Executive Summary
| Summary | |
|---|---|
| Title | chromium-browser security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-3351 | First vendor Publication | 2015-09-03 |
| Vendor | Debian | Last vendor Modification | 2015-09-03 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1291 A cross-origin bypass issue was discovered in DOM. CVE-2015-1292 Mariusz Mlynski discovered a cross-origin bypass issue in ServiceWorker. CVE-2015-1293 Mariusz Mlynski discovered a cross-origin bypass issue in DOM. CVE-2015-1294 cloudfuzzer discovered a use-after-free issue in the Skia graphics library. CVE-2015-1295 A use-after-free issue was discovered in the printing component. CVE-2015-1296 zcorpan discovered a character spoofing issue. CVE-2015-1297 Alexander Kashev discovered a permission scoping error. CVE-2015-1298 Rob Wu discovered an error validating the URL of extensions. CVE-2015-1299 taro.suzuki.dev discovered a use-after-free issue in the Blink/WebKit library. CVE-2015-1300 cgvwzq discovered an information disclosure issue in the Blink/WebKit library. CVE-2015-1301 The chrome 45 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.5.103.29. For the stable distribution (jessie), these problems have been fixed in version 45.0.2454.85-1~deb8u1. For the testing distribution (stretch), these problems will be fixed once the gcc-5 transition completes. For the unstable distribution (sid), these problems have been fixed in version 45.0.2454.85-1. We recommend that you upgrade your chromium-browser packages. |
Original Source
| Url : http://www.debian.org/security/2015/dsa-3351 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 57 % | CWE-254 | Security Features |
| 43 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2015-09-03 | IAVM : 2015-B-0107 - Multiple Security Vulnerabilities in Google Chrome Severity : Category I - VMSKEY : V0061361 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201603-09.nasl - Type : ACT_GATHER_INFO |
| 2015-12-29 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-953.nasl - Type : ACT_GATHER_INFO |
| 2015-09-22 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-595.nasl - Type : ACT_GATHER_INFO |
| 2015-09-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1712.nasl - Type : ACT_GATHER_INFO |
| 2015-09-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2735-1.nasl - Type : ACT_GATHER_INFO |
| 2015-09-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3351.nasl - Type : ACT_GATHER_INFO |
| 2015-09-03 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a9350df8515711e5b5c1e8e0b747a45a.nasl - Type : ACT_GATHER_INFO |
| 2015-09-02 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : google_chrome_45_0_2454_85.nasl - Type : ACT_GATHER_INFO |
| 2015-09-02 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_45_0_2454_85.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2015-09-05 13:32:05 |
|
| 2015-09-04 21:32:26 |
|
| 2015-09-04 05:34:43 |
|
| 2015-09-04 05:29:46 |
|
