Chrome Universal XSS using an intercepted native function (CVE-2016-1672)
2017-04-24T00:00:00
ID SSV:93023 Type seebug Reporter Root Modified 2017-04-24T00:00:00
Description
VULNERABILITY DETAILS
The fix for the issue 546677 is insufficient to protect against overriding the internal extensions code -- it is still possible to take over the built-in extension system with a combination of getters and setters. This allows web content to gain access to native functions that may be misused, for example |user_gestures. RunWithUserGesture| can be leveraged to create new pages at an arbitrary javascript execution point, effectively bypassing ScopedPageLoadDeferrer.
{"type": "seebug", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "_object_type": "robots.models.seebug.SeebugBulletin", "viewCount": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-1672"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_1A6BBB9524B811E6BD313065EC8FD3EC.NASL", "REDHAT-RHSA-2016-1190.NASL", "MACOSX_GOOGLE_CHROME_51_0_2704_63.NASL", "GOOGLE_CHROME_51_0_2704_63.NASL", "OPENSUSE-2016-652.NASL", "GENTOO_GLSA-201607-07.NASL", "OPENSUSE-2016-682.NASL", "DEBIAN_DSA-3590.NASL"]}, {"type": "freebsd", "idList": ["1A6BBB95-24B8-11E6-BD31-3065EC8FD3EC"]}, {"type": "redhat", "idList": ["RHSA-2016:1190"]}, {"type": "threatpost", "idList": ["THREATPOST:B36AB6343785674ABA567F7D7483C4E0"]}, {"type": "archlinux", "idList": ["ASA-201605-28"]}, {"type": "gentoo", "idList": ["GLSA-201607-07"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851321", "OPENVAS:1361412562310807333", "OPENVAS:1361412562310807334", "OPENVAS:1361412562310807336", "OPENVAS:1361412562310703590", "OPENVAS:703590", "OPENVAS:1361412562310851325"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1430-1", "OPENSUSE-SU-2016:1433-1", "OPENSUSE-SU-2016:1496-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3590-1:B6DFB"]}], "modified": "2017-11-19T11:58:10"}, "vulnersScore": 7.5}, "reporter": "Root", "title": "Chrome Universal XSS using an intercepted native function (CVE-2016-1672)", "objectVersion": "1.4", "cvelist": ["CVE-2016-1672"], "bulletinFamily": "exploit", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "references": [], "enchantments_done": [], "modified": "2017-04-24T00:00:00", "description": "#### VULNERABILITY DETAILS\n\nThe fix for the issue 546677 is insufficient to protect against overriding the internal extensions code -- it is still possible to take over the built-in extension system with a combination of getters and setters. This allows web content to gain access to native functions that may be misused, for example |user_gestures. RunWithUserGesture| can be leveraged to create new pages at an arbitrary javascript execution point, effectively bypassing ScopedPageLoadDeferrer.\n\n#### VERSION\n\nChrome 48.0.2564.116 (Stable) \nChrome 49.0.2623.64 (Beta) \nChrome 50.0.2657.0 (Dev) \nChromium 50.0.2660.0 + Pepper Flash (Release build compiled today)\n\nAttachment: [CVE-2016-1672](<http://paper.seebug.org/papers/Archive/poc/CVE-2016-1672.zip>)\n", "href": "https://www.seebug.org/vuldb/ssvid-93023", "history": [], "id": "SSV:93023", "status": "cve,details", "lastseen": "2017-11-19T11:58:10", "sourceData": "", "published": "2017-04-24T00:00:00"}
{"cve": [{"lastseen": "2018-11-01T05:15:35", "bulletinFamily": "NVD", "description": "The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors.", "modified": "2018-10-30T12:27:35", "published": "2016-06-05T19:59:00", "id": "CVE-2016-1672", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1672", "title": "CVE-2016-1672", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-11-13T17:09:43", "bulletinFamily": "scanner", "description": "Google Chrome Releases reports :\n\n42 security fixes in this release\n\nPlease reference CVE/URL list for details", "modified": "2018-11-10T00:00:00", "published": "2016-05-31T00:00:00", "id": "FREEBSD_PKG_1A6BBB9524B811E6BD313065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91370", "title": "FreeBSD : chromium -- multiple vulnerabilities (1a6bbb95-24b8-11e6-bd31-3065ec8fd3ec)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91370);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:45\");\n\n script_cve_id(\"CVE-2016-1672\", \"CVE-2016-1673\", \"CVE-2016-1674\", \"CVE-2016-1675\", \"CVE-2016-1677\", \"CVE-2016-1678\", \"CVE-2016-1679\", \"CVE-2016-1680\", \"CVE-2016-1681\", \"CVE-2016-1682\", \"CVE-2016-1685\", \"CVE-2016-1686\", \"CVE-2016-1687\", \"CVE-2016-1688\", \"CVE-2016-1689\", \"CVE-2016-1690\", \"CVE-2016-1691\", \"CVE-2016-1692\", \"CVE-2016-1693\", \"CVE-2016-1694\", \"CVE-2016-1695\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (1a6bbb95-24b8-11e6-bd31-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n42 security fixes in this release\n\nPlease reference CVE/URL list for details\"\n );\n # http://googlechromereleases.blogspot.nl/2016/05/stable-channel-update_25.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1546e55e\"\n );\n # https://vuxml.freebsd.org/freebsd/1a6bbb95-24b8-11e6-bd31-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15726383\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<51.0.2704.63\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<51.0.2704.63\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<51.0.2704.63\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:24:10", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Mac OS X host is\nprior to 51.0.2704.63. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple unspecified flaws exist in extension bindings\n that allow a remote attacker to bypass the same-origin\n policy. No other details are available. (CVE-2016-1672,\n CVE-2016-1676)\n\n - Multiple unspecified flaws exist in Blink that allow a\n remote attacker to bypass the same-origin policy. No\n other details are available. (CVE-2016-1673,\n CVE-2016-1675)\n\n - An unspecified flaw exists in Extensions that allows a\n remote attacker to bypass the same-origin policy.\n No other details are available. (CVE-2016-1674)\n\n - An unspecified type confusion error exists in V8\n decodeURI that allows a remote attacker to disclose\n potentially sensitive information. (CVE-2016-1677)\n\n - A heap buffer overflow condition exists in V8 due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-1678)\n\n - A heap use-after-free error exists in V8 bindings that\n allows a remote attacker to deference already freed\n memory and execute arbitrary code. (CVE-2016-1679)\n\n - A heap use-after-free error exists in Google Skia that\n allows a remote attacker to deference already freed\n memory and execute arbitrary code. (CVE-2016-1680)\n\n - A buffer overflow condition exists in OpenJPEG in the\n opj_j2k_read_SPCod_SPCoc() function within file j2k.c\n due to improper validation of user-supplied input. A\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2016-1681)\n\n - An unspecified flaw exists in ServiceWorker that allows\n a remote attacker to bypass the Content Security Policy\n (CSP). No other details are available. (CVE-2016-1682)\n\n - An unspecified out-of-bounds access error exists in\n libxslt that allows a remote attacker to have an\n unspecified impact. (CVE-2016-1683)\n\n - An integer overflow condition exists in libxslt that\n allows a remote attacker to have an unspecified impact.\n (CVE-2016-1684)\n\n - Multiple out-of-bounds read errors exist in PDFium that\n allow a remote attacker to cause a denial of service\n condition or disclose potentially sensitive information.\n (CVE-2016-1685, CVE-2016-1686)\n\n - An unspecified flaw exists in Extensions that allows a\n remote attacker to disclose potentially sensitive\n information. No other details are available.\n (CVE-2016-1687)\n\n - An out-of-bounds read error exists in V8 that allows a\n remote attacker to cause a denial of service condition\n or disclose potentially sensitive information.\n (CVE-2016-1688)\n\n - A heap buffer overflow condition exists in Media due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2016-1689)\n\n - A heap use-after-free error exists in Autofill that\n allows a remote attacker to execute arbitrary code.\n (CVE-2016-1690)\n\n - A heap buffer overflow condition exists in Google Skia\n due to improper validation of user-supplied input. A\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2016-1691)\n\n - An unspecified flaw exists in ServiceWorker that allows\n a remote attacker to carry out a limited bypass of the\n same-origin policy. No other details are available.\n (CVE-2016-1692)\n\n - A flaw exists due to the Software Removal Tool being\n downloaded over an HTTP connection. A man-in-the-middle\n attacker can exploit this to manipulate its contents.\n (CVE-2016-1693)\n\n - A unspecified flaw exists that is triggered when HTTP\n Public Key Pinning (HPKP) pins are removed when clearing\n the cache. No other details are available.\n (CVE-2016-1694)\n\n - Multiple unspecified issues exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-1695)\n\n - A use-after-free error exists in 'MailboxManagerImpl'\n that is triggered when handling GPU commands. A remote\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.", "modified": "2019-01-02T00:00:00", "published": "2016-05-27T00:00:00", "id": "MACOSX_GOOGLE_CHROME_51_0_2704_63.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91351", "title": "Google Chrome < 51.0.2704.63 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91351);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/01/02 11:18:37\");\n\n script_cve_id(\n \"CVE-2016-1672\",\n \"CVE-2016-1673\",\n \"CVE-2016-1674\",\n \"CVE-2016-1675\",\n \"CVE-2016-1676\",\n \"CVE-2016-1677\",\n \"CVE-2016-1678\",\n \"CVE-2016-1679\",\n \"CVE-2016-1680\",\n \"CVE-2016-1681\",\n \"CVE-2016-1682\",\n \"CVE-2016-1683\",\n \"CVE-2016-1684\",\n \"CVE-2016-1685\",\n \"CVE-2016-1686\",\n \"CVE-2016-1687\",\n \"CVE-2016-1688\",\n \"CVE-2016-1689\",\n \"CVE-2016-1690\",\n \"CVE-2016-1691\",\n \"CVE-2016-1692\",\n \"CVE-2016-1693\",\n \"CVE-2016-1694\",\n \"CVE-2016-1695\"\n );\n script_xref(name:\"EDB-ID\", value:\"39961\");\n\n script_name(english:\"Google Chrome < 51.0.2704.63 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Mac OS X host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 51.0.2704.63. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple unspecified flaws exist in extension bindings\n that allow a remote attacker to bypass the same-origin\n policy. No other details are available. (CVE-2016-1672,\n CVE-2016-1676)\n\n - Multiple unspecified flaws exist in Blink that allow a\n remote attacker to bypass the same-origin policy. No\n other details are available. (CVE-2016-1673,\n CVE-2016-1675)\n\n - An unspecified flaw exists in Extensions that allows a\n remote attacker to bypass the same-origin policy.\n No other details are available. (CVE-2016-1674)\n\n - An unspecified type confusion error exists in V8\n decodeURI that allows a remote attacker to disclose\n potentially sensitive information. (CVE-2016-1677)\n\n - A heap buffer overflow condition exists in V8 due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-1678)\n\n - A heap use-after-free error exists in V8 bindings that\n allows a remote attacker to deference already freed\n memory and execute arbitrary code. (CVE-2016-1679)\n\n - A heap use-after-free error exists in Google Skia that\n allows a remote attacker to deference already freed\n memory and execute arbitrary code. (CVE-2016-1680)\n\n - A buffer overflow condition exists in OpenJPEG in the\n opj_j2k_read_SPCod_SPCoc() function within file j2k.c\n due to improper validation of user-supplied input. A\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2016-1681)\n\n - An unspecified flaw exists in ServiceWorker that allows\n a remote attacker to bypass the Content Security Policy\n (CSP). No other details are available. (CVE-2016-1682)\n\n - An unspecified out-of-bounds access error exists in\n libxslt that allows a remote attacker to have an\n unspecified impact. (CVE-2016-1683)\n\n - An integer overflow condition exists in libxslt that\n allows a remote attacker to have an unspecified impact.\n (CVE-2016-1684)\n\n - Multiple out-of-bounds read errors exist in PDFium that\n allow a remote attacker to cause a denial of service\n condition or disclose potentially sensitive information.\n (CVE-2016-1685, CVE-2016-1686)\n\n - An unspecified flaw exists in Extensions that allows a\n remote attacker to disclose potentially sensitive\n information. No other details are available.\n (CVE-2016-1687)\n\n - An out-of-bounds read error exists in V8 that allows a\n remote attacker to cause a denial of service condition\n or disclose potentially sensitive information.\n (CVE-2016-1688)\n\n - A heap buffer overflow condition exists in Media due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2016-1689)\n\n - A heap use-after-free error exists in Autofill that\n allows a remote attacker to execute arbitrary code.\n (CVE-2016-1690)\n\n - A heap buffer overflow condition exists in Google Skia\n due to improper validation of user-supplied input. A\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2016-1691)\n\n - An unspecified flaw exists in ServiceWorker that allows\n a remote attacker to carry out a limited bypass of the\n same-origin policy. No other details are available.\n (CVE-2016-1692)\n\n - A flaw exists due to the Software Removal Tool being\n downloaded over an HTTP connection. A man-in-the-middle\n attacker can exploit this to manipulate its contents.\n (CVE-2016-1693)\n\n - A unspecified flaw exists that is triggered when HTTP\n Public Key Pinning (HPKP) pins are removed when clearing\n the cache. No other details are available.\n (CVE-2016-1694)\n\n - Multiple unspecified issues exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-1695)\n\n - A use-after-free error exists in 'MailboxManagerImpl'\n that is triggered when handling GPU commands. A remote\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.\n\");\n # http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e4d6f0fa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 51.0.2704.63 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/27\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'51.0.2704.63', severity:SECURITY_HOLE);\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:24:12", "bulletinFamily": "scanner", "description": "An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 51.0.2704.63.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Chromium\nto crash, execute arbitrary code, or disclose sensitive information\nwhen visited by the victim. (CVE-2016-1672, CVE-2016-1673,\nCVE-2016-1674, CVE-2016-1675, CVE-2016-1676, CVE-2016-1678,\nCVE-2016-1679, CVE-2016-1680, CVE-2016-1681, CVE-2016-1695,\nCVE-2016-1677, CVE-2016-1682, CVE-2016-1683, CVE-2016-1684,\nCVE-2016-1685, CVE-2016-1686, CVE-2016-1687, CVE-2016-1688,\nCVE-2016-1689, CVE-2016-1690, CVE-2016-1691, CVE-2016-1692,\nCVE-2016-1693, CVE-2016-1694)", "modified": "2018-11-10T00:00:00", "published": "2016-06-02T00:00:00", "id": "REDHAT-RHSA-2016-1190.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91440", "title": "RHEL 6 : chromium-browser (RHSA-2016:1190)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1190. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91440);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2018/11/10 11:49:55\");\n\n script_cve_id(\"CVE-2016-1672\", \"CVE-2016-1673\", \"CVE-2016-1674\", \"CVE-2016-1675\", \"CVE-2016-1676\", \"CVE-2016-1677\", \"CVE-2016-1678\", \"CVE-2016-1679\", \"CVE-2016-1680\", \"CVE-2016-1681\", \"CVE-2016-1682\", \"CVE-2016-1683\", \"CVE-2016-1684\", \"CVE-2016-1685\", \"CVE-2016-1686\", \"CVE-2016-1687\", \"CVE-2016-1688\", \"CVE-2016-1689\", \"CVE-2016-1690\", \"CVE-2016-1691\", \"CVE-2016-1692\", \"CVE-2016-1693\", \"CVE-2016-1694\", \"CVE-2016-1695\");\n script_xref(name:\"RHSA\", value:\"2016:1190\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2016:1190)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 51.0.2704.63.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Chromium\nto crash, execute arbitrary code, or disclose sensitive information\nwhen visited by the victim. (CVE-2016-1672, CVE-2016-1673,\nCVE-2016-1674, CVE-2016-1675, CVE-2016-1676, CVE-2016-1678,\nCVE-2016-1679, CVE-2016-1680, CVE-2016-1681, CVE-2016-1695,\nCVE-2016-1677, CVE-2016-1682, CVE-2016-1683, CVE-2016-1684,\nCVE-2016-1685, CVE-2016-1686, CVE-2016-1687, CVE-2016-1688,\nCVE-2016-1689, CVE-2016-1690, CVE-2016-1691, CVE-2016-1692,\nCVE-2016-1693, CVE-2016-1694)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1695\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1190\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-51.0.2704.63-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-51.0.2704.63-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-51.0.2704.63-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-51.0.2704.63-1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:24:10", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Windows host is\nprior to 51.0.2704.63. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple unspecified flaws exist in extension bindings\n that allow a remote attacker to bypass the same-origin\n policy. No other details are available. (CVE-2016-1672,\n CVE-2016-1676)\n\n - Multiple unspecified flaws exist in Blink that allow a\n remote attacker to bypass the same-origin policy. No\n other details are available. (CVE-2016-1673,\n CVE-2016-1675)\n\n - An unspecified flaw exists in Extensions that allows a\n remote attacker to bypass the same-origin policy.\n No other details are available. (CVE-2016-1674)\n\n - An unspecified type confusion error exists in V8\n decodeURI that allows a remote attacker to disclose\n potentially sensitive information. (CVE-2016-1677)\n\n - A heap buffer overflow condition exists in V8 due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-1678)\n\n - A heap use-after-free error exists in V8 bindings that\n allows a remote attacker to deference already freed\n memory and execute arbitrary code. (CVE-2016-1679)\n\n - A heap use-after-free error exists in Google Skia that\n allows a remote attacker to deference already freed\n memory and execute arbitrary code. (CVE-2016-1680)\n\n - A buffer overflow condition exists in OpenJPEG in the\n opj_j2k_read_SPCod_SPCoc() function within file j2k.c\n due to improper validation of user-supplied input. A\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2016-1681)\n\n - An unspecified flaw exists in ServiceWorker that allows\n a remote attacker to bypass the Content Security Policy\n (CSP). No other details are available. (CVE-2016-1682)\n\n - An unspecified out-of-bounds access error exists in\n libxslt that allows a remote attacker to have an\n unspecified impact. (CVE-2016-1683)\n\n - An integer overflow condition exists in libxslt that\n allows a remote attacker to have an unspecified impact.\n (CVE-2016-1684)\n\n - Multiple out-of-bounds read errors exist in PDFium that\n allow a remote attacker to cause a denial of service\n condition or disclose potentially sensitive information.\n (CVE-2016-1685, CVE-2016-1686)\n\n - An unspecified flaw exists in Extensions that allows a\n remote attacker to disclose potentially sensitive\n information. No other details are available.\n (CVE-2016-1687)\n\n - An out-of-bounds read error exists in V8 that allows a\n remote attacker to cause a denial of service condition\n or disclose potentially sensitive information.\n (CVE-2016-1688)\n\n - A heap buffer overflow condition exists in Media due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2016-1689)\n\n - A heap use-after-free error exists in Autofill that\n allows a remote attacker to execute arbitrary code.\n (CVE-2016-1690)\n\n - A heap buffer overflow condition exists in Google Skia\n due to improper validation of user-supplied input. A\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2016-1691)\n\n - An unspecified flaw exists in ServiceWorker that allows\n a remote attacker to carry out a limited bypass of the\n same-origin policy. No other details are available.\n (CVE-2016-1692)\n\n - A flaw exists due to the Software Removal Tool being\n downloaded over an HTTP connection. A man-in-the-middle\n attacker can exploit this to manipulate its contents.\n (CVE-2016-1693)\n\n - A unspecified flaw exists that is triggered when HTTP\n Public Key Pinning (HPKP) pins are removed when clearing\n the cache. No other details are available.\n (CVE-2016-1694)\n\n - Multiple unspecified issues exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-1695)\n\n - A use-after-free error exists in 'MailboxManagerImpl'\n that is triggered when handling GPU commands. A remote\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.", "modified": "2019-01-02T00:00:00", "published": "2016-05-27T00:00:00", "id": "GOOGLE_CHROME_51_0_2704_63.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91350", "title": "Google Chrome < 51.0.2704.63 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91350);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/01/02 11:18:37\");\n\n script_cve_id(\n \"CVE-2016-1672\",\n \"CVE-2016-1673\",\n \"CVE-2016-1674\",\n \"CVE-2016-1675\",\n \"CVE-2016-1676\",\n \"CVE-2016-1677\",\n \"CVE-2016-1678\",\n \"CVE-2016-1679\",\n \"CVE-2016-1680\",\n \"CVE-2016-1681\",\n \"CVE-2016-1682\",\n \"CVE-2016-1683\",\n \"CVE-2016-1684\",\n \"CVE-2016-1685\",\n \"CVE-2016-1686\",\n \"CVE-2016-1687\",\n \"CVE-2016-1688\",\n \"CVE-2016-1689\",\n \"CVE-2016-1690\",\n \"CVE-2016-1691\",\n \"CVE-2016-1692\",\n \"CVE-2016-1693\",\n \"CVE-2016-1694\",\n \"CVE-2016-1695\"\n );\n script_xref(name:\"EDB-ID\", value:\"39961\");\n\n script_name(english:\"Google Chrome < 51.0.2704.63 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 51.0.2704.63. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple unspecified flaws exist in extension bindings\n that allow a remote attacker to bypass the same-origin\n policy. No other details are available. (CVE-2016-1672,\n CVE-2016-1676)\n\n - Multiple unspecified flaws exist in Blink that allow a\n remote attacker to bypass the same-origin policy. No\n other details are available. (CVE-2016-1673,\n CVE-2016-1675)\n\n - An unspecified flaw exists in Extensions that allows a\n remote attacker to bypass the same-origin policy.\n No other details are available. (CVE-2016-1674)\n\n - An unspecified type confusion error exists in V8\n decodeURI that allows a remote attacker to disclose\n potentially sensitive information. (CVE-2016-1677)\n\n - A heap buffer overflow condition exists in V8 due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-1678)\n\n - A heap use-after-free error exists in V8 bindings that\n allows a remote attacker to deference already freed\n memory and execute arbitrary code. (CVE-2016-1679)\n\n - A heap use-after-free error exists in Google Skia that\n allows a remote attacker to deference already freed\n memory and execute arbitrary code. (CVE-2016-1680)\n\n - A buffer overflow condition exists in OpenJPEG in the\n opj_j2k_read_SPCod_SPCoc() function within file j2k.c\n due to improper validation of user-supplied input. A\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2016-1681)\n\n - An unspecified flaw exists in ServiceWorker that allows\n a remote attacker to bypass the Content Security Policy\n (CSP). No other details are available. (CVE-2016-1682)\n\n - An unspecified out-of-bounds access error exists in\n libxslt that allows a remote attacker to have an\n unspecified impact. (CVE-2016-1683)\n\n - An integer overflow condition exists in libxslt that\n allows a remote attacker to have an unspecified impact.\n (CVE-2016-1684)\n\n - Multiple out-of-bounds read errors exist in PDFium that\n allow a remote attacker to cause a denial of service\n condition or disclose potentially sensitive information.\n (CVE-2016-1685, CVE-2016-1686)\n\n - An unspecified flaw exists in Extensions that allows a\n remote attacker to disclose potentially sensitive\n information. No other details are available.\n (CVE-2016-1687)\n\n - An out-of-bounds read error exists in V8 that allows a\n remote attacker to cause a denial of service condition\n or disclose potentially sensitive information.\n (CVE-2016-1688)\n\n - A heap buffer overflow condition exists in Media due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2016-1689)\n\n - A heap use-after-free error exists in Autofill that\n allows a remote attacker to execute arbitrary code.\n (CVE-2016-1690)\n\n - A heap buffer overflow condition exists in Google Skia\n due to improper validation of user-supplied input. A\n remote attacker can exploit this to cause a denial of\n service condition or the execution of arbitrary code.\n (CVE-2016-1691)\n\n - An unspecified flaw exists in ServiceWorker that allows\n a remote attacker to carry out a limited bypass of the\n same-origin policy. No other details are available.\n (CVE-2016-1692)\n\n - A flaw exists due to the Software Removal Tool being\n downloaded over an HTTP connection. A man-in-the-middle\n attacker can exploit this to manipulate its contents.\n (CVE-2016-1693)\n\n - A unspecified flaw exists that is triggered when HTTP\n Public Key Pinning (HPKP) pins are removed when clearing\n the cache. No other details are available.\n (CVE-2016-1694)\n\n - Multiple unspecified issues exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-1695)\n\n - A use-after-free error exists in 'MailboxManagerImpl'\n that is triggered when handling GPU commands. A remote\n attacker can exploit this to dereference already freed\n memory, resulting in the execution of arbitrary code.\n\");\n # http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e4d6f0fa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 51.0.2704.63 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/27\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'51.0.2704.63', severity:SECURITY_HOLE);\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:24:30", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201607-07\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2016-10-10T00:00:00", "published": "2016-07-18T00:00:00", "id": "GENTOO_GLSA-201607-07.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92351", "title": "GLSA-201607-07 : Chromium: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201607-07.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92351);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/10 14:25:16 $\");\n\n script_cve_id(\"CVE-2016-1672\", \"CVE-2016-1673\", \"CVE-2016-1674\", \"CVE-2016-1675\", \"CVE-2016-1676\", \"CVE-2016-1677\", \"CVE-2016-1678\", \"CVE-2016-1679\", \"CVE-2016-1680\", \"CVE-2016-1681\", \"CVE-2016-1682\", \"CVE-2016-1683\", \"CVE-2016-1684\", \"CVE-2016-1685\", \"CVE-2016-1686\", \"CVE-2016-1687\", \"CVE-2016-1688\", \"CVE-2016-1689\", \"CVE-2016-1690\", \"CVE-2016-1691\", \"CVE-2016-1692\", \"CVE-2016-1693\", \"CVE-2016-1694\", \"CVE-2016-1695\");\n script_xref(name:\"GLSA\", value:\"201607-07\");\n\n script_name(english:\"GLSA-201607-07 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201607-07\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201607-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-51.0.2704.103'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 51.0.2704.103\"), vulnerable:make_list(\"lt 51.0.2704.103\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:24:11", "bulletinFamily": "scanner", "description": "Chromium was updated to 51.0.2704.63 to fix the following\nvulnerabilities (boo#981886) :\n\n - CVE-2016-1672: Cross-origin bypass in extension bindings\n\n - CVE-2016-1673: Cross-origin bypass in Blink\n\n - CVE-2016-1674: Cross-origin bypass in extensions\n\n - CVE-2016-1675: Cross-origin bypass in Blink\n\n - CVE-2016-1676: Cross-origin bypass in extension bindings\n\n - CVE-2016-1677: Type confusion in V8\n\n - CVE-2016-1678: Heap overflow in V8\n\n - CVE-2016-1679: Heap use-after-free in V8 bindings\n\n - CVE-2016-1680: Heap use-after-free in Skia\n\n - CVE-2016-1681: Heap overflow in PDFium\n\n - CVE-2016-1682: CSP bypass for ServiceWorker\n\n - CVE-2016-1683: Out-of-bounds access in libxslt\n\n - CVE-2016-1684: Integer overflow in libxslt\n\n - CVE-2016-1685: Out-of-bounds read in PDFium\n\n - CVE-2016-1686: Out-of-bounds read in PDFium\n\n - CVE-2016-1687: Information leak in extensions\n\n - CVE-2016-1688: Out-of-bounds read in V8\n\n - CVE-2016-1689: Heap buffer overflow in media\n\n - CVE-2016-1690: Heap use-after-free in Autofill\n\n - CVE-2016-1691: Heap buffer-overflow in Skia\n\n - CVE-2016-1692: Limited cross-origin bypass in\n ServiceWorker\n\n - CVE-2016-1693: HTTP Download of Software Removal Tool\n\n - CVE-2016-1694: HPKP pins removed on cache clearance\n\n - CVE-2016-1695: Various fixes from internal audits,\n fuzzing and other initiatives", "modified": "2016-10-13T00:00:00", "published": "2016-06-01T00:00:00", "id": "OPENSUSE-2016-652.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91404", "title": "openSUSE Security Update : Chromium (openSUSE-2016-652)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-652.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91404);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:37:12 $\");\n\n script_cve_id(\"CVE-2016-1672\", \"CVE-2016-1673\", \"CVE-2016-1674\", \"CVE-2016-1675\", \"CVE-2016-1676\", \"CVE-2016-1677\", \"CVE-2016-1678\", \"CVE-2016-1679\", \"CVE-2016-1680\", \"CVE-2016-1681\", \"CVE-2016-1682\", \"CVE-2016-1683\", \"CVE-2016-1684\", \"CVE-2016-1685\", \"CVE-2016-1686\", \"CVE-2016-1687\", \"CVE-2016-1688\", \"CVE-2016-1689\", \"CVE-2016-1690\", \"CVE-2016-1691\", \"CVE-2016-1692\", \"CVE-2016-1693\", \"CVE-2016-1694\", \"CVE-2016-1695\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-652)\");\n script_summary(english:\"Check for the openSUSE-2016-652 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 51.0.2704.63 to fix the following\nvulnerabilities (boo#981886) :\n\n - CVE-2016-1672: Cross-origin bypass in extension bindings\n\n - CVE-2016-1673: Cross-origin bypass in Blink\n\n - CVE-2016-1674: Cross-origin bypass in extensions\n\n - CVE-2016-1675: Cross-origin bypass in Blink\n\n - CVE-2016-1676: Cross-origin bypass in extension bindings\n\n - CVE-2016-1677: Type confusion in V8\n\n - CVE-2016-1678: Heap overflow in V8\n\n - CVE-2016-1679: Heap use-after-free in V8 bindings\n\n - CVE-2016-1680: Heap use-after-free in Skia\n\n - CVE-2016-1681: Heap overflow in PDFium\n\n - CVE-2016-1682: CSP bypass for ServiceWorker\n\n - CVE-2016-1683: Out-of-bounds access in libxslt\n\n - CVE-2016-1684: Integer overflow in libxslt\n\n - CVE-2016-1685: Out-of-bounds read in PDFium\n\n - CVE-2016-1686: Out-of-bounds read in PDFium\n\n - CVE-2016-1687: Information leak in extensions\n\n - CVE-2016-1688: Out-of-bounds read in V8\n\n - CVE-2016-1689: Heap buffer overflow in media\n\n - CVE-2016-1690: Heap use-after-free in Autofill\n\n - CVE-2016-1691: Heap buffer-overflow in Skia\n\n - CVE-2016-1692: Limited cross-origin bypass in\n ServiceWorker\n\n - CVE-2016-1693: HTTP Download of Software Removal Tool\n\n - CVE-2016-1694: HPKP pins removed on cache clearance\n\n - CVE-2016-1695: Various fixes from internal audits,\n fuzzing and other initiatives\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981886\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-51.0.2704.63-51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-debuginfo-51.0.2704.63-51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-51.0.2704.63-51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-debuginfo-51.0.2704.63-51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-debugsource-51.0.2704.63-51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-gnome-51.0.2704.63-51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-kde-51.0.2704.63-51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-ffmpegsumo-51.0.2704.63-51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-ffmpegsumo-debuginfo-51.0.2704.63-51.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:24:13", "bulletinFamily": "scanner", "description": "Chromium was updated to 51.0.2704.79 to fix the following\nvulnerabilities :\n\n - CVE-2016-1696: Cross-origin bypass in Extension bindings\n\n - CVE-2016-1697: Cross-origin bypass in Blink\n\n - CVE-2016-1698: Information leak in Extension bindings\n\n - CVE-2016-1699: Parameter sanitization failure in\n DevTools\n\n - CVE-2016-1700: Use-after-free in Extensions\n\n - CVE-2016-1701: Use-after-free in Autofill\n\n - CVE-2016-1702: Out-of-bounds read in Skia\n\n - CVE-2016-1703: Various fixes from internal audits,\n fuzzing and other initiatives Also includes\n vulnerabilities fixed in 51.0.2704.63 (boo#981886) :\n\n - CVE-2016-1672: Cross-origin bypass in extension bindings\n\n - CVE-2016-1673: Cross-origin bypass in Blink\n\n - CVE-2016-1674: Cross-origin bypass in extensions\n\n - CVE-2016-1675: Cross-origin bypass in Blink\n\n - CVE-2016-1676: Cross-origin bypass in extension bindings\n\n - CVE-2016-1677: Type confusion in V8\n\n - CVE-2016-1678: Heap overflow in V8\n\n - CVE-2016-1679: Heap use-after-free in V8 bindings\n\n - CVE-2016-1680: Heap use-after-free in Skia\n\n - CVE-2016-1681: Heap overflow in PDFium\n\n - CVE-2016-1682: CSP bypass for ServiceWorker\n\n - CVE-2016-1683: Out-of-bounds access in libxslt\n\n - CVE-2016-1684: Integer overflow in libxslt\n\n - CVE-2016-1685: Out-of-bounds read in PDFium\n\n - CVE-2016-1686: Out-of-bounds read in PDFium\n\n - CVE-2016-1687: Information leak in extensions\n\n - CVE-2016-1688: Out-of-bounds read in V8\n\n - CVE-2016-1689: Heap buffer overflow in media\n\n - CVE-2016-1690: Heap use-after-free in Autofill\n\n - CVE-2016-1691: Heap buffer-overflow in Skia\n\n - CVE-2016-1692: Limited cross-origin bypass in\n ServiceWorker\n\n - CVE-2016-1693: HTTP Download of Software Removal Tool\n\n - CVE-2016-1694: HPKP pins removed on cache clearance\n\n - CVE-2016-1695: Various fixes from internal audits,\n fuzzing and other initiatives", "modified": "2016-10-13T00:00:00", "published": "2016-06-06T00:00:00", "id": "OPENSUSE-2016-682.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91485", "title": "openSUSE Security Update : Chromium (openSUSE-2016-682)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-682.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91485);\n script_version(\"$Revision: 2.6 $\");\n script_cvs_date(\"$Date: 2016/10/13 14:37:12 $\");\n\n script_cve_id(\"CVE-2016-1672\", \"CVE-2016-1673\", \"CVE-2016-1674\", \"CVE-2016-1675\", \"CVE-2016-1676\", \"CVE-2016-1677\", \"CVE-2016-1678\", \"CVE-2016-1679\", \"CVE-2016-1680\", \"CVE-2016-1681\", \"CVE-2016-1682\", \"CVE-2016-1683\", \"CVE-2016-1684\", \"CVE-2016-1685\", \"CVE-2016-1686\", \"CVE-2016-1687\", \"CVE-2016-1688\", \"CVE-2016-1689\", \"CVE-2016-1690\", \"CVE-2016-1691\", \"CVE-2016-1692\", \"CVE-2016-1693\", \"CVE-2016-1694\", \"CVE-2016-1695\", \"CVE-2016-1696\", \"CVE-2016-1697\", \"CVE-2016-1698\", \"CVE-2016-1699\", \"CVE-2016-1700\", \"CVE-2016-1701\", \"CVE-2016-1702\", \"CVE-2016-1703\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-682)\");\n script_summary(english:\"Check for the openSUSE-2016-682 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 51.0.2704.79 to fix the following\nvulnerabilities :\n\n - CVE-2016-1696: Cross-origin bypass in Extension bindings\n\n - CVE-2016-1697: Cross-origin bypass in Blink\n\n - CVE-2016-1698: Information leak in Extension bindings\n\n - CVE-2016-1699: Parameter sanitization failure in\n DevTools\n\n - CVE-2016-1700: Use-after-free in Extensions\n\n - CVE-2016-1701: Use-after-free in Autofill\n\n - CVE-2016-1702: Out-of-bounds read in Skia\n\n - CVE-2016-1703: Various fixes from internal audits,\n fuzzing and other initiatives Also includes\n vulnerabilities fixed in 51.0.2704.63 (boo#981886) :\n\n - CVE-2016-1672: Cross-origin bypass in extension bindings\n\n - CVE-2016-1673: Cross-origin bypass in Blink\n\n - CVE-2016-1674: Cross-origin bypass in extensions\n\n - CVE-2016-1675: Cross-origin bypass in Blink\n\n - CVE-2016-1676: Cross-origin bypass in extension bindings\n\n - CVE-2016-1677: Type confusion in V8\n\n - CVE-2016-1678: Heap overflow in V8\n\n - CVE-2016-1679: Heap use-after-free in V8 bindings\n\n - CVE-2016-1680: Heap use-after-free in Skia\n\n - CVE-2016-1681: Heap overflow in PDFium\n\n - CVE-2016-1682: CSP bypass for ServiceWorker\n\n - CVE-2016-1683: Out-of-bounds access in libxslt\n\n - CVE-2016-1684: Integer overflow in libxslt\n\n - CVE-2016-1685: Out-of-bounds read in PDFium\n\n - CVE-2016-1686: Out-of-bounds read in PDFium\n\n - CVE-2016-1687: Information leak in extensions\n\n - CVE-2016-1688: Out-of-bounds read in V8\n\n - CVE-2016-1689: Heap buffer overflow in media\n\n - CVE-2016-1690: Heap use-after-free in Autofill\n\n - CVE-2016-1691: Heap buffer-overflow in Skia\n\n - CVE-2016-1692: Limited cross-origin bypass in\n ServiceWorker\n\n - CVE-2016-1693: HTTP Download of Software Removal Tool\n\n - CVE-2016-1694: HPKP pins removed on cache clearance\n\n - CVE-2016-1695: Various fixes from internal audits,\n fuzzing and other initiatives\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982719\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-51.0.2704.79-105.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-51.0.2704.79-105.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-51.0.2704.79-105.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-51.0.2704.79-105.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-51.0.2704.79-105.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-51.0.2704.79-105.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-51.0.2704.79-105.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-51.0.2704.79-105.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:24:12", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2016-1667\n Mariusz Mylinski discovered a cross-origin bypass.\n\n - CVE-2016-1668\n Mariusz Mylinski discovered a cross-origin bypass in\n bindings to v8.\n\n - CVE-2016-1669\n Choongwoo Han discovered a buffer overflow in the v8\n JavaScript library.\n\n - CVE-2016-1670\n A race condition was found that could cause the renderer\n process to reuse ids that should have been unique.\n\n - CVE-2016-1672\n Mariusz Mylinski discovered a cross-origin bypass in\n extension bindings.\n\n - CVE-2016-1673\n Mariusz Mylinski discovered a cross-origin bypass in\n Blink/Webkit.\n\n - CVE-2016-1674\n Mariusz Mylinski discovered another cross-origin bypass\n in extension bindings.\n\n - CVE-2016-1675\n Mariusz Mylinski discovered another cross-origin bypass\n in Blink/Webkit.\n\n - CVE-2016-1676\n Rob Wu discovered a cross-origin bypass in extension\n bindings.\n\n - CVE-2016-1677\n Guang Gong discovered a type confusion issue in the v8\n JavaScript library.\n\n - CVE-2016-1678\n Christian Holler discovered an overflow issue in the v8\n JavaScript library.\n\n - CVE-2016-1679\n Rob Wu discovered a use-after-free issue in the bindings\n to v8.\n\n - CVE-2016-1680\n Atte Kettunen discovered a use-after-free issue in the\n skia library.\n\n - CVE-2016-1681\n Aleksandar Nikolic discovered an overflow issue in the\n pdfium library.\n\n - CVE-2016-1682\n KingstonTime discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2016-1683\n Nicolas Gregoire discovered an out-of-bounds write issue\n in the libxslt library.\n\n - CVE-2016-1684\n Nicolas Gregoire discovered an integer overflow issue in\n the libxslt library.\n\n - CVE-2016-1685\n Ke Liu discovered an out-of-bounds read issue in the\n pdfium library.\n\n - CVE-2016-1686\n Ke Liu discovered another out-of-bounds read issue in\n the pdfium library.\n\n - CVE-2016-1687\n Rob Wu discovered an information leak in the handling of\n extensions.\n\n - CVE-2016-1688\n Max Korenko discovered an out-of-bounds read issue in\n the v8 JavaScript library.\n\n - CVE-2016-1689\n Rob Wu discovered a buffer overflow issue.\n\n - CVE-2016-1690\n Rob Wu discovered a use-after-free issue.\n\n - CVE-2016-1691\n Atte Kettunen discovered a buffer overflow issue in the\n skia library.\n\n - CVE-2016-1692\n Til Jasper Ullrich discovered a cross-origin bypass\n issue.\n\n - CVE-2016-1693\n Khalil Zhani discovered that the Software Removal Tool\n download was done over an HTTP connection.\n\n - CVE-2016-1694\n Ryan Lester and Bryant Zadegan discovered that pinned\n public keys would be removed when clearing the browser\n cache.\n\n - CVE-2016-1695\n The chrome development team found and fixed various\n issues during internal auditing.", "modified": "2018-11-10T00:00:00", "published": "2016-06-02T00:00:00", "id": "DEBIAN_DSA-3590.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91429", "title": "Debian DSA-3590-1 : chromium-browser - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3590. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91429);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2016-1667\", \"CVE-2016-1668\", \"CVE-2016-1669\", \"CVE-2016-1670\", \"CVE-2016-1672\", \"CVE-2016-1673\", \"CVE-2016-1674\", \"CVE-2016-1675\", \"CVE-2016-1676\", \"CVE-2016-1677\", \"CVE-2016-1678\", \"CVE-2016-1679\", \"CVE-2016-1680\", \"CVE-2016-1681\", \"CVE-2016-1682\", \"CVE-2016-1683\", \"CVE-2016-1684\", \"CVE-2016-1685\", \"CVE-2016-1686\", \"CVE-2016-1687\", \"CVE-2016-1688\", \"CVE-2016-1689\", \"CVE-2016-1690\", \"CVE-2016-1691\", \"CVE-2016-1692\", \"CVE-2016-1693\", \"CVE-2016-1694\", \"CVE-2016-1695\");\n script_xref(name:\"DSA\", value:\"3590\");\n\n script_name(english:\"Debian DSA-3590-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2016-1667\n Mariusz Mylinski discovered a cross-origin bypass.\n\n - CVE-2016-1668\n Mariusz Mylinski discovered a cross-origin bypass in\n bindings to v8.\n\n - CVE-2016-1669\n Choongwoo Han discovered a buffer overflow in the v8\n JavaScript library.\n\n - CVE-2016-1670\n A race condition was found that could cause the renderer\n process to reuse ids that should have been unique.\n\n - CVE-2016-1672\n Mariusz Mylinski discovered a cross-origin bypass in\n extension bindings.\n\n - CVE-2016-1673\n Mariusz Mylinski discovered a cross-origin bypass in\n Blink/Webkit.\n\n - CVE-2016-1674\n Mariusz Mylinski discovered another cross-origin bypass\n in extension bindings.\n\n - CVE-2016-1675\n Mariusz Mylinski discovered another cross-origin bypass\n in Blink/Webkit.\n\n - CVE-2016-1676\n Rob Wu discovered a cross-origin bypass in extension\n bindings.\n\n - CVE-2016-1677\n Guang Gong discovered a type confusion issue in the v8\n JavaScript library.\n\n - CVE-2016-1678\n Christian Holler discovered an overflow issue in the v8\n JavaScript library.\n\n - CVE-2016-1679\n Rob Wu discovered a use-after-free issue in the bindings\n to v8.\n\n - CVE-2016-1680\n Atte Kettunen discovered a use-after-free issue in the\n skia library.\n\n - CVE-2016-1681\n Aleksandar Nikolic discovered an overflow issue in the\n pdfium library.\n\n - CVE-2016-1682\n KingstonTime discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2016-1683\n Nicolas Gregoire discovered an out-of-bounds write issue\n in the libxslt library.\n\n - CVE-2016-1684\n Nicolas Gregoire discovered an integer overflow issue in\n the libxslt library.\n\n - CVE-2016-1685\n Ke Liu discovered an out-of-bounds read issue in the\n pdfium library.\n\n - CVE-2016-1686\n Ke Liu discovered another out-of-bounds read issue in\n the pdfium library.\n\n - CVE-2016-1687\n Rob Wu discovered an information leak in the handling of\n extensions.\n\n - CVE-2016-1688\n Max Korenko discovered an out-of-bounds read issue in\n the v8 JavaScript library.\n\n - CVE-2016-1689\n Rob Wu discovered a buffer overflow issue.\n\n - CVE-2016-1690\n Rob Wu discovered a use-after-free issue.\n\n - CVE-2016-1691\n Atte Kettunen discovered a buffer overflow issue in the\n skia library.\n\n - CVE-2016-1692\n Til Jasper Ullrich discovered a cross-origin bypass\n issue.\n\n - CVE-2016-1693\n Khalil Zhani discovered that the Software Removal Tool\n download was done over an HTTP connection.\n\n - CVE-2016-1694\n Ryan Lester and Bryant Zadegan discovered that pinned\n public keys would be removed when clearing the browser\n cache.\n\n - CVE-2016-1695\n The chrome development team found and fixed various\n issues during internal auditing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3590\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 51.0.2704.63-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"chromedriver\", reference:\"51.0.2704.63-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium\", reference:\"51.0.2704.63-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-dbg\", reference:\"51.0.2704.63-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-inspector\", reference:\"51.0.2704.63-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-l10n\", reference:\"51.0.2704.63-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:18", "bulletinFamily": "unix", "description": "\nGoogle Chrome Releases reports:\n\n42 security fixes in this release\nPlease reference CVE/URL list for details\n\n", "modified": "2016-06-20T00:00:00", "published": "2016-05-25T00:00:00", "id": "1A6BBB95-24B8-11E6-BD31-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/1a6bbb95-24b8-11e6-bd31-3065ec8fd3ec.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-11-19T12:59:28", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-06-03T00:00:00", "id": "OPENVAS:1361412562310851321", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851321", "title": "SuSE Update for Chromium openSUSE-SU-2016:1430-1 (Chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_1430_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Chromium openSUSE-SU-2016:1430-1 (Chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851321\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-03 16:25:08 +0530 (Fri, 03 Jun 2016)\");\n script_cve_id(\"CVE-2016-1672\", \"CVE-2016-1673\", \"CVE-2016-1674\", \"CVE-2016-1675\",\n \"CVE-2016-1676\", \"CVE-2016-1677\", \"CVE-2016-1678\", \"CVE-2016-1679\",\n \"CVE-2016-1680\", \"CVE-2016-1681\", \"CVE-2016-1682\", \"CVE-2016-1683\",\n \"CVE-2016-1684\", \"CVE-2016-1685\", \"CVE-2016-1686\", \"CVE-2016-1687\",\n \"CVE-2016-1688\", \"CVE-2016-1689\", \"CVE-2016-1690\", \"CVE-2016-1691\",\n \"CVE-2016-1692\", \"CVE-2016-1693\", \"CVE-2016-1694\", \"CVE-2016-1695\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Chromium openSUSE-SU-2016:1430-1 (Chromium)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Chromium was updated to 51.0.2704.63 to fix the following vulnerabilities\n (boo#981886):\n\n - CVE-2016-1672: Cross-origin bypass in extension bindings\n\n - CVE-2016-1673: Cross-origin bypass in Blink\n\n - CVE-2016-1674: Cross-origin bypass in extensions\n\n - CVE-2016-1675: Cross-origin bypass in Blink\n\n - CVE-2016-1676: Cross-origin bypass in extension bindings\n\n - CVE-2016-1677: Type confusion in V8\n\n - CVE-2016-1678: Heap overflow in V8\n\n - CVE-2016-1679: Heap use-after-free in V8 bindings\n\n - CVE-2016-1680: Heap use-after-free in Skia\n\n - CVE-2016-1681: Heap overflow in PDFium\n\n - CVE-2016-1682: CSP bypass for ServiceWorker\n\n - CVE-2016-1683: Out-of-bounds access in libxslt\n\n - CVE-2016-1684: Integer overflow in libxslt\n\n - CVE-2016-1685: Out-of-bounds read in PDFium\n\n - CVE-2016-1686: Out-of-bounds read in PDFium\n\n - CVE-2016-1687: Information leak in extensions\n\n - CVE-2016-1688: Out-of-bounds read in V8\n\n - CVE-2016-1689: Heap buffer overflow in media\n\n - CVE-2016-1690: Heap use-after-free in Autofill\n\n - CVE-2016-1691: Heap buffer-overflow in Skia\n\n - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker\n\n - CVE-2016-1693: HTTP Download of Software Removal Tool\n\n - CVE-2016-1694: HPKP pins removed on cache clearance\n\n - CVE-2016-1695: Various fixes from internal audits, fuzzing and other\n initiatives\");\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 42.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1430_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~51.0.2704.63~51.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~51.0.2704.63~51.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~51.0.2704.63~51.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~51.0.2704.63~51.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~51.0.2704.63~51.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~51.0.2704.63~51.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~51.0.2704.63~51.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~51.0.2704.63~51.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~51.0.2704.63~51.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:36:31", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2018-10-18T00:00:00", "published": "2016-05-30T00:00:00", "id": "OPENVAS:1361412562310807333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807333", "title": "Google Chrome Security Updates(stable-channel-update_25-2016-05)-MAC OS X", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_stable-channel-update_25-2016-05_macosx.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Google Chrome Security Updates(stable-channel-update_25-2016-05)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807333\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2016-1672\", \"CVE-2016-1673\", \"CVE-2016-1674\", \"CVE-2016-1675\",\n \"CVE-2016-1676\", \"CVE-2016-1677\", \"CVE-2016-1678\", \"CVE-2016-1679\",\n \"CVE-2016-1680\", \"CVE-2016-1681\", \"CVE-2016-1682\", \"CVE-2016-1683\",\n \"CVE-2016-1684\", \"CVE-2016-1685\", \"CVE-2016-1686\", \"CVE-2016-1687\",\n \"CVE-2016-1688\", \"CVE-2016-1689\", \"CVE-2016-1690\", \"CVE-2016-1691\",\n \"CVE-2016-1692\", \"CVE-2016-1693\", \"CVE-2016-1694\", \"CVE-2016-1695\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-30 13:22:34 +0530 (Mon, 30 May 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update_25-2016-05)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - Cross-origin bypass in extension bindings.\n\n - Cross-origin bypass in Blink.\n\n - Cross-origin bypass in extensions.\n\n - Type confusion in V8.\n\n - Heap overflow in V8.\n\n - Heap use-after-free in V8 bindings.\n\n - Heap use-after-free in Skia.\n\n - Heap overflow in PDFium.\n\n - CSP bypass for ServiceWorker.\n\n - Out-of-bounds access in libxslt.\n\n - Integer overflow in libxslt.\n\n - Out-of-bounds read in PDFium.\n\n - Information leak in extensions.\n\n - Out-of-bounds read in V8.\n\n - Heap buffer overflow in media.\n\n - Heap use-after-free in Autofill.\n\n - Heap buffer-overflow in Skia.\n\n - Limited cross-origin bypass in ServiceWorker.\n\n - HTTP Download of Software Removal Tool.\n\n - HPKP pins removed on cache clearance.\n\n - Various fixes from internal audits, fuzzing and other initiatives.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to bypass security restrictions,\n to obtain sensitive information and to cause a denial of service\n (buffer overflow) or possibly have unspecified other impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 51.0.2704.63 on MAC OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 51.0.2704.63 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/05/stable-channel-update_25.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"51.0.2704.63\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"51.0.2704.63\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:37:57", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2018-10-18T00:00:00", "published": "2016-05-30T00:00:00", "id": "OPENVAS:1361412562310807334", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807334", "title": "Google Chrome Security Updates(stable-channel-update_25-2016-05)-Windows", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_stable-channel-update_25-2016-05_win.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Google Chrome Security Updates(stable-channel-update_25-2016-05)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807334\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2016-1672\", \"CVE-2016-1673\", \"CVE-2016-1674\", \"CVE-2016-1675\",\n \"CVE-2016-1676\", \"CVE-2016-1677\", \"CVE-2016-1678\", \"CVE-2016-1679\",\n \"CVE-2016-1680\", \"CVE-2016-1681\", \"CVE-2016-1682\", \"CVE-2016-1683\",\n \"CVE-2016-1684\", \"CVE-2016-1685\", \"CVE-2016-1686\", \"CVE-2016-1687\",\n \"CVE-2016-1688\", \"CVE-2016-1689\", \"CVE-2016-1690\", \"CVE-2016-1691\",\n \"CVE-2016-1692\", \"CVE-2016-1693\", \"CVE-2016-1694\", \"CVE-2016-1695\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-30 13:22:34 +0530 (Mon, 30 May 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update_25-2016-05)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - Cross-origin bypass in extension bindings.\n\n - Cross-origin bypass in Blink.\n\n - Cross-origin bypass in extensions.\n\n - Type confusion in V8.\n\n - Heap overflow in V8.\n\n - Heap use-after-free in V8 bindings.\n\n - Heap use-after-free in Skia.\n\n - Heap overflow in PDFium.\n\n - CSP bypass for ServiceWorker.\n\n - Out-of-bounds access in libxslt.\n\n - Integer overflow in libxslt.\n\n - Out-of-bounds read in PDFium.\n\n - Information leak in extensions.\n\n - Out-of-bounds read in V8.\n\n - Heap buffer overflow in media.\n\n - Heap use-after-free in Autofill.\n\n - Heap buffer-overflow in Skia.\n\n - Limited cross-origin bypass in ServiceWorker.\n\n - HTTP Download of Software Removal Tool.\n\n - HPKP pins removed on cache clearance.\n\n - Various fixes from internal audits, fuzzing and other initiatives.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to bypass security restrictions,\n to obtain sensitive information and to cause a denial of service\n (buffer overflow) or possibly have unspecified other impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 51.0.2704.63 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 51.0.2704.63 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/05/stable-channel-update_25.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"51.0.2704.63\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"51.0.2704.63\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:37:25", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2018-10-18T00:00:00", "published": "2016-05-30T00:00:00", "id": "OPENVAS:1361412562310807336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807336", "title": "Google Chrome Security Updates(stable-channel-update_25-2016-05)-Linux", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_stable-channel-update_25-2016-05_lin.nasl 11969 2018-10-18 14:53:42Z asteins $\n#\n# Google Chrome Security Updates(stable-channel-update_25-2016-05)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807336\");\n script_version(\"$Revision: 11969 $\");\n script_cve_id(\"CVE-2016-1672\", \"CVE-2016-1673\", \"CVE-2016-1674\", \"CVE-2016-1675\",\n \"CVE-2016-1676\", \"CVE-2016-1677\", \"CVE-2016-1678\", \"CVE-2016-1679\",\n \"CVE-2016-1680\", \"CVE-2016-1681\", \"CVE-2016-1682\", \"CVE-2016-1683\",\n \"CVE-2016-1684\", \"CVE-2016-1685\", \"CVE-2016-1686\", \"CVE-2016-1687\",\n \"CVE-2016-1688\", \"CVE-2016-1689\", \"CVE-2016-1690\", \"CVE-2016-1691\",\n \"CVE-2016-1692\", \"CVE-2016-1693\", \"CVE-2016-1694\", \"CVE-2016-1695\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-18 16:53:42 +0200 (Thu, 18 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-30 13:22:34 +0530 (Mon, 30 May 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update_25-2016-05)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - Cross-origin bypass in extension bindings.\n\n - Cross-origin bypass in Blink.\n\n - Cross-origin bypass in extensions.\n\n - Type confusion in V8.\n\n - Heap overflow in V8.\n\n - Heap use-after-free in V8 bindings.\n\n - Heap use-after-free in Skia.\n\n - Heap overflow in PDFium.\n\n - CSP bypass for ServiceWorker.\n\n - Out-of-bounds access in libxslt.\n\n - Integer overflow in libxslt.\n\n - Out-of-bounds read in PDFium.\n\n - Information leak in extensions.\n\n - Out-of-bounds read in V8.\n\n - Heap buffer overflow in media.\n\n - Heap use-after-free in Autofill.\n\n - Heap buffer-overflow in Skia.\n\n - Limited cross-origin bypass in ServiceWorker.\n\n - HTTP Download of Software Removal Tool.\n\n - HPKP pins removed on cache clearance.\n\n - Various fixes from internal audits, fuzzing and other initiatives.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to bypass security restrictions,\n to obtain sensitive information and to cause a denial of service\n (buffer overflow) or possibly have unspecified other impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 51.0.2704.63 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 51.0.2704.63 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/05/stable-channel-update_25.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_xref(name:\"URL\", value:\"http://www.google.com/chrome\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"51.0.2704.63\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"51.0.2704.63\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:01", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1667 \nMariusz Mylinski discovered a cross-origin bypass.\n\nCVE-2016-1668 \nMariusz Mylinski discovered a cross-origin bypass in bindings to v8.\n\nCVE-2016-1669 \nChoongwoo Han discovered a buffer overflow in the v8 javascript\nlibrary.\n\nCVE-2016-1670 \nA race condition was found that could cause the renderer process\nto reuse ids that should have been unique.\n\nCVE-2016-1672 \nMariusz Mylinski discovered a cross-origin bypass in extension\nbindings.\n\nCVE-2016-1673 \nMariusz Mylinski discovered a cross-origin bypass in Blink/Webkit.\n\nCVE-2016-1674 \nMariusz Mylinski discovered another cross-origin bypass in extension\nbindings.\n\nCVE-2016-1675 \nMariusz Mylinski discovered another cross-origin bypass in\nBlink/Webkit.\n\nCVE-2016-1676 \nRob Wu discovered a cross-origin bypass in extension bindings.\n\nCVE-2016-1677 \nGuang Gong discovered a type confusion issue in the v8 javascript\nlibrary.\n\nCVE-2016-1678 \nChristian Holler discovered an overflow issue in the v8 javascript\nlibrary.\n\nCVE-2016-1679 \nRob Wu discovered a use-after-free issue in the bindings to v8.\n\nCVE-2016-1680 \nAtte Kettunen discovered a use-after-free issue in the skia library.\n\nCVE-2016-1681 \nAleksandar Nikolic discovered an overflow issue in the pdfium\nlibrary.\n\nCVE-2016-1682 \nKingstonTime discovered a way to bypass the Content Security Policy.\n\nCVE-2016-1683 \nNicolas Gregoire discovered an out-of-bounds write issue in the\nlibxslt library.\n\nCVE-2016-1684 \nNicolas Gregoire discovered an integer overflow issue in the\nlibxslt library.\n\nCVE-2016-1685 \nKe Liu discovered an out-of-bounds read issue in the pdfium library.\n\nCVE-2016-1686 \nKe Liu discovered another out-of-bounds read issue in the pdfium\nlibrary.\n\nCVE-2016-1687 \nRob Wu discovered an information leak in the handling of extensions.\n\nCVE-2016-1688 \nMax Korenko discovered an out-of-bounds read issue in the v8\njavascript library.\n\nCVE-2016-1689 \nRob Wu discovered a buffer overflow issue.\n\nCVE-2016-1690 \nRob Wu discovered a use-after-free issue.\n\nCVE-2016-1691 \nAtte Kettunen discovered a buffer overflow issue in the skia library.\n\nCVE-2016-1692 \nTil Jasper Ullrich discovered a cross-origin bypass issue.\n\nCVE-2016-1693 \nKhalil Zhani discovered that the Software Removal Tool download was\ndone over an HTTP connection.\n\nCVE-2016-1694 \nRyan Lester and Bryant Zadegan discovered that pinned public keys\nwould be removed when clearing the browser cache.\n\nCVE-2016-1695 \nThe chrome development team found and fixed various issues during\ninternal auditing.", "modified": "2017-12-15T00:00:00", "published": "2016-06-01T00:00:00", "id": "OPENVAS:1361412562310703590", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703590", "title": "Debian Security Advisory DSA 3590-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3590.nasl 8131 2017-12-15 07:30:28Z teissa $\n# Auto-generated from advisory DSA 3590-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703590\");\n script_version(\"$Revision: 8131 $\");\n script_cve_id(\"CVE-2016-1667\", \"CVE-2016-1668\", \"CVE-2016-1669\", \"CVE-2016-1670\",\n \"CVE-2016-1672\", \"CVE-2016-1673\", \"CVE-2016-1674\", \"CVE-2016-1675\",\n \"CVE-2016-1676\", \"CVE-2016-1677\", \"CVE-2016-1678\", \"CVE-2016-1679\",\n \"CVE-2016-1680\", \"CVE-2016-1681\", \"CVE-2016-1682\", \"CVE-2016-1683\",\n \"CVE-2016-1684\", \"CVE-2016-1685\", \"CVE-2016-1686\", \"CVE-2016-1687\",\n \"CVE-2016-1688\", \"CVE-2016-1689\", \"CVE-2016-1690\", \"CVE-2016-1691\",\n \"CVE-2016-1692\", \"CVE-2016-1693\", \"CVE-2016-1694\", \"CVE-2016-1695\");\n script_name(\"Debian Security Advisory DSA 3590-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-12-15 08:30:28 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-06-01 00:00:00 +0200 (Wed, 01 Jun 2016)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3590.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these\nproblems have been fixed in version 51.0.2704.63-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 51.0.2704.63-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1667 \nMariusz Mylinski discovered a cross-origin bypass.\n\nCVE-2016-1668 \nMariusz Mylinski discovered a cross-origin bypass in bindings to v8.\n\nCVE-2016-1669 \nChoongwoo Han discovered a buffer overflow in the v8 javascript\nlibrary.\n\nCVE-2016-1670 \nA race condition was found that could cause the renderer process\nto reuse ids that should have been unique.\n\nCVE-2016-1672 \nMariusz Mylinski discovered a cross-origin bypass in extension\nbindings.\n\nCVE-2016-1673 \nMariusz Mylinski discovered a cross-origin bypass in Blink/Webkit.\n\nCVE-2016-1674 \nMariusz Mylinski discovered another cross-origin bypass in extension\nbindings.\n\nCVE-2016-1675 \nMariusz Mylinski discovered another cross-origin bypass in\nBlink/Webkit.\n\nCVE-2016-1676 \nRob Wu discovered a cross-origin bypass in extension bindings.\n\nCVE-2016-1677 \nGuang Gong discovered a type confusion issue in the v8 javascript\nlibrary.\n\nCVE-2016-1678 \nChristian Holler discovered an overflow issue in the v8 javascript\nlibrary.\n\nCVE-2016-1679 \nRob Wu discovered a use-after-free issue in the bindings to v8.\n\nCVE-2016-1680 \nAtte Kettunen discovered a use-after-free issue in the skia library.\n\nCVE-2016-1681 \nAleksandar Nikolic discovered an overflow issue in the pdfium\nlibrary.\n\nCVE-2016-1682 \nKingstonTime discovered a way to bypass the Content Security Policy.\n\nCVE-2016-1683 \nNicolas Gregoire discovered an out-of-bounds write issue in the\nlibxslt library.\n\nCVE-2016-1684 \nNicolas Gregoire discovered an integer overflow issue in the\nlibxslt library.\n\nCVE-2016-1685 \nKe Liu discovered an out-of-bounds read issue in the pdfium library.\n\nCVE-2016-1686 \nKe Liu discovered another out-of-bounds read issue in the pdfium\nlibrary.\n\nCVE-2016-1687 \nRob Wu discovered an information leak in the handling of extensions.\n\nCVE-2016-1688 \nMax Korenko discovered an out-of-bounds read issue in the v8\njavascript library.\n\nCVE-2016-1689 \nRob Wu discovered a buffer overflow issue.\n\nCVE-2016-1690 \nRob Wu discovered a use-after-free issue.\n\nCVE-2016-1691 \nAtte Kettunen discovered a buffer overflow issue in the skia library.\n\nCVE-2016-1692 \nTil Jasper Ullrich discovered a cross-origin bypass issue.\n\nCVE-2016-1693 \nKhalil Zhani discovered that the Software Removal Tool download was\ndone over an HTTP connection.\n\nCVE-2016-1694 \nRyan Lester and Bryant Zadegan discovered that pinned public keys\nwould be removed when clearing the browser cache.\n\nCVE-2016-1695 \nThe chrome development team found and fixed various issues during\ninternal auditing.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"51.0.2704.63-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"51.0.2704.63-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"51.0.2704.63-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"51.0.2704.63-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"51.0.2704.63-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:59:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-06-06T00:00:00", "id": "OPENVAS:1361412562310851325", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851325", "title": "SuSE Update for Chromium openSUSE-SU-2016:1496-1 (Chromium)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_1496_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for Chromium openSUSE-SU-2016:1496-1 (Chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851325\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-06 05:25:42 +0200 (Mon, 06 Jun 2016)\");\n script_cve_id(\"CVE-2016-1672\", \"CVE-2016-1673\", \"CVE-2016-1674\", \"CVE-2016-1675\",\n \"CVE-2016-1676\", \"CVE-2016-1677\", \"CVE-2016-1678\", \"CVE-2016-1679\",\n \"CVE-2016-1680\", \"CVE-2016-1681\", \"CVE-2016-1682\", \"CVE-2016-1683\",\n \"CVE-2016-1684\", \"CVE-2016-1685\", \"CVE-2016-1686\", \"CVE-2016-1687\",\n \"CVE-2016-1688\", \"CVE-2016-1689\", \"CVE-2016-1690\", \"CVE-2016-1691\",\n \"CVE-2016-1692\", \"CVE-2016-1693\", \"CVE-2016-1694\", \"CVE-2016-1695\",\n \"CVE-2016-1696\", \"CVE-2016-1697\", \"CVE-2016-1698\", \"CVE-2016-1699\",\n \"CVE-2016-1700\", \"CVE-2016-1701\", \"CVE-2016-1702\", \"CVE-2016-1703\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Chromium openSUSE-SU-2016:1496-1 (Chromium)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Chromium was updated to 51.0.2704.79 to fix the following vulnerabilities:\n\n - CVE-2016-1696: Cross-origin bypass in Extension bindings\n\n - CVE-2016-1697: Cross-origin bypass in Blink\n\n - CVE-2016-1698: Information leak in Extension bindings\n\n - CVE-2016-1699: Parameter sanitization failure in DevTools\n\n - CVE-2016-1700: Use-after-free in Extensions\n\n - CVE-2016-1701: Use-after-free in Autofill\n\n - CVE-2016-1702: Out-of-bounds read in Skia\n\n - CVE-2016-1703: Various fixes from internal audits, fuzzing and other\n initiatives\n\n Also includes vulnerabilities fixed in 51.0.2704.63 (boo#981886):\n\n - CVE-2016-1672: Cross-origin bypass in extension bindings\n\n - CVE-2016-1673: Cross-origin bypass in Blink\n\n - CVE-2016-1674: Cross-origin bypass in extensions\n\n - CVE-2016-1675: Cross-origin bypass in Blink\n\n - CVE-2016-1676: Cross-origin bypass in extension bindings\n\n - CVE-2016-1677: Type confusion in V8\n\n - CVE-2016-1678: Heap overflow in V8\n\n - CVE-2016-1679: Heap use-after-free in V8 bindings\n\n - CVE-2016-1680: Heap use-after-free in Skia\n\n - CVE-2016-1681: Heap overflow in PDFium\n\n - CVE-2016-1682: CSP bypass for ServiceWorker\n\n - CVE-2016-1683: Out-of-bounds access in libxslt\n\n - CVE-2016-1684: Integer overflow in libxslt\n\n - CVE-2016-1685: Out-of-bounds read in PDFium\n\n - CVE-2016-1686: Out-of-bounds read in PDFium\n\n - CVE-2016-1687: Information leak in extensions\n\n - CVE-2016-1688: Out-of-bounds read in V8\n\n - CVE-2016-1689: Heap buffer overflow in media\n\n - CVE-2016-1690: Heap use-after-free in Autofill\n\n - CVE-2016-1691: Heap buffer-overflow in Skia\n\n - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker\n\n - CVE-2016-1693: HTTP Download of Software Removal Tool\n\n - CVE-2016-1694: HPKP pins removed on cache clearance\n\n - CVE-2016-1695: Various fixes from internal audits, fuzzing and other\n initiatives\");\n script_tag(name:\"affected\", value:\"Chromium on openSUSE 13.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1496_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~51.0.2704.79~105.2\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~51.0.2704.79~105.2\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~51.0.2704.79~105.2\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~51.0.2704.79~105.2\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~51.0.2704.79~105.2\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~51.0.2704.79~105.2\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~51.0.2704.79~105.2\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~51.0.2704.79~105.2\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~51.0.2704.79~105.2\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:12", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1667 \nMariusz Mylinski discovered a cross-origin bypass.\n\nCVE-2016-1668 \nMariusz Mylinski discovered a cross-origin bypass in bindings to v8.\n\nCVE-2016-1669 \nChoongwoo Han discovered a buffer overflow in the v8 javascript\nlibrary.\n\nCVE-2016-1670 \nA race condition was found that could cause the renderer process\nto reuse ids that should have been unique.\n\nCVE-2016-1672 \nMariusz Mylinski discovered a cross-origin bypass in extension\nbindings.\n\nCVE-2016-1673 \nMariusz Mylinski discovered a cross-origin bypass in Blink/Webkit.\n\nCVE-2016-1674 \nMariusz Mylinski discovered another cross-origin bypass in extension\nbindings.\n\nCVE-2016-1675 \nMariusz Mylinski discovered another cross-origin bypass in\nBlink/Webkit.\n\nCVE-2016-1676 \nRob Wu discovered a cross-origin bypass in extension bindings.\n\nCVE-2016-1677 \nGuang Gong discovered a type confusion issue in the v8 javascript\nlibrary.\n\nCVE-2016-1678 \nChristian Holler discovered an overflow issue in the v8 javascript\nlibrary.\n\nCVE-2016-1679 \nRob Wu discovered a use-after-free issue in the bindings to v8.\n\nCVE-2016-1680 \nAtte Kettunen discovered a use-after-free issue in the skia library.\n\nCVE-2016-1681 \nAleksandar Nikolic discovered an overflow issue in the pdfium\nlibrary.\n\nCVE-2016-1682 \nKingstonTime discovered a way to bypass the Content Security Policy.\n\nCVE-2016-1683 \nNicolas Gregoire discovered an out-of-bounds write issue in the\nlibxslt library.\n\nCVE-2016-1684 \nNicolas Gregoire discovered an integer overflow issue in the\nlibxslt library.\n\nCVE-2016-1685 \nKe Liu discovered an out-of-bounds read issue in the pdfium library.\n\nCVE-2016-1686 \nKe Liu discovered another out-of-bounds read issue in the pdfium\nlibrary.\n\nCVE-2016-1687 \nRob Wu discovered an information leak in the handling of extensions.\n\nCVE-2016-1688 \nMax Korenko discovered an out-of-bounds read issue in the v8\njavascript library.\n\nCVE-2016-1689 \nRob Wu discovered a buffer overflow issue.\n\nCVE-2016-1690 \nRob Wu discovered a use-after-free issue.\n\nCVE-2016-1691 \nAtte Kettunen discovered a buffer overflow issue in the skia library.\n\nCVE-2016-1692 \nTil Jasper Ullrich discovered a cross-origin bypass issue.\n\nCVE-2016-1693 \nKhalil Zhani discovered that the Software Removal Tool download was\ndone over an HTTP connection.\n\nCVE-2016-1694 \nRyan Lester and Bryant Zadegan discovered that pinned public keys\nwould be removed when clearing the browser cache.\n\nCVE-2016-1695 \nThe chrome development team found and fixed various issues during\ninternal auditing.", "modified": "2017-07-07T00:00:00", "published": "2016-06-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703590", "id": "OPENVAS:703590", "title": "Debian Security Advisory DSA 3590-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3590.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3590-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703590);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-1667\", \"CVE-2016-1668\", \"CVE-2016-1669\", \"CVE-2016-1670\",\n \"CVE-2016-1672\", \"CVE-2016-1673\", \"CVE-2016-1674\", \"CVE-2016-1675\",\n \"CVE-2016-1676\", \"CVE-2016-1677\", \"CVE-2016-1678\", \"CVE-2016-1679\",\n \"CVE-2016-1680\", \"CVE-2016-1681\", \"CVE-2016-1682\", \"CVE-2016-1683\",\n \"CVE-2016-1684\", \"CVE-2016-1685\", \"CVE-2016-1686\", \"CVE-2016-1687\",\n \"CVE-2016-1688\", \"CVE-2016-1689\", \"CVE-2016-1690\", \"CVE-2016-1691\",\n \"CVE-2016-1692\", \"CVE-2016-1693\", \"CVE-2016-1694\", \"CVE-2016-1695\");\n script_name(\"Debian Security Advisory DSA 3590-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-06-01 00:00:00 +0200 (Wed, 01 Jun 2016)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3590.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these\nproblems have been fixed in version 51.0.2704.63-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 51.0.2704.63-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1667 \nMariusz Mylinski discovered a cross-origin bypass.\n\nCVE-2016-1668 \nMariusz Mylinski discovered a cross-origin bypass in bindings to v8.\n\nCVE-2016-1669 \nChoongwoo Han discovered a buffer overflow in the v8 javascript\nlibrary.\n\nCVE-2016-1670 \nA race condition was found that could cause the renderer process\nto reuse ids that should have been unique.\n\nCVE-2016-1672 \nMariusz Mylinski discovered a cross-origin bypass in extension\nbindings.\n\nCVE-2016-1673 \nMariusz Mylinski discovered a cross-origin bypass in Blink/Webkit.\n\nCVE-2016-1674 \nMariusz Mylinski discovered another cross-origin bypass in extension\nbindings.\n\nCVE-2016-1675 \nMariusz Mylinski discovered another cross-origin bypass in\nBlink/Webkit.\n\nCVE-2016-1676 \nRob Wu discovered a cross-origin bypass in extension bindings.\n\nCVE-2016-1677 \nGuang Gong discovered a type confusion issue in the v8 javascript\nlibrary.\n\nCVE-2016-1678 \nChristian Holler discovered an overflow issue in the v8 javascript\nlibrary.\n\nCVE-2016-1679 \nRob Wu discovered a use-after-free issue in the bindings to v8.\n\nCVE-2016-1680 \nAtte Kettunen discovered a use-after-free issue in the skia library.\n\nCVE-2016-1681 \nAleksandar Nikolic discovered an overflow issue in the pdfium\nlibrary.\n\nCVE-2016-1682 \nKingstonTime discovered a way to bypass the Content Security Policy.\n\nCVE-2016-1683 \nNicolas Gregoire discovered an out-of-bounds write issue in the\nlibxslt library.\n\nCVE-2016-1684 \nNicolas Gregoire discovered an integer overflow issue in the\nlibxslt library.\n\nCVE-2016-1685 \nKe Liu discovered an out-of-bounds read issue in the pdfium library.\n\nCVE-2016-1686 \nKe Liu discovered another out-of-bounds read issue in the pdfium\nlibrary.\n\nCVE-2016-1687 \nRob Wu discovered an information leak in the handling of extensions.\n\nCVE-2016-1688 \nMax Korenko discovered an out-of-bounds read issue in the v8\njavascript library.\n\nCVE-2016-1689 \nRob Wu discovered a buffer overflow issue.\n\nCVE-2016-1690 \nRob Wu discovered a use-after-free issue.\n\nCVE-2016-1691 \nAtte Kettunen discovered a buffer overflow issue in the skia library.\n\nCVE-2016-1692 \nTil Jasper Ullrich discovered a cross-origin bypass issue.\n\nCVE-2016-1693 \nKhalil Zhani discovered that the Software Removal Tool download was\ndone over an HTTP connection.\n\nCVE-2016-1694 \nRyan Lester and Bryant Zadegan discovered that pinned public keys\nwould be removed when clearing the browser cache.\n\nCVE-2016-1695 \nThe chrome development team found and fixed various issues during\ninternal auditing.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"51.0.2704.63-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"51.0.2704.63-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"51.0.2704.63-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"51.0.2704.63-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"51.0.2704.63-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:55:17", "bulletinFamily": "info", "description": "Security researcher Mariusz Mlynski is having a good month.\n\nHaving cashed in earlier in May to the tune of $15,500, Mlynski pocketed another $30,000 courtesy of Google\u2019s bug bounty program after four high-severity vulnerabilities were patched in the Chrome browser, each worth $7,500 to the white-hat hacker.\n\nOn Thursday afternoon, Google pushed out Chrome version 51.0.2704.63, which included [42 security fixes](<http://googlechromereleases.blogspot.com/search/label/Stable%20updates>) and a long list of payouts via its bounty program.\n\nMlynski was at the top of the list, scoring big cash prizes for two separate cross-origin bypasses in Blink, a web browser engine developed as part of Google\u2019s Chromium project. He also found cross-origin bypasses in Chrome extensions and extension bindings.\n\nMlynski is from Poland, and for years has been one of the dominant browser vulnerability researchers, in particular at the annual Pwn2Own contest. In 2015, he used a cross-origin bug in Firefox to gain Windows admin privileges on a machine, earning himself $55,000; in 2014 he won another $50,000 with chaining together two Firefox flaws to gain privilege escalation on a Windows machine.\n\nRob Wu, a student at TU/e in the Netherlands, also earned a $7,500 bounty for a cross-origin bypass in extension bindings. Wu earned four bounties, good for $13,000.\n\nIn all, Google paid out 23 bounties for Chrome bugs; the other vulnerabilities patched Thursday were found internally. The bugs that earned bounties are:\n\n[$7500][[590118](<https://crbug.com/590118>)] High CVE-2016-1672: Cross-origin bypass in extension bindings. _Credit to Mariusz Mlynski._\n\n[$7500][[597532](<https://crbug.com/597532>)] High CVE-2016-1673: Cross-origin bypass in Blink. _Credit to Mariusz Mlynski._\n\n[$7500][[598165](<https://crbug.com/598165>)] High CVE-2016-1674: Cross-origin bypass in extensions. _Credit to Mariusz Mlynski._\n\n[$7500][[600182](<https://crbug.com/600182>)] High CVE-2016-1675: Cross-origin bypass in Blink. _Credit to Mariusz Mlynski._\n\n[$7500][[604901](<https://crbug.com/604901>)] High CVE-2016-1676: Cross-origin bypass in extension bindings. _Credit to Rob Wu._\n\n[$4000][[602970](<https://crbug.com/602970>)] Medium CVE-2016-1677: Type confusion in V8. _Credit to Guang Gong of Qihoo 360._\n\n[$3500][[595259](<https://crbug.com/595259>)] High CVE-2016-1678: Heap overflow in V8. _Credit to Christian Holler._\n\n[$3500][[606390](<https://crbug.com/606390>)] High CVE-2016-1679: Heap use-after-free in V8 bindings. _Credit to Rob Wu._\n\n[$3000][[589848](<https://crbug.com/589848>)] High CVE-2016-1680: Heap use-after-free in Skia. _Credit to Atte Kettunen of OUSPG._\n\n[$3000][[613160](<https://crbug.com/613160>)] High CVE-2016-1681: Heap overflow in PDFium. _Credit to Aleksandar Nikolic of Cisco Talos._\n\n[$1000][[579801](<https://crbug.com/579801>)] Medium CVE-2016-1682: CSP bypass for ServiceWorker. _Credit to KingstonTime._\n\n[$1000][[583156](<https://crbug.com/583156>)] Medium CVE-2016-1683: Out-of-bounds access in libxslt. _Credit to Nicolas Gregoire._\n\n[$1000][[583171](<https://crbug.com/583171>)] Medium CVE-2016-1684: Integer overflow in libxslt. _Credit to Nicolas Gregoire._\n\n[$1000][[601362](<https://crbug.com/601362>)] Medium CVE-2016-1685: Out-of-bounds read in PDFium. _Credit to Ke Liu of Tencent\u2019s Xuanwu LAB._\n\n[$1000][[603518](<https://crbug.com/603518>)] Medium CVE-2016-1686: Out-of-bounds read in PDFium. _Credit to Ke Liu of Tencent\u2019s Xuanwu LAB._\n\n[$1000][[603748](<https://crbug.com/603748>)] Medium CVE-2016-1687: Information leak in extensions. _Credit to Rob Wu._\n\n[$1000][[604897](<https://crbug.com/604897>)] Medium CVE-2016-1688: Out-of-bounds read in V8. _Credit to Max Korenko._\n\n[$1000][[606185](<https://crbug.com/606185>)] Medium CVE-2016-1689: Heap buffer overflow in media. _Credit to Atte Kettunen of OUSPG._\n\n[$1000][[608100](<https://crbug.com/608100>)] Medium CVE-2016-1690: Heap use-after-free in Autofill. _Credit to Rob Wu._\n\n[$500][[597926](<https://crbug.com/597926>)] Low CVE-2016-1691: Heap buffer-overflow in Skia. _Credit to Atte Kettunen of OUSPG._\n\n[$500][[598077](<https://crbug.com/598077>)] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. _Credit to Til Jasper Ullrich._\n\n[$500][[598752](<https://crbug.com/598752>)] Low CVE-2016-1693: HTTP Download of Software Removal Tool. _Credit to Khalil Zhani._\n\n[$500][[603682](<https://crbug.com/603682>)] Low CVE-2016-1694: HPKP pins removed on cache clearance. _Credit to Ryan Lester and Bryant Zadegan._\n", "modified": "2016-06-03T17:38:26", "published": "2016-05-27T07:00:25", "id": "THREATPOST:B36AB6343785674ABA567F7D7483C4E0", "href": "https://threatpost.com/researcher-pockets-30000-in-chrome-bounties/118337/", "type": "threatpost", "title": "Researcher Pockets $30,000 in Chrome Bounties", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:14", "bulletinFamily": "unix", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-51.0.2704.103\"", "modified": "2016-07-16T00:00:00", "published": "2016-07-16T00:00:00", "id": "GLSA-201607-07", "href": "https://security.gentoo.org/glsa/201607-07", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "description": "- CVE-2016-1672:\n\nCross-origin bypass in extension bindings. Credit to Mariusz Mlynski.\n\n- CVE-2016-1673:\n\nCross-origin bypass in Blink. Credit to Mariusz Mlynski.\n\n- CVE-2016-1674:\n\nCross-origin bypass in extensions. Credit to Mariusz Mlynski.\n\n- CVE-2016-1675:\n\nCross-origin bypass in Blink. Credit to Mariusz Mlynski.\n\n- CVE-2016-1676:\n\nCross-origin bypass in extension bindings. Credit to Rob Wu.\n\n- CVE-2016-1677:\n\nType confusion in V8. Credit to Guang Gong of Qihoo 360.\n\n- CVE-2016-1678:\n\nHeap overflow in V8. Credit to Christian Holler.\n\n- CVE-2016-1679:\n\nHeap use-after-free in V8 bindings. Credit to Rob Wu.\n\n- CVE-2016-1680:\n\nHeap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.\n\n- CVE-2016-1681:\n\nHeap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.\n\n- CVE-2016-1682:\n\nCSP bypass for ServiceWorker. Credit to KingstonTime.\n\n- CVE-2016-1683:\n\nOut-of-bounds access in libxslt. Credit to Nicolas Gregoire.\n\n- CVE-2016-1684:\n\nInteger overflow in libxslt. Credit to Nicolas Gregoire.\n\n- CVE-2016-1685:\n\nOut-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.\n\n- CVE-2016-1686:\n\nOut-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.\n\n- CVE-2016-1687:\n\nInformation leak in extensions. Credit to Rob Wu.\n\n- CVE-2016-1688:\n\nOut-of-bounds read in V8. Credit to Max Korenko.\n\n- CVE-2016-1689:\n\nHeap buffer overflow in media. Credit to Atte Kettunen of OUSPG.\n\n- CVE-2016-1690:\n\nHeap use-after-free in Autofill. Credit to Rob Wu.\n\n- CVE-2016-1691:\n\nHeap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.\n\n- CVE-2016-1692:\n\nLimited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.\n\n- CVE-2016-1693:\n\nHTTP Download of Software Removal Tool. Credit to Khalil Zhani.\n\n- CVE-2016-1694:\n\nHPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant\nZadegan.\n\n- CVE-2016-1695:\n\nVarious fixes from internal audits, fuzzing and other initiatives.", "modified": "2016-05-28T00:00:00", "published": "2016-05-28T00:00:00", "id": "ASA-201605-28", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html", "title": "chromium: multiple issues", "type": "archlinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:41:22", "bulletinFamily": "unix", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 51.0.2704.63.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1672, CVE-2016-1673, CVE-2016-1674, CVE-2016-1675, CVE-2016-1676, CVE-2016-1678, CVE-2016-1679, CVE-2016-1680, CVE-2016-1681, CVE-2016-1695, CVE-2016-1677, CVE-2016-1682, CVE-2016-1683, CVE-2016-1684, CVE-2016-1685, CVE-2016-1686, CVE-2016-1687, CVE-2016-1688, CVE-2016-1689, CVE-2016-1690, CVE-2016-1691, CVE-2016-1692, CVE-2016-1693, CVE-2016-1694)", "modified": "2018-06-07T09:04:03", "published": "2016-06-01T14:34:16", "id": "RHSA-2016:1190", "href": "https://access.redhat.com/errata/RHSA-2016:1190", "type": "redhat", "title": "(RHSA-2016:1190) Important: chromium-browser security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:26:04", "bulletinFamily": "unix", "description": "Chromium was updated to 51.0.2704.63 to fix the following vulnerabilities\n (boo#981886):\n\n - CVE-2016-1672: Cross-origin bypass in extension bindings\n - CVE-2016-1673: Cross-origin bypass in Blink\n - CVE-2016-1674: Cross-origin bypass in extensions\n - CVE-2016-1675: Cross-origin bypass in Blink\n - CVE-2016-1676: Cross-origin bypass in extension bindings\n - CVE-2016-1677: Type confusion in V8\n - CVE-2016-1678: Heap overflow in V8\n - CVE-2016-1679: Heap use-after-free in V8 bindings\n - CVE-2016-1680: Heap use-after-free in Skia\n - CVE-2016-1681: Heap overflow in PDFium\n - CVE-2016-1682: CSP bypass for ServiceWorker\n - CVE-2016-1683: Out-of-bounds access in libxslt\n - CVE-2016-1684: Integer overflow in libxslt\n - CVE-2016-1685: Out-of-bounds read in PDFium\n - CVE-2016-1686: Out-of-bounds read in PDFium\n - CVE-2016-1687: Information leak in extensions\n - CVE-2016-1688: Out-of-bounds read in V8\n - CVE-2016-1689: Heap buffer overflow in media\n - CVE-2016-1690: Heap use-after-free in Autofill\n - CVE-2016-1691: Heap buffer-overflow in Skia\n - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker\n - CVE-2016-1693: HTTP Download of Software Removal Tool\n - CVE-2016-1694: HPKP pins removed on cache clearance\n - CVE-2016-1695: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "modified": "2016-05-28T01:08:05", "published": "2016-05-28T01:08:05", "id": "OPENSUSE-SU-2016:1430-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:03:49", "bulletinFamily": "unix", "description": "Chromium was updated to 51.0.2704.63 to fix the following vulnerabilities\n (boo#981886):\n\n - CVE-2016-1672: Cross-origin bypass in extension bindings\n - CVE-2016-1673: Cross-origin bypass in Blink\n - CVE-2016-1674: Cross-origin bypass in extensions\n - CVE-2016-1675: Cross-origin bypass in Blink\n - CVE-2016-1676: Cross-origin bypass in extension bindings\n - CVE-2016-1677: Type confusion in V8\n - CVE-2016-1678: Heap overflow in V8\n - CVE-2016-1679: Heap use-after-free in V8 bindings\n - CVE-2016-1680: Heap use-after-free in Skia\n - CVE-2016-1681: Heap overflow in PDFium\n - CVE-2016-1682: CSP bypass for ServiceWorker\n - CVE-2016-1683: Out-of-bounds access in libxslt\n - CVE-2016-1684: Integer overflow in libxslt\n - CVE-2016-1685: Out-of-bounds read in PDFium\n - CVE-2016-1686: Out-of-bounds read in PDFium\n - CVE-2016-1687: Information leak in extensions\n - CVE-2016-1688: Out-of-bounds read in V8\n - CVE-2016-1689: Heap buffer overflow in media\n - CVE-2016-1690: Heap use-after-free in Autofill\n - CVE-2016-1691: Heap buffer-overflow in Skia\n - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker\n - CVE-2016-1693: HTTP Download of Software Removal Tool\n - CVE-2016-1694: HPKP pins removed on cache clearance\n - CVE-2016-1695: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "modified": "2016-05-28T01:08:32", "published": "2016-05-28T01:08:32", "id": "OPENSUSE-SU-2016:1433-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:45:49", "bulletinFamily": "unix", "description": "Chromium was updated to 51.0.2704.79 to fix the following vulnerabilities:\n\n - CVE-2016-1696: Cross-origin bypass in Extension bindings\n - CVE-2016-1697: Cross-origin bypass in Blink\n - CVE-2016-1698: Information leak in Extension bindings\n - CVE-2016-1699: Parameter sanitization failure in DevTools\n - CVE-2016-1700: Use-after-free in Extensions\n - CVE-2016-1701: Use-after-free in Autofill\n - CVE-2016-1702: Out-of-bounds read in Skia\n - CVE-2016-1703: Various fixes from internal audits, fuzzing and other\n initiatives\n\n Also includes vulnerabilities fixed in 51.0.2704.63 (boo#981886):\n\n - CVE-2016-1672: Cross-origin bypass in extension bindings\n - CVE-2016-1673: Cross-origin bypass in Blink\n - CVE-2016-1674: Cross-origin bypass in extensions\n - CVE-2016-1675: Cross-origin bypass in Blink\n - CVE-2016-1676: Cross-origin bypass in extension bindings\n - CVE-2016-1677: Type confusion in V8\n - CVE-2016-1678: Heap overflow in V8\n - CVE-2016-1679: Heap use-after-free in V8 bindings\n - CVE-2016-1680: Heap use-after-free in Skia\n - CVE-2016-1681: Heap overflow in PDFium\n - CVE-2016-1682: CSP bypass for ServiceWorker\n - CVE-2016-1683: Out-of-bounds access in libxslt\n - CVE-2016-1684: Integer overflow in libxslt\n - CVE-2016-1685: Out-of-bounds read in PDFium\n - CVE-2016-1686: Out-of-bounds read in PDFium\n - CVE-2016-1687: Information leak in extensions\n - CVE-2016-1688: Out-of-bounds read in V8\n - CVE-2016-1689: Heap buffer overflow in media\n - CVE-2016-1690: Heap use-after-free in Autofill\n - CVE-2016-1691: Heap buffer-overflow in Skia\n - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker\n - CVE-2016-1693: HTTP Download of Software Removal Tool\n - CVE-2016-1694: HPKP pins removed on cache clearance\n - CVE-2016-1695: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "modified": "2016-06-05T16:07:48", "published": "2016-06-05T16:07:48", "id": "OPENSUSE-SU-2016:1496-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html", "title": "Security update for Chromium (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:13:18", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3590-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJune 01, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670\n CVE-2016-1672 CVE-2016-1673 CVE-2016-1674 CVE-2016-1675\n CVE-2016-1676 CVE-2016-1677 CVE-2016-1678 CVE-2016-1679\n CVE-2016-1680 CVE-2016-1681 CVE-2016-1682 CVE-2016-1683\n CVE-2016-1684 CVE-2016-1685 CVE-2016-1686 CVE-2016-1687\n CVE-2016-1688 CVE-2016-1689 CVE-2016-1690 CVE-2016-1691\n CVE-2016-1692 CVE-2016-1693 CVE-2016-1694 CVE-2016-1695\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2016-1667\n\n Mariusz Mylinski discovered a cross-origin bypass.\n\nCVE-2016-1668\n\n Mariusz Mylinski discovered a cross-origin bypass in bindings to v8.\n\nCVE-2016-1669\n\n Choongwoo Han discovered a buffer overflow in the v8 javascript\n library.\n\nCVE-2016-1670\n\n A race condition was found that could cause the renderer process\n to reuse ids that should have been unique.\n\nCVE-2016-1672\n\n Mariusz Mylinski discovered a cross-origin bypass in extension\n bindings.\n\nCVE-2016-1673\n\n Mariusz Mylinski discovered a cross-origin bypass in Blink/Webkit.\n\nCVE-2016-1674\n\n Mariusz Mylinski discovered another cross-origin bypass in extension\n bindings.\n\nCVE-2016-1675\n\n Mariusz Mylinski discovered another cross-origin bypass in\n Blink/Webkit.\n\nCVE-2016-1676\n\n Rob Wu discovered a cross-origin bypass in extension bindings.\n\nCVE-2016-1677\n\n Guang Gong discovered a type confusion issue in the v8 javascript\n library.\n\nCVE-2016-1678\n\n Christian Holler discovered an overflow issue in the v8 javascript\n library.\n\nCVE-2016-1679\n\n Rob Wu discovered a use-after-free issue in the bindings to v8.\n\nCVE-2016-1680\n\n Atte Kettunen discovered a use-after-free issue in the skia library.\n\nCVE-2016-1681\n\n Aleksandar Nikolic discovered an overflow issue in the pdfium\n library.\n\nCVE-2016-1682\n\n KingstonTime discovered a way to bypass the Content Security Policy.\n\nCVE-2016-1683\n\n Nicolas Gregoire discovered an out-of-bounds write issue in the\n libxslt library.\n\nCVE-2016-1684\n\n Nicolas Gregoire discovered an integer overflow issue in the\n libxslt library.\n\nCVE-2016-1685\n\n Ke Liu discovered an out-of-bounds read issue in the pdfium library.\n\nCVE-2016-1686\n\n Ke Liu discovered another out-of-bounds read issue in the pdfium\n library.\n\nCVE-2016-1687\n\n Rob Wu discovered an information leak in the handling of extensions.\n\nCVE-2016-1688\n\n Max Korenko discovered an out-of-bounds read issue in the v8\n javascript library.\n\nCVE-2016-1689\n\n Rob Wu discovered a buffer overflow issue.\n\nCVE-2016-1690\n\n Rob Wu discovered a use-after-free issue.\n\nCVE-2016-1691\n\n Atte Kettunen discovered a buffer overflow issue in the skia library.\n\nCVE-2016-1692\n\n Til Jasper Ullrich discovered a cross-origin bypass issue.\n\nCVE-2016-1693\n\n Khalil Zhani discovered that the Software Removal Tool download was\n done over an HTTP connection.\n\nCVE-2016-1694\n\n Ryan Lester and Bryant Zadegan discovered that pinned public keys\n would be removed when clearing the browser cache.\n\nCVE-2016-1695\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 51.0.2704.63-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 51.0.2704.63-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-06-01T03:49:03", "published": "2016-06-01T03:49:03", "id": "DEBIAN:DSA-3590-1:B6DFB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00167.html", "title": "[SECURITY] [DSA 3590-1] chromium-browser security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
