502-13\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 40.0.2214.111\"), vulnerable: make_list(\"lt 40.0.2214.111\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:40:08", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-01-02T00:00:00", "id": "OPENVAS:1361412562310805456", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805456", "title": "Google Chrome Multiple Vulnerabilities-01 Feb15 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln01_feb15_macosx.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Google Chrome Multiple Vulnerabilities-01 Feb15 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805456\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-1212\", \"CVE-2015-1211\", \"CVE-2015-1210\", \"CVE-2015-1209\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-02 12:58:34 +0530 (Fri, 02 Jan 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 Feb15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple unspecified vulnerabilities in Google Chrome.\n\n - The 'OriginCanAccessServiceWorkers' function in\n content/browser/service_worker/service_worker_dispatcher_host.cc script\n does not properly restrict the URI scheme during a ServiceWorker registration.\n\n - The 'V8ThrowException::createDOMException' function in\n bindings/core/v8/V8ThrowException.cpp script in the V8 bindings in Blink does\n not properly consider frame access restrictions during the throwing of an\n exception.\n\n - A use-after-free flaw in the 'VisibleSelection::nonBoundaryShadowTreeRootNode'\n function in editing/VisibleSelection.cpp script is triggered when a selection's\n anchor is a shadow root.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers gain elevated privileges, bypass cross-origin policies, to cause a\n denial of service or possibly have unspecified other impact via different\n crafted dimensions.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 40.0.2214.111 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 40.0.2214.111 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/02/stable-update.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"40.0.2214.111\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 40.0.2214.111' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:39:23", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-02-10T00:00:00", "id": "OPENVAS:1361412562310805449", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805449", "title": "Google Chrome Multiple Vulnerabilities-01 Feb15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln01_feb15_win.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Google Chrome Multiple Vulnerabilities-01 Feb15 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805449\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-1212\", \"CVE-2015-1211\", \"CVE-2015-1210\", \"CVE-2015-1209\");\n script_bugtraq_id(72497);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-10 18:10:13 +0530 (Tue, 10 Feb 2015)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 Feb15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple unspecified vulnerabilities in Google Chrome.\n\n - The 'OriginCanAccessServiceWorkers' function in\n content/browser/service_worker/service_worker_dispatcher_host.cc script\n does not properly restrict the URI scheme during a ServiceWorker\n registration.\n\n - The 'V8ThrowException::createDOMException' function in\n bindings/core/v8/V8ThrowException.cpp script in the V8 bindings in Blink\n does not properly consider frame access restrictions during the throwing\n of an exception.\n\n - A use-after-free flaw in the 'VisibleSelection::nonBoundaryShadowTreeRootNode'\n function in editing/VisibleSelection.cpp script is triggered when a selection's\n anchor is a shadow root\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers gain elevated privileges, bypass cross-origin policies, to cause a\n denial of service or possibly have unspecified other impact via different\n crafted dimensions.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 40.0.2214.111 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 40.0.2214.111 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/02/stable-update.html\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"40.0.2214.111\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 40.0.2214.111' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:38:03", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2015-02-10T00:00:00", "id": "OPENVAS:1361412562310805450", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805450", "title": "Google Chrome Multiple Vulnerabilities-01 Feb15 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln01_feb15_lin.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Google Chrome Multiple Vulnerabilities-01 Feb15 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805450\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-1212\", \"CVE-2015-1211\", \"CVE-2015-1210\", \"CVE-2015-1209\");\n script_bugtraq_id(72497);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-10 18:17:50 +0530 (Tue, 10 Feb 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 Feb15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple unspecified vulnerabilities in Google Chrome.\n\n - The 'OriginCanAccessServiceWorkers' function in\n content/browser/service_worker/service_worker_dispatcher_host.cc script\n does not properly restrict the URI scheme during a ServiceWorker registration.\n\n - The 'V8ThrowException::createDOMException' function in\n bindings/core/v8/V8ThrowException.cpp script in the V8 bindings in Blink does\n not properly consider frame access restrictions during the throwing of an\n exception.\n\n - A use-after-free flaw in the 'VisibleSelection::nonBoundaryShadowTreeRootNode'\n function in editing/VisibleSelection.cpp script is triggered when a selection's\n anchor is a shadow root\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers gain elevated privileges, bypass cross-origin policies, to cause a\n denial of service or possibly have unspecified other impact via different\n crafted dimensions.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 40.0.2214.111 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 40.0.2214.111 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/02/stable-update.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"40.0.2214.112\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 40.0.2214.111' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:00:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-02-11T00:00:00", "id": "OPENVAS:1361412562310842090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842090", "title": "Ubuntu Update for oxide-qt USN-2495-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for oxide-qt USN-2495-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842090\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-11 05:39:51 +0100 (Wed, 11 Feb 2015)\");\n script_cve_id(\"CVE-2015-1209\", \"CVE-2015-1210\", \"CVE-2015-1211\", \"CVE-2015-1212\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for oxide-qt USN-2495-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A use-after-free bug was discovered in the\nDOM implementation in Blink. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a denial of\nservice via renderer crash or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2015-1209)\n\nIt was discovered that V8 did not properly consider frame access\nrestrictions when throwing exceptions in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to bypass same origin restrictions.\n(CVE-2015-1210)\n\nIt was discovered that Chromium did not properly restrict the URI scheme\nduring ServiceWorker registration. If a user were tricked in to\ndownloading and opening a specially crafted HTML file, an attacker could\npotentially exploit this to bypass security restrictions. (CVE-2015-1211)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1212)\");\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 14.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2495-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2495-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.4.3-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.4.3-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:amd64\", ver:\"1.4.3-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:i386\", ver:\"1.4.3-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:amd64\", ver:\"1.4.3-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:i386\", ver:\"1.4.3-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.4.3-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.4.3-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:amd64\", ver:\"1.4.3-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:i386\", ver:\"1.4.3-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:amd64\", ver:\"1.4.3-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:i386\", ver:\"1.4.3-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:25", "bulletinFamily": "unix", "description": "Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7923, CVE-2014-7926)\n\nA use-after-free was discovered in the IndexedDB implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7924)\n\nA use-after free was discovered in the WebAudio implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7925)\n\nSeveral memory corruption bugs were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7927, CVE-2014-7928, CVE-2014-7931)\n\nSeveral use-after free bugs were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7929, CVE-2014-7930, CVE-2014-7932, CVE-2014-7934)\n\nA use-after free was discovered in FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7933)\n\nMultiple off-by-one errors were discovered in FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7937)\n\nA memory corruption bug was discovered in the fonts implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7938)\n\nIt was discovered that ICU did not initialize memory for a data structure correctly. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7940)\n\nIt was discovered that the fonts implementation did not initialize memory for a data structure correctly. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7942)\n\nAn out-of-bounds read was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-7943)\n\nAn out-of-bounds read was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-7946)\n\nIt was discovered that the AppCache proceeded with caching for SSL sessions even if there is a certificate error. A remote attacker could potentially exploit this by conducting a MITM attack to modify HTML application content. (CVE-2014-7948)\n\nMultiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1205)\n\nMultiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1346)", "modified": "2015-01-26T00:00:00", "published": "2015-01-26T00:00:00", "id": "USN-2476-1", "href": "https://usn.ubuntu.com/2476-1/", "title": "Oxide vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:08:27", "bulletinFamily": "unix", "description": "A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1209)\n\nIt was discovered that V8 did not properly consider frame access restrictions when throwing exceptions in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2015-1210)\n\nIt was discovered that Chromium did not properly restrict the URI scheme during ServiceWorker registration. If a user were tricked in to downloading and opening a specially crafted HTML file, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-1211)\n\nMultiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1212)", "modified": "2015-02-10T00:00:00", "published": "2015-02-10T00:00:00", "id": "USN-2495-1", "href": "https://usn.ubuntu.com/2495-1/", "title": "Oxide vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:09:45", "bulletinFamily": "unix", "description": "USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font patches caused a regression when using LibreOffice Calc. The patches have been temporarily backed out until the regression is investigated.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419)\n\nIt was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-6585, CVE-2014-6591)\n\nIt was discovered that ICU incorrectly handled memory operations when processing regular expressions. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7923, CVE-2014-7926, CVE-2014-9654)\n\nIt was discovered that ICU collator implementation incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7940)", "modified": "2015-03-06T00:00:00", "published": "2015-03-06T00:00:00", "id": "USN-2522-2", "href": "https://usn.ubuntu.com/2522-2/", "title": "ICU regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:55", "bulletinFamily": "unix", "description": "USN-2522-1 fixed vulnerabilities in ICU. On Ubuntu 12.04 LTS, the font patches caused a regression when using LibreOffice Calc. The patches have now been updated to fix the regression.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419)\n\nIt was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-6585, CVE-2014-6591)\n\nIt was discovered that ICU incorrectly handled memory operations when processing regular expressions. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7923, CVE-2014-7926, CVE-2014-9654)\n\nIt was discovered that ICU collator implementation incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7940)", "modified": "2015-03-10T00:00:00", "published": "2015-03-10T00:00:00", "id": "USN-2522-3", "href": "https://usn.ubuntu.com/2522-3/", "title": "ICU vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:23", "bulletinFamily": "unix", "description": "It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419)\n\nIt was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-6585, CVE-2014-6591)\n\nIt was discovered that ICU incorrectly handled memory operations when processing regular expressions. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7923, CVE-2014-7926, CVE-2014-9654)\n\nIt was discovered that ICU collator implementation incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7940)", "modified": "2015-03-05T00:00:00", "published": "2015-03-05T00:00:00", "id": "USN-2522-1", "href": "https://usn.ubuntu.com/2522-1/", "title": "ICU vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:39", "bulletinFamily": "unix", "description": "- CVE-2014-7923 (memory corruption)\nThe Regular Expressions package in International Components for Unicode\n(ICU) 52, allows remote attackers to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact via vectors\nrelated to a (1) zero-length quantifier or (2) look-behind expression.\n\n- CVE-2014-7924 (use-after-free)\nUse-after-free vulnerability in the IndexedDB implementation allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact by triggering duplicate BLOB references.\n\n- CVE-2014-7925 (use-after-free)\nUse-after-free vulnerability in the WebAudio implementation in Blink\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors that trigger an audio-rendering\nthread in which AudioNode data is improperly maintained.\n\n- CVE-2014-7926 (memory corruption)\nThe Regular Expressions package in International Components for Unicode\n(ICU) 52 allows remote attackers to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact via vectors\nrelated to a (1) zero-length quantifier or (2) look-behind expression, a\ndifferent vulnerability than CVE-2014-7923.\n\n- CVE-2014-7927 (memory corruption)\nThe SimplifiedLowering::DoLoadBuffer function in\ncompiler/simplified-lowering.cc in Google V8 does not properly choose an\ninteger data type, which allows remote attackers to cause a denial of\nservice (memory corruption) or possibly have unspecified other impact\nvia crafted JavaScript code.\n\n- CVE-2014-7928 (memory corruption)\nhydrogen.cc in Google V8 does not properly handle arrays with holes,\nwhich allows remote attackers to cause a denial of service (memory\ncorruption) or possibly have unspecified other impact via crafted\nJavaScript code that triggers an array copy.\n\n- CVE-2014-7930 (use-after-free)\nUse-after-free vulnerability in core/events/TreeScopeEventContext.cpp in\nthe DOM implementation in Blink allows remote attackers to cause a\ndenial of service or possibly have unspecified other impact via crafted\nJavaScript code that triggers improper maintenance of TreeScope data.\n\n- CVE-2014-7931 (memory corruption)\nfactory.cc in Google V8 allows remote attackers to cause a denial of\nservice (memory corruption) or possibly have unspecified other impact\nvia crafted JavaScript code that triggers improper maintenance of\nbacking-store pointers.\n\n- CVE-2014-7929 (use-after-free)\nUse-after-free vulnerability in the\nHTMLScriptElement::didMoveToNewDocument function in\ncore/html/HTMLScriptElement.cpp in the DOM implementation in Blink\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors involving movement of a SCRIPT\nelement across documents.\n\n- CVE-2014-7932 (use-after-free)\nUse-after-free vulnerability in the Element::detach function in\ncore/dom/Element.cpp in the DOM implementation in Blink allows remote\nattackers to cause a denial of service or possibly have unspecified\nother impact via vectors involving pending updates of detached elements.\n\n- CVE-2014-7933 (use-after-free)\nUse-after-free vulnerability in the matroska_read_seek function in\nlibavformat/matroskadec.c in FFmpeg before 2.5.1 allows remote attackers\nto cause a denial of service or possibly have unspecified other impact\nvia a crafted Matroska file that triggers improper maintenance of tracks\ndata.\n\n- CVE-2014-7934 (use-after-free)\nUse-after-free vulnerability in the DOM implementation in Blink allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors related to unexpected absence of\ndocument data structures.\n\n- CVE-2014-7935 (use-after-free)\nUse-after-free vulnerability in browser/speech/tts_message_filter.cc in\nthe Speech implementation allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact via vectors involving\nutterances from a closed tab.\n\n- CVE-2014-7936 (use-after-free)\nUse-after-free vulnerability in the ZoomBubbleView::Close function in\nbrowser/ui/views/location_bar/zoom_bubble_view.cc in the Views\nimplementation allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted document that\ntriggers improper maintenance of a zoom bubble.\n\n- CVE-2014-7937 (use-after-free)\nMultiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before\n2.4.2 allow remote attackers to cause a denial of service\n(use-after-free) or possibly have unspecified other impact via crafted\nVorbis I data.\n\n- CVE-2014-7938 (memory corruption)\nThe Fonts implementation allows remote attackers to cause a denial of\nservice (memory corruption) or possibly have unspecified other impact\nvia unknown vectors.\n\n- CVE-2014-7939 (same-origin bypass)\nWhen the Harmony proxy in Google V8 is enabled, allows remote attackers\nto bypass the Same Origin Policy via crafted JavaScript code with\nProxy.create and console.log calls, related to HTTP responses that lack\nan "X-Content-Type-Options: nosniff" header.\n\n- CVE-2014-7940 (uninitialized-value)\nThe collator implementation in i18n/ucol.cpp in International Components\nfor Unicode (ICU) 52 does not initialize memory for a data structure,\nwhich allows remote attackers to cause a denial of service or possibly\nhave unspecified other impact via a crafted character sequence.\n\n- CVE-2014-7941 (out-of-bounds read)\nThe SelectionOwner::ProcessTarget function in\nui/base/x/selection_owner.cc in the UI implementation uses an incorrect\ndata type for a certain length value, which allows remote attackers to\ncause a denial of service (out-of-bounds read) via crafted X11 data.\n\n- CVE-2014-7942 (uninitialized-value)\nThe Fonts implementation does not initialize memory for a data\nstructure, which allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via unknown vectors.\n\n- CVE-2014-7943 (out-of-bounds read)\nSkia allows remote attackers to cause a denial of service (out-of-bounds\nread) via unspecified vectors.\n\n- CVE-2014-7944 (out-of-bounds read)\nThe sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in\nPDFium does not properly handle odd values of image width, which allows\nremote attackers to cause a denial of service (out-of-bounds read) via a\ncrafted PDF document.\n\n- CVE-2014-7945 (out-of-bounds read)\nOpenJPEG before r2908, as used in PDFium, allows remote attackers to\ncause a denial of service (out-of-bounds read) via a crafted PDF\ndocument, related to j2k.c, jp2.c, and t2.c.\n\n- CVE-2014-7946 (out-of-bounds read)\nThe RenderTable::simplifiedNormalFlowLayout function in\ncore/rendering/RenderTable.cpp in Blink skips captions during table\nlayout in certain situations, which allows remote attackers to cause a\ndenial of service (out-of-bounds read) via unspecified vectors related\nto the Fonts implementation.\n\n- CVE-2014-7947 (out-of-bounds read)\nOpenJPEG before r2944, as used in PDFium, allows remote attackers to\ncause a denial of service (out-of-bounds read) via a crafted PDF\ndocument, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.\n\n- CVE-2014-7948 (caching error)\nThe AppCacheUpdateJob::URLFetcher::OnResponseStarted function in\ncontent/browser/appcache/appcache_update_job.cc proceeds with AppCache\ncaching for SSL sessions even if there is an X.509 certificate error,\nwhich allows man-in-the-middle attackers to spoof HTML5 application\ncontent via a crafted certificate.\n\n- CVE-2015-1205 (denial of service)\nMultiple unspecified vulnerabilities allow attackers to cause a\ndenial-of-service or possibly have other impact via unknown vectors.", "modified": "2015-01-25T00:00:00", "published": "2015-01-25T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html", "id": "ASA-201501-21", "title": "chromium: multiple issues", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:39", "bulletinFamily": "unix", "description": "- CVE-2015-1209 (use-after-free)\n\nUse-after-free in DOM, possibly leading to arbitrary code execution.\nCredit to Maksymillian Motyl.\n\n- CVE-2015-1210 (cross-origin bypass)\n\nCross-origin-bypass in V8 bindings allows an attacker to bypass the\nsame-origin policy.\n\n- CVE-2015-1211 (privilege escalation)\n\nPrivilege escalation using service workers.\n\n- CVE-2015-1212\n\nVarious fixes from internal audits, fuzzing and other initiatives,\nfixing unspecified vulnerabilities not disclosed by upstream.", "modified": "2015-02-06T00:00:00", "published": "2015-02-06T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html", "id": "ASA-201502-5", "title": "chromium: multiple issues", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:45", "bulletinFamily": "unix", "description": "\nGoogle Chrome Releases reports:\n\n62 security fixes in this release, including:\n\n[430353] High CVE-2014-7923: Memory corruption in ICU. Credit\n\t to yangdingning.\n[435880] High CVE-2014-7924: Use-after-free in IndexedDB.\n\t Credit to Collin Payne.\n[434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit\n\t to mark.buer.\n[422824] High CVE-2014-7926: Memory corruption in ICU. Credit\n\t to yangdingning.\n[444695] High CVE-2014-7927: Memory corruption in V8. Credit to\n\t Christian Holler.\n[435073] High CVE-2014-7928: Memory corruption in V8. Credit to\n\t Christian Holler.\n[442806] High CVE-2014-7930: Use-after-free in DOM. Credit to\n\t cloudfuzzer.\n[442710] High CVE-2014-7931: Memory corruption in V8. Credit to\n\t cloudfuzzer.\n[443115] High CVE-2014-7929: Use-after-free in DOM. Credit to\n\t cloudfuzzer.\n[429666] High CVE-2014-7932: Use-after-free in DOM. Credit to\n\t Atte Kettunen of OUSPG.\n[427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit\n\t to aohelin.\n[427249] High CVE-2014-7934: Use-after-free in DOM. Credit to\n\t cloudfuzzer.\n[402957] High CVE-2014-7935: Use-after-free in Speech. Credit\n\t to Khalil Zhani.\n[428561] High CVE-2014-7936: Use-after-free in Views. Credit\n\t to Christoph Diehl.\n[419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit\n\t to Atte Kettunen of OUSPG.\n[416323] High CVE-2014-7938: Memory corruption in Fonts. Credit\n\t to Atte Kettunen of OUSPG.\n[399951] High CVE-2014-7939: Same-origin-bypass in V8. Credit\n\t to Takeshi Terada.\n[433866] Medium CVE-2014-7940: Uninitialized-value in ICU.\n\t Credit to miaubiz.\n[428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit\n\t to Atte Kettunen of OUSPG and Christoph Diehl.\n[426762] Medium CVE-2014-7942: Uninitialized-value in Fonts.\n\t Credit to miaubiz.\n[422492] Medium CVE-2014-7943: Out-of-bounds read in Skia.\n\t Credit to Atte Kettunen of OUSPG.\n[418881] Medium CVE-2014-7944: Out-of-bounds read in PDFium.\n\t Credit to cloudfuzzer.\n[414310] Medium CVE-2014-7945: Out-of-bounds read in PDFium.\n\t Credit to cloudfuzzer.\n[414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts.\n\t Credit to miaubiz.\n[430566] Medium CVE-2014-7947: Out-of-bounds read in PDFium.\n\t Credit to fuzztercluck.\n[414026] Medium CVE-2014-7948: Caching error in AppCache.\n\t Credit to jiayaoqijia.\n[449894] CVE-2015-1205: Various fixes from internal audits,\n\t fuzzing and other initiatives.\nMultiple vulnerabilities in V8 fixed at the tip of the 3.30\n\t branch (currently 3.30.33.15).\n\n\n", "modified": "2015-01-21T00:00:00", "published": "2015-01-21T00:00:00", "id": "E30E0C99-A1B7-11E4-B85C-00262D5ED8EE", "href": "https://vuxml.freebsd.org/freebsd/e30e0c99-a1b7-11e4-b85c-00262d5ed8ee.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:14:44", "bulletinFamily": "unix", "description": "\nChrome Releases reports:\n\n11 security fixes in this release, including:\n\n[447906] High CVE-2015-1209: Use-after-free in DOM. Credit to\n\t Maksymillian.\n[453979] High CVE-2015-1210: Cross-origin-bypass in V8\n\t bindings. Credit to anonymous.\n[453982] High CVE-2015-1211: Privilege escalation using service\n\t workers. Credit to anonymous.\n[455225] CVE-2015-1212: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n\n\n", "modified": "2015-02-05T00:00:00", "published": "2015-02-05T00:00:00", "id": "A6EB239F-ADBE-11E4-9FCE-080027593B9A", "href": "https://vuxml.freebsd.org/freebsd/a6eb239f-adbe-11e4-9fce-080027593b9a.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:14:44", "bulletinFamily": "unix", "description": "\nChrome Releases reports:\n\n51 security fixes in this release, including:\n\n[456516] High CVE-2015-1212: Out-of-bounds write in media.\n\t Credit to anonymous.\n[448423] High CVE-2015-1213: Out-of-bounds write in skia\n\t filters. Credit to cloudfuzzer.\n[445810] High CVE-2015-1214: Out-of-bounds write in skia\n\t filters. Credit to cloudfuzzer.\n[445809] High CVE-2015-1215: Out-of-bounds write in skia\n\t filters. Credit to cloudfuzzer.\n[454954] High CVE-2015-1216: Use-after-free in v8 bindings.\n\t Credit to anonymous.\n[456192] High CVE-2015-1217: Type confusion in v8 bindings.\n\t Credit to anonymous.\n[456059] High CVE-2015-1218: Use-after-free in dom.\n\t Credit to cloudfuzzer.\n[446164] High CVE-2015-1219: Integer overflow in webgl.\n\t Credit to Chen Zhang (demi6od) of NSFOCUS Security Team.\n[437651] High CVE-2015-1220: Use-after-free in gif decoder.\n\t Credit to Aki Helin of OUSPG.\n[455368] High CVE-2015-1221: Use-after-free in web databases.\n\t Credit to Collin Payne.\n[448082] High CVE-2015-1222: Use-after-free in service workers.\n\t Credit to Collin Payne.\n[454231] High CVE-2015-1223: Use-after-free in dom.\n\t Credit to Maksymillian Motyl.\nHigh CVE-2015-1230: Type confusion in v8.\n\t Credit to Skylined working with HP's Zero Day Initiative.\n[449958] Medium CVE-2015-1224: Out-of-bounds read in vpxdecoder.\n\t Credit to Aki Helin of OUSPG.\n[446033] Medium CVE-2015-1225: Out-of-bounds read in pdfium.\n\t Credit to cloudfuzzer.\n[456841] Medium CVE-2015-1226: Validation issue in debugger.\n\t Credit to Rob Wu.\n[450389] Medium CVE-2015-1227: Uninitialized value in blink.\n\t Credit to Christoph Diehl.\n[444707] Medium CVE-2015-1228: Uninitialized value in rendering.\n\t Credit to miaubiz.\n[431504] Medium CVE-2015-1229: Cookie injection via proxies.\n\t Credit to iliwoy.\n[463349] CVE-2015-1231: Various fixes from internal audits,\n\t fuzzing, and other initiatives.\n\n\n", "modified": "2015-03-03T00:00:00", "published": "2015-03-03T00:00:00", "id": "8505E013-C2B3-11E4-875D-000C6E25E3E9", "href": "https://vuxml.freebsd.org/freebsd/8505e013-c2b3-11e4-875d-000c6e25e3e9.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:40:48", "bulletinFamily": "unix", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2014-7923, CVE-2014-7924, CVE-2014-7925, CVE-2014-7926,\nCVE-2014-7927, CVE-2014-7928, CVE-2014-7929, CVE-2014-7930, CVE-2014-7931,\nCVE-2014-7932, CVE-2014-7933, CVE-2014-7934, CVE-2014-7935, CVE-2014-7936,\nCVE-2014-7937, CVE-2014-7938, CVE-2014-7939, CVE-2014-7940, CVE-2014-7941,\nCVE-2014-7942, CVE-2014-7943, CVE-2014-7944, CVE-2014-7945, CVE-2014-7946,\nCVE-2014-7947, CVE-2014-7948)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 40.0.2214.91, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.\n", "modified": "2018-06-07T09:04:29", "published": "2015-01-27T05:00:00", "id": "RHSA-2015:0093", "href": "https://access.redhat.com/errata/RHSA-2015:0093", "type": "redhat", "title": "(RHSA-2015:0093) Important: chromium-browser security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T19:42:20", "bulletinFamily": "unix", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2015-1209, CVE-2015-1210, CVE-2015-1211, CVE-2015-1212)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 40.0.2214.111, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.\n", "modified": "2018-06-07T09:04:33", "published": "2015-02-10T05:00:00", "id": "RHSA-2015:0163", "href": "https://access.redhat.com/errata/RHSA-2015:0163", "type": "redhat", "title": "(RHSA-2015:0163) Important: chromium-browser security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T22:57:30", "bulletinFamily": "info", "description": "Google pushed out on Wednesday a new version of its Chrome browser (40.0.2214.91) and along with it paid out more than two dozen bounties, including 16 for memory corruption vulnerabilities.\n\nIn all, [62 security vulnerabilities were patched](<http://googlechromereleases.blogspot.ro/2015/01/stable-update.html>), 17 of those considered high severity bugs by Google.\n\nMost of those high-severity vulnerabilities were memory corruption or [use-after-free vulnerabilities](<http://threatpost.com/bypass-demonstrated-for-microsoft-use-after-free-mitigation-in-ie/110570>) in a number of Chrome components, including ICU, V8, FFmpeg and DOM.\n\nA researcher credited as cloudfuzzer cashed in with $12,000 worth of bounties, including three critical bugs. Another reporter known as yangdingning was awarded $9,000 for his finds.\n\nHere is the list of public vulnerabilities patched in Chrome 40.\n\n[$5000][[430353](<https://code.google.com/p/chromium/issues/detail?id=430353>)] **High** CVE-2014-7923: Memory corruption in ICU. _Credit to yangdingning._ \n[$4500][[435880](<https://code.google.com/p/chromium/issues/detail?id=435880>)] **High** CVE-2014-7924: Use-after-free in IndexedDB. _Credit to Collin Payne._ \n[$4000][[434136](<https://code.google.com/p/chromium/issues/detail?id=434136>)] **High** CVE-2014-7925: Use-after-free in WebAudio. _Credit to mark.buer._ \n[$4000][[422824](<https://code.google.com/p/chromium/issues/detail?id=422824>)] **High** CVE-2014-7926: Memory corruption in ICU. _Credit to yangdingning._ \n[$3500][[444695](<https://code.google.com/p/chromium/issues/detail?id=444695>)] **High** CVE-2014-7927: Memory corruption in V8. _Credit to Christian Holler._ \n[$3500][[435073](<https://code.google.com/p/chromium/issues/detail?id=435073>)] **High** CVE-2014-7928: Memory corruption in V8. _Credit to Christian Holler._ \n[$3000][[442806](<https://code.google.com/p/chromium/issues/detail?id=442806>)] **High** CVE-2014-7930: Use-after-free in DOM. _Credit to cloudfuzzer._ \n[$3000][[442710](<https://code.google.com/p/chromium/issues/detail?id=442710>)] **High** CVE-2014-7931: Memory corruption in V8. _Credit to cloudfuzzer._ \n[$2000][[443115](<https://code.google.com/p/chromium/issues/detail?id=443115>)] **High** CVE-2014-7929: Use-after-free in DOM. _Credit to cloudfuzzer._ \n[$2000][[429666](<https://code.google.com/p/chromium/issues/detail?id=429666>)] **High** CVE-2014-7932: Use-after-free in DOM. _Credit to Atte Kettunen of OUSPG._ \n[$2000][[427266](<https://code.google.com/p/chromium/issues/detail?id=427266>)] **High** CVE-2014-7933: Use-after-free in FFmpeg. _Credit to aohelin._ \n[$2000][[427249](<https://code.google.com/p/chromium/issues/detail?id=427249>)] **High** CVE-2014-7934: Use-after-free in DOM. _Credit to cloudfuzzer._ \n[$2000][[402957](<https://code.google.com/p/chromium/issues/detail?id=402957>)] **High** CVE-2014-7935: Use-after-free in Speech. _Credit to Khalil Zhani._ \n[$1500][[428561](<https://code.google.com/p/chromium/issues/detail?id=428561>)] **High** CVE-2014-7936: Use-after-free in Views. _Credit to Christoph Diehl._ \n[$1500][[419060](<https://code.google.com/p/chromium/issues/detail?id=419060>)] **High** CVE-2014-7937: Use-after-free in FFmpeg. _Credit to Atte Kettunen of OUSPG._ \n[$1000][[416323](<https://code.google.com/p/chromium/issues/detail?id=416323>)] **High** CVE-2014-7938: Memory corruption in Fonts. _Credit to Atte Kettunen of OUSPG._ \n[$1000][[399951](<https://code.google.com/p/chromium/issues/detail?id=399951>)] **High** CVE-2014-7939: Same-origin-bypass in V8. _Credit to Takeshi Terada._ \n[$1000][[433866](<https://code.google.com/p/chromium/issues/detail?id=433866>)] **Medium** CVE-2014-7940: Uninitialized-value in ICU. _Credit to miaubiz._ \n[$1000][[428557](<https://code.google.com/p/chromium/issues/detail?id=428557>)] **Medium** CVE-2014-7941: Out-of-bounds read in UI. _Credit to Atte Kettunen of OUSPG and Christoph Diehl._ \n[$1000][[426762](<https://code.google.com/p/chromium/issues/detail?id=426762>)] **Medium** CVE-2014-7942: Uninitialized-value in Fonts. _Credit to miaubiz._ \n[$1000][[422492](<https://code.google.com/p/chromium/issues/detail?id=422492>)] **Medium** CVE-2014-7943: Out-of-bounds read in Skia. _Credit to Atte Kettunen of OUSPG._ \n[$1000][[418881](<https://code.google.com/p/chromium/issues/detail?id=418881>)] **Medium** CVE-2014-7944: Out-of-bounds read in PDFium. _Credit to cloudfuzzer._ \n[$1000][[414310](<https://code.google.com/p/chromium/issues/detail?id=414310>)] **Medium** CVE-2014-7945: Out-of-bounds read in PDFium. _Credit to cloudfuzzer._ \n[$1000][[414109](<https://code.google.com/p/chromium/issues/detail?id=414109>)] **Medium** CVE-2014-7946: Out-of-bounds read in Fonts. _Credit to miaubiz._\n\n[$500][[430566](<https://code.google.com/p/chromium/issues/detail?id=430566>)] **Medium** CVE-2014-7947: Out-of-bounds read in PDFium. _Credit to fuzztercluck._ \n[$500][[414026](<https://code.google.com/p/chromium/issues/detail?id=414026>)] **Medium** CVE-2014-7948: Caching error in AppCache. _Credit to jiayaoqijia._\n\nGoogle said it awarded an additional $35,000 in bounties to Atte Kettunen of OUSPG, Christian Holler, cloudfuzzer and Khalil Zhani for work done during the development cycle to keep vulnerabilities out of the stable release.\n\nThis is the first Chrome release of the year; in November, [Chrome 39](<http://threatpost.com/google-removes-sslv3-fallback-support-from-chrome/109455>) was released and included removal of support for the fallback to SSL 3.0, the target of the POODLE attack.\n", "modified": "2015-01-27T15:10:55", "published": "2015-01-22T12:45:41", "id": "THREATPOST:07D5CDF62B74AB909C2F522C97F98BDF", "href": "https://threatpost.com/chrome-40-patches-62-security-vulnerabilities-pays-bounties-aplenty/110594/", "type": "threatpost", "title": "Chrome 40 Patches 62 Security Vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-06T22:57:16", "bulletinFamily": "info", "description": "Google released the latest build of its browser Tuesday, Chrome 41.0.2272.76, patching 51 different bugs and paying out over $50,000 in bounties.\n\nGoogle paid bounties for 18 bugs ranging from medium to high severity. The bounties for all of the vulnerabilities totaled $52,000.\n\n13 of those bugs came marked with a severity rating of high and largely stem from either an out-of-bounds, use-after-free or integer overflow vulnerability.\n\n[According to a blog](<http://googlechromereleases.blogspot.ro/2015/03/stable-channel-update.html>) posted by Google\u2019s Penny MacNeil yesterday, Chrome\u2019s team also implemented a handful of fixes from internal audits and fuzzing. Additionally, Chrome developers also made updates to the company\u2019s open source JavaScript engine, V8.\n\nHere\u2019s the full rundown of bugs contributed by external researchers fixed in this edition of Chrome:\n\n[$7500][[456516](<https://code.google.com/p/chromium/issues/detail?id=456516>)] **High** CVE-2015-1212: Out-of-bounds write in media. Credit to anonymous. \n[$5000][[448423](<https://code.google.com/p/chromium/issues/detail?id=448423>)] **High** CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer. \n[$5000][[445810](<https://code.google.com/p/chromium/issues/detail?id=445810>)] **High** CVE-2015-1214: Out-of-bounds write in skia filters. Credit to cloudfuzzer. \n[$5000][[445809](<https://code.google.com/p/chromium/issues/detail?id=445809>)] **High** CVE-2015-1215: Out-of-bounds write in skia filters. Credit to cloudfuzzer. \n[$4000][[454954](<https://code.google.com/p/chromium/issues/detail?id=454954>)] **High** CVE-2015-1216: Use-after-free in v8 bindings. Credit to anonymous. \n[$3000][[456192](<https://code.google.com/p/chromium/issues/detail?id=456192>)] **High** CVE-2015-1217: Type confusion in v8 bindings. Credit to anonymous. \n[$3000][[456059](<https://code.google.com/p/chromium/issues/detail?id=456059>)] **High** CVE-2015-1218: Use-after-free in dom. Credit to cloudfuzzer. \n[$3000][[446164](<https://code.google.com/p/chromium/issues/detail?id=446164>)] **High** CVE-2015-1219: Integer overflow in webgl. Credit to Chen Zhang (demi6od) of NSFOCUS Security Team. \n[$3000][[437651](<https://code.google.com/p/chromium/issues/detail?id=437651>)] **High** CVE-2015-1220: Use-after-free in gif decoder. Credit to Aki Helin of OUSPG. \n[$2500][[455368](<https://code.google.com/p/chromium/issues/detail?id=455368>)] **High** CVE-2015-1221: Use-after-free in web databases. Credit to Collin Payne. \n[$2500][[448082](<https://code.google.com/p/chromium/issues/detail?id=448082>)] **High** CVE-2015-1222: Use-after-free in service workers. Credit to Collin Payne. \n[$2000][[454231](<https://code.google.com/p/chromium/issues/detail?id=454231>)] **High** CVE-2015-1223: Use-after-free in dom. Credit to Maksymillian Motyl. \n[[449610](<https://code.google.com/p/chromium/issues/detail?id=449610>)] **High** CVE-2015-1230: Type confusion in v8. Credit to Skylined working with HP\u2019s Zero Day Initiative. \n[$2000][[449958](<https://code.google.com/p/chromium/issues/detail?id=449958>)] **Medium** CVE-2015-1224: Out-of-bounds read in vpxdecoder. Credit to Aki Helin of OUSPG. \n[$1000][[446033](<https://code.google.com/p/chromium/issues/detail?id=446033>)] **Medium** CVE-2015-1225: Out-of-bounds read in pdfium. Credit to cloudfuzzer. \n[$1000][[456841](<https://code.google.com/p/chromium/issues/detail?id=456841>)] **Medium** CVE-2015-1226: Validation issue in debugger. Credit to Rob Wu. \n[$1000][[450389](<https://code.google.com/p/chromium/issues/detail?id=450389>)] **Medium** CVE-2015-1227: Uninitialized value in blink. Credit to Christoph Diehl. \n[$1000][[444707](<https://code.google.com/p/chromium/issues/detail?id=444707>)] **Medium** CVE-2015-1228: Uninitialized value in rendering. Credit to miaubiz. \n[$500][[431504](<https://code.google.com/p/chromium/issues/detail?id=431504>)] **Medium** CVE-2015-1229: Cookie injection via proxies. Credit to iliwoy.\n\nThose looking for a full list of changes can find them in the [Chromium changelog](<https://chromium.googlesource.com/chromium/src/+log/40.0.2214.115..41.0.2272.76?pretty=fuller&n=10000>).\n\nA Google spokesperson on Wednesday claimed that the way Android connects to most websites, including Google sites and others without export certificates are not subject to the [FREAK flaw](<http://threatpost.com/new-freak-attack-threatens-many-ssl-clients/111390>) that\u2019s dominated headlines this week. The flaw enables attackers to downgrade their victims\u2019 SSL clients RSA key and compromise their connections with a man-in-the-middle attack.\n\n\u201cWe encourage all websites to disable support for export certificates, Google said before adding that its \u201cdeveloped a patch to protect Android\u2019s connection to sites that do expose export certs and that patch has been provided to partners.\u201d\n", "modified": "2015-03-04T18:59:59", "published": "2015-03-04T13:58:40", "id": "THREATPOST:DD4B8BE5C0517D67B4F100DACE2F22CB", "href": "https://threatpost.com/google-fixes-51-bugs-in-chrome-41/111428/", "type": "threatpost", "title": "Google Fixes 51 Bugs in Chrome 41", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:06:50", "bulletinFamily": "unix", "description": "chromium was updated to version 40.0.2214.111 to fix 31 vulnerabilities.\n\n These security issues were fixed:\n - CVE-2015-1209: Use-after-free in DOM (bnc#916841).\n - CVE-2015-1210: Cross-origin-bypass in V8 bindings (bnc#916843).\n - CVE-2015-1211: Privilege escalation using service workers (bnc#916838).\n - CVE-2015-1212: Various fixes from internal audits, fuzzing and other\n initiatives (bnc#916840).\n - CVE-2014-7923: Memory corruption in ICU (bnc#914468).\n - CVE-2014-7924: Use-after-free in IndexedDB (bnc#914468).\n - CVE-2014-7925: Use-after-free in WebAudio (bnc#914468).\n - CVE-2014-7926: Memory corruption in ICU (bnc#914468).\n - CVE-2014-7927: Memory corruption in V8 (bnc#914468).\n - CVE-2014-7928: Memory corruption in V8 (bnc#914468).\n - CVE-2014-7930: Use-after-free in DOM (bnc#914468).\n - CVE-2014-7931: Memory corruption in V8 (bnc#914468).\n - CVE-2014-7929: Use-after-free in DOM (bnc#914468).\n - CVE-2014-7932: Use-after-free in DOM (bnc#914468).\n - CVE-2014-7933: Use-after-free in FFmpeg (bnc#914468).\n - CVE-2014-7934: Use-after-free in DOM (bnc#914468).\n - CVE-2014-7935: Use-after-free in Speech (bnc#914468).\n - CVE-2014-7936: Use-after-free in Views (bnc#914468).\n - CVE-2014-7937: Use-after-free in FFmpeg (bnc#914468).\n - CVE-2014-7938: Memory corruption in Fonts (bnc#914468).\n - CVE-2014-7939: Same-origin-bypass in V8 (bnc#914468).\n - CVE-2014-7940: Uninitialized-value in ICU (bnc#914468).\n - CVE-2014-7941: Out-of-bounds read in UI (bnc#914468).\n - CVE-2014-7942: Uninitialized-value in Fonts (bnc#914468).\n - CVE-2014-7943: Out-of-bounds read in Skia\n - CVE-2014-7944: Out-of-bounds read in PDFium\n - CVE-2014-7945: Out-of-bounds read in PDFium\n - CVE-2014-7946: Out-of-bounds read in Fonts\n - CVE-2014-7947: Out-of-bounds read in PDFium\n - CVE-2014-7948: Caching error in AppCache\n - CVE-2015-1205: Various fixes from internal audits, fuzzing and other\n initiatives\n\n These non-security issues were fixed:\n - Fix using 'echo' command in chromium-browser.sh script\n\n", "modified": "2015-03-06T13:04:51", "published": "2015-03-06T13:04:51", "id": "OPENSUSE-SU-2015:0441-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html", "type": "suse", "title": "Security update for chromium (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:14:55", "bulletinFamily": "unix", "description": "Chromium was updated to 41.0.2272.76 (bnc#920825)\n\n Security fixes:\n * CVE-2015-1212: Out-of-bounds write in media\n * CVE-2015-1213: Out-of-bounds write in skia filters\n * CVE-2015-1214: Out-of-bounds write in skia filters\n * CVE-2015-1215: Out-of-bounds write in skia filters\n * CVE-2015-1216: Use-after-free in v8 bindings\n * CVE-2015-1217: Type confusion in v8 bindings\n * CVE-2015-1218: Use-after-free in dom\n * CVE-2015-1219: Integer overflow in webgl\n * CVE-2015-1220: Use-after-free in gif decoder\n * CVE-2015-1221: Use-after-free in web databases\n * CVE-2015-1222: Use-after-free in service workers\n * CVE-2015-1223: Use-after-free in dom\n * CVE-2015-1230: Type confusion in v8\n * CVE-2015-1224: Out-of-bounds read in vpxdecoder\n * CVE-2015-1225: Out-of-bounds read in pdfium\n * CVE-2015-1226: Validation issue in debugger\n * CVE-2015-1227: Uninitialized value in blink\n * CVE-2015-1228: Uninitialized value in rendering\n * CVE-2015-1229: Cookie injection via proxies\n * CVE-2015-1231: Various fixes from internal audits\n * Multiple vulnerabilities in V8 fixed at the tip of the 4.1 branch\n\n", "modified": "2015-03-16T16:05:28", "published": "2015-03-16T16:05:28", "id": "OPENSUSE-SU-2015:0505-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00019.html", "type": "suse", "title": "Security update to Chromium 41.0.2272.76 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2017-04-18T15:55:22", "bulletinFamily": "NVD", "description": "The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors related to the Fonts implementation.", "modified": "2017-01-02T21:59:15", "published": "2015-01-22T17:59:26", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7946", "id": "CVE-2014-7946", "title": "CVE-2014-7946", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:55:22", "bulletinFamily": "NVD", "description": "The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.", "modified": "2017-01-02T21:59:13", "published": "2015-01-22T17:59:08", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7927", "id": "CVE-2014-7927", "title": "CVE-2014-7927", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:55:22", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures.", "modified": "2017-01-02T21:59:14", "published": "2015-01-22T17:59:15", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7934", "id": "CVE-2014-7934", "title": "CVE-2014-7934", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:55:22", "bulletinFamily": "NVD", "description": "hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy.", "modified": "2017-01-02T21:59:13", "published": "2015-01-22T17:59:09", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7928", "id": "CVE-2014-7928", "title": "CVE-2014-7928", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:55:22", "bulletinFamily": "NVD", "description": "Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.", "modified": "2017-01-02T21:59:14", "published": "2015-01-22T17:59:18", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7937", "id": "CVE-2014-7937", "title": "CVE-2014-7937", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:55:22", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving pending updates of detached elements.", "modified": "2017-01-02T21:59:13", "published": "2015-01-22T17:59:13", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7932", "id": "CVE-2014-7932", "title": "CVE-2014-7932", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:55:22", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of TreeScope data.", "modified": "2017-01-02T21:59:13", "published": "2015-01-22T17:59:11", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7930", "id": "CVE-2014-7930", "title": "CVE-2014-7930", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:55:23", "bulletinFamily": "NVD", "description": "The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate.", "modified": "2017-01-02T21:59:15", "published": "2015-01-22T17:59:27", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7948", "id": "CVE-2014-7948", "title": "CVE-2014-7948", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-01T05:14:37", "bulletinFamily": "NVD", "description": "The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.", "modified": "2018-10-30T12:27:35", "published": "2015-01-22T17:59:00", "id": "CVE-2014-7923", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7923", "title": "CVE-2014-7923", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:14:37", "bulletinFamily": "NVD", "description": "Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.", "modified": "2018-10-30T12:27:35", "published": "2015-01-22T17:59:23", "id": "CVE-2014-7943", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7943", "title": "CVE-2014-7943", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:16", "bulletinFamily": "unix", "description": "### Background\n\nChromium is an open-source web browser project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to cause a Denial of Service condition, gain privileges via a filesystem: URI, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-40.0.2214.111\"", "modified": "2015-02-17T00:00:00", "published": "2015-02-17T00:00:00", "id": "GLSA-201502-13", "href": "https://security.gentoo.org/glsa/201502-13", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:03", "bulletinFamily": "unix", "description": "### Background\n\nICU is a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. \n\n### Description\n\nMultiple vulnerabilities have been discovered in ICU. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker can cause Denial of Service.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ICU users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/icu-54.1-r1\"", "modified": "2015-03-14T00:00:00", "published": "2015-03-14T00:00:00", "id": "GLSA-201503-06", "href": "https://security.gentoo.org/glsa/201503-06", "type": "gentoo", "title": "ICU: Multiple Vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2019-02-15T12:33:38", "bulletinFamily": "info", "description": "### *Detect date*:\n02/06/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. By exploiting these vulnerabilities malicious users can gain privilleges, bypass security and cause denial of service.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 40.0.2214.111\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Google Chrome](<https://www.google.ru/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Google blog](<http://googlechromereleases.blogspot.ru/2015/02/stable-channel-update.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2015-1211](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1211>) \n[CVE-2015-1209](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1209>) \n[CVE-2015-1210](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1210>)", "modified": "2019-02-13T00:00:00", "published": "2015-02-06T00:00:00", "id": "KLA10443", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10443", "title": "\r KLA10443Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-15T12:35:06", "bulletinFamily": "info", "description": "### *Detect date*:\n03/03/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple critical vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions or inject arbitrary code.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 41.0.2272.76\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk.\n\n### *Original advisories*:\n[Google blog entry](<http://googlechromereleases.blogspot.ru/2015/03/stable-channel-update.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2015-1223](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1223>) \n[CVE-2015-1222](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1222>) \n[CVE-2015-1218](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1218>) \n[CVE-2015-1230](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1230>) \n[CVE-2015-1227](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1227>) \n[CVE-2015-1226](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1226>) \n[CVE-2015-1225](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1225>) \n[CVE-2015-1224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1224>) \n[CVE-2015-1221](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1221>) \n[CVE-2015-1213](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1213>) \n[CVE-2015-1212](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1212>) \n[CVE-2015-1228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1228>) \n[CVE-2015-1229](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1229>) \n[CVE-2015-1214](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1214>) \n[CVE-2015-1220](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1220>) \n[CVE-2015-1219](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1219>) \n[CVE-2015-1217](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1217>) \n[CVE-2015-1215](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1215>) \n[CVE-2015-1216](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1216>)", "modified": "2019-02-13T00:00:00", "published": "2015-03-03T00:00:00", "id": "KLA10463", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10463", "title": "\r KLA10463Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:50:00", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3187-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMarch 15, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icu\nCVE ID : CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419\n CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926\n CVE-2014-7940 CVE-2014-9654\nDebian Bug : 775884 776264 776265 776719\n\nSeveral vulnerabilities were discovered in the International Components\nfor Unicode (ICU) library.\n\nCVE-2013-1569\n\n Glyph table issue.\n\nCVE-2013-2383\n\n Glyph table issue.\n\nCVE-2013-2384\n\n Font layout issue.\n\nCVE-2013-2419\n\n Font processing issue.\n\nCVE-2014-6585\n\n Out-of-bounds read.\n\nCVE-2014-6591\n\n Additional out-of-bounds reads.\n\nCVE-2014-7923\n\n Memory corruption in regular expression comparison.\n\nCVE-2014-7926\n\n Memory corruption in regular expression comparison.\n\nCVE-2014-7940\n\n Uninitialized memory.\n\nCVE-2014-9654\n\n More regular expression flaws.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 4.8.1.1-12+deb7u2.\n\nFor the upcoming stable (jessie) and unstable (sid) distributions, these\nproblems have been fixed in version 52.1-7.1.\n\nWe recommend that you upgrade your icu packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-03-15T05:02:46", "published": "2015-03-15T05:02:46", "id": "DEBIAN:DSA-3187-1:97BB3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00072.html", "title": "[SECURITY] [DSA 3187-1] icu security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:42", "bulletinFamily": "unix", "description": "Package : icu\nVersion : 4.4.1-8+squeeze3\nCVE ID : CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419\n CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926\n CVE-2014-7940 CVE-2014-9654\n\nSeveral vulnerabilities were discovered in the International Components\nfor Unicode (ICU) library:\n\nCVE-2013-1569\n\n Glyph table issue.\n\nCVE-2013-2383\n\n Glyph table issue.\n\nCVE-2013-2384\n\n Font layout issue.\n\nCVE-2013-2419\n\n Font processing issue.\n\nCVE-2014-6585\n\n Out-of-bounds read.\n\nCVE-2014-6591\n\n Additional out-of-bounds reads.\n\nCVE-2014-7923\n\n Memory corruption in regular expression comparison.\n\nCVE-2014-7926\n\n Memory corruption in regular expression comparison.\n\nCVE-2014-7940\n\n Uninitialized memory.\n\nCVE-2014-9654\n\n More regular expression flaws.\n\nFor Debian 6 \u201cSqueeze\u201d, these issues have been fixed in icu version\n4.4.1-8+squeeze3.\n", "modified": "2015-05-14T09:45:48", "published": "2015-05-14T09:45:48", "id": "DEBIAN:DLA-219-1:C7AC1", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201505/msg00003.html", "title": "[SECURITY] [DLA 219-1] icu security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T13:48:30", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3189-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 15, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libav\nCVE ID : CVE-2014-7933 CVE-2014-8543 CVE-2014-8544 CVE-2014-8547 \n CVE-2014-8548 CVE-2014-9604\n\nSeveral security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.17\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6:0.8.17-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6:11.3-1.\n\nWe recommend that you upgrade your libav packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-03-15T19:49:57", "published": "2015-03-15T19:49:57", "id": "DEBIAN:DSA-3189-1:D7FDF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00074.html", "title": "[SECURITY] [DSA 3189-1] libav security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}