Executive Summary

Summary
Title chromium-browser security update
Informations
Name RHSA-2016:1485 First vendor Publication 2016-07-26
Vendor RedHat Last vendor Modification 2016-07-26
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 52.0.2743.82.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1706, CVE-2016-1708, CVE-2016-1709, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5136, CVE-2016-5137, CVE-2016-1705)

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1358630 - CVE-2016-1706 chromium-browser: sandbox escape in ppapi 1358632 - CVE-2016-1708 chromium-browser: use-after-free in extensions 1358633 - CVE-2016-1709 chromium-browser: heap-buffer-overflow in sfntly 1358634 - CVE-2016-1710 chromium-browser: same-origin bypass in blink 1358636 - CVE-2016-1711 chromium-browser: same-origin bypass in blink 1358637 - CVE-2016-5127 chromium-browser: use-after-free in blink 1358638 - CVE-2016-5128 chromium-browser: same-origin bypass in v8 1358639 - CVE-2016-5129 chromium-browser: memory corruption in v8 1358640 - CVE-2016-5130 chromium-browser: url spoofing 1358641 - CVE-2016-5131 chromium-browser: use-after-free in libxml 1358642 - CVE-2016-5132 chromium-browser: limited same-origin bypass in service workers 1358643 - CVE-2016-5133 chromium-browser: origin confusion in proxy authentication 1358645 - CVE-2016-5134 chromium-browser: url leakage via pac script 1358646 - CVE-2016-5135 chromium-browser: content-security-policy bypass 1358647 - CVE-2016-5136 chromium-browser: use after free in extensions 1358648 - CVE-2016-5137 chromium-browser: history sniffing with hsts and csp 1358649 - CVE-2016-1705 chromium-browser: various fixes from internal audits

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2016-1485.html

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-416 Use After Free
12 % CWE-285 Improper Access Control (Authorization)
12 % CWE-254 Security Features
12 % CWE-200 Information Exposure
12 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12 % CWE-20 Improper Input Validation
6 % CWE-287 Improper Authentication
6 % CWE-284 Access Control (Authorization) Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 1
Application 3950
Application 1
Application 334
Application 144
Os 164
Os 121
Os 49
Os 10
Os 2
Os 2
Os 3
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1

Nessus® Vulnerability Scanner

Date Description
2018-06-28 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1156.nasl - Type : ACT_GATHER_INFO
2018-05-02 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1089.nasl - Type : ACT_GATHER_INFO
2018-05-02 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1088.nasl - Type : ACT_GATHER_INFO
2018-02-15 Name : The remote Fedora host is missing a security update.
File : fedora_2018-a6b59d8f78.nasl - Type : ACT_GATHER_INFO
2018-01-31 Name : The remote Fedora host is missing a security update.
File : fedora_2018-db610fff5b.nasl - Type : ACT_GATHER_INFO
2017-07-24 Name : The remote Fedora host is missing a security update.
File : fedora_2017-98bed96d12.nasl - Type : ACT_GATHER_INFO
2017-04-20 Name : The remote Fedora host is missing a security update.
File : fedora_2017-be8574d593.nasl - Type : ACT_GATHER_INFO
2017-04-20 Name : The remote Fedora host is missing a security update.
File : fedora_2017-a3a47973eb.nasl - Type : ACT_GATHER_INFO
2017-03-17 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3235-1.nasl - Type : ACT_GATHER_INFO
2017-01-17 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201701-37.nasl - Type : ACT_GATHER_INFO
2016-12-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3744.nasl - Type : ACT_GATHER_INFO
2016-11-01 Name : The remote Debian host is missing a security update.
File : debian_DLA-691.nasl - Type : ACT_GATHER_INFO
2016-10-31 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201610-09.nasl - Type : ACT_GATHER_INFO
2016-09-28 Name : The remote Apple TV device is affected by multiple vulnerabilities.
File : appletv_10.nasl - Type : ACT_GATHER_INFO
2016-09-23 Name : The remote host is missing a macOS update that fixes multiple security vulner...
File : macos_10_12.nasl - Type : ACT_GATHER_INFO
2016-08-08 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3041-1.nasl - Type : ACT_GATHER_INFO
2016-08-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3637.nasl - Type : ACT_GATHER_INFO
2016-08-01 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-919.nasl - Type : ACT_GATHER_INFO
2016-07-29 Name : A web browser installed on the remote Mac OS X host is affected by multiple v...
File : macosx_google_chrome_52_0_2743_82.nasl - Type : ACT_GATHER_INFO
2016-07-29 Name : A web browser installed on the remote Windows host is affected by multiple vu...
File : google_chrome_52_0_2743_82.nasl - Type : ACT_GATHER_INFO
2016-07-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-1485.nasl - Type : ACT_GATHER_INFO
2016-07-26 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-901.nasl - Type : ACT_GATHER_INFO
2016-07-26 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-900.nasl - Type : ACT_GATHER_INFO
2016-07-25 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_6fae9fe1504811e68aa73065ec8fd3ec.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2016-07-27 13:25:31
  • Multiple Updates
2016-07-26 13:24:12
  • First insertion