Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title chromium-browser security update
Informations
Name RHSA-2017:0499 First vendor Publication 2017-03-14
Vendor RedHat Last vendor Modification 2017-03-14
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 57.0.2987.98.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5032, CVE-2017-5034, CVE-2017-5035, CVE-2017-5036, CVE-2017-5037, CVE-2017-5039, CVE-2017-5033, CVE-2017-5038, CVE-2017-5040, CVE-2017-5041, CVE-2017-5042, CVE-2017-5043, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046)

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1431030 - CVE-2017-5030 chromium-browser: memory corruption in v8 1431031 - CVE-2017-5031 chromium-browser: use after free in angle 1431032 - CVE-2017-5032 chromium-browser: out of bounds write in pdfium 1431033 - CVE-2017-5029 chromium-browser: integer overflow in libxslt 1431034 - CVE-2017-5034 chromium-browser: use after free in pdfium 1431036 - CVE-2017-5035 chromium-browser: incorrect security ui in omnibox 1431037 - CVE-2017-5036 chromium-browser: use after free in pdfium 1431038 - CVE-2017-5037 chromium-browser: multiple out of bounds writes in chunkdemuxer 1431039 - CVE-2017-5039 chromium-browser: use after free in pdfium 1431040 - CVE-2017-5040 chromium-browser: information disclosure in v8 1431041 - CVE-2017-5041 chromium-browser: address spoofing in omnibox 1431042 - CVE-2017-5033 chromium-browser: bypass of content security policy in blink 1431043 - CVE-2017-5042 chromium-browser: incorrect handling of cookies in cast 1431044 - CVE-2017-5038 chromium-browser: use after free in guestview 1431045 - CVE-2017-5043 chromium-browser: use after free in guestview 1431046 - CVE-2017-5044 chromium-browser: heap overflow in skia 1431047 - CVE-2017-5045 chromium-browser: information disclosure in xss auditor 1431048 - CVE-2017-5046 chromium-browser: information disclosure in blink

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2017-0499.html

CWE : Common Weakness Enumeration

% Id Name
38 % CWE-416 Use After Free
19 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
6 % CWE-362 Race Condition
6 % CWE-311 Missing Encryption of Sensitive Data (CWE/SANS Top 25)
6 % CWE-281 Improper Preservation of Permissions
6 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)
6 % CWE-125 Out-of-bounds Read
6 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
6 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3977
Os 3

Snort® IPS/IDS

Date Description
2019-12-17 Google Chrome Javascript V8 Array.includes information leak attempt
RuleID : 52251 - Revision : 1 - Type : BROWSER-CHROME
2019-12-17 Google Chrome Javascript V8 Array.includes information leak attempt
RuleID : 52250 - Revision : 1 - Type : BROWSER-CHROME
2019-12-17 Google Chrome Javascript V8 Array.indexOf information leak attempt
RuleID : 52249 - Revision : 1 - Type : BROWSER-CHROME
2019-12-17 Google Chrome Javascript V8 Array.indexOf information leak attempt
RuleID : 52248 - Revision : 1 - Type : BROWSER-CHROME
2017-03-30 multiple browsers content security policy bypass attempt
RuleID : 42112 - Revision : 2 - Type : BROWSER-OTHER

Nessus® Vulnerability Scanner

Date Description
2018-08-17 Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2017-0018.nasl - Type : ACT_GATHER_INFO
2018-04-04 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201804-01.nasl - Type : ACT_GATHER_INFO
2017-09-15 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_6a177c87993311e793f7d43d7e971a1b.nasl - Type : ACT_GATHER_INFO
2017-07-24 Name : The remote Fedora host is missing a security update.
File : fedora_2017-98bed96d12.nasl - Type : ACT_GATHER_INFO
2017-07-17 Name : The remote Fedora host is missing a security update.
File : fedora_2017-e83c26a8c9.nasl - Type : ACT_GATHER_INFO
2017-07-13 Name : The remote Fedora host is missing a security update.
File : fedora_2017-58cde32413.nasl - Type : ACT_GATHER_INFO
2017-05-24 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-609.nasl - Type : ACT_GATHER_INFO
2017-05-17 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1313-1.nasl - Type : ACT_GATHER_INFO
2017-05-16 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1282-1.nasl - Type : ACT_GATHER_INFO
2017-05-11 Name : The remote Windows host contains a web browser that is affected by a remote c...
File : mozilla_firefox_53_0_2.nasl - Type : ACT_GATHER_INFO
2017-05-11 Name : The remote Windows host contains a web browser that is affected by a remote c...
File : mozilla_firefox_52_1_1_esr.nasl - Type : ACT_GATHER_INFO
2017-05-08 Name : An application running on the remote host is affected by multiple vulnerabili...
File : itunes_12_6_banner.nasl - Type : ACT_GATHER_INFO
2017-05-08 Name : An application installed on the remote host is affected by multiple vulnerabi...
File : itunes_12_6.nasl - Type : ACT_GATHER_INFO
2017-04-28 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3271-1.nasl - Type : ACT_GATHER_INFO
2017-04-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201704-02.nasl - Type : ACT_GATHER_INFO
2017-03-31 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2017-001.nasl - Type : ACT_GATHER_INFO
2017-03-30 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3236-1.nasl - Type : ACT_GATHER_INFO
2017-03-24 Name : The remote Debian host is missing a security update.
File : debian_DLA-866.nasl - Type : ACT_GATHER_INFO
2017-03-20 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-353.nasl - Type : ACT_GATHER_INFO
2017-03-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3810.nasl - Type : ACT_GATHER_INFO
2017-03-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-0499.nasl - Type : ACT_GATHER_INFO
2017-03-14 Name : A web browser installed on the remote macOS or Mac OS X host is affected by m...
File : macosx_google_chrome_57_0_2987_98.nasl - Type : ACT_GATHER_INFO
2017-03-14 Name : A web browser installed on the remote Windows host is affected by multiple vu...
File : google_chrome_57_0_2987_98.nasl - Type : ACT_GATHER_INFO
2017-03-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_a505d397075811e78d8be8e0b747a45a.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2018-01-05 09:26:26
  • Multiple Updates
2017-03-15 13:22:41
  • Multiple Updates
2017-03-14 09:22:50
  • First insertion