Executive Summary
| Summary | |
|---|---|
| Title | chromum-browser security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-3531 | First vendor Publication | 2016-03-25 |
| Vendor | Debian | Last vendor Modification | 2016-03-25 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1646 Wen Xu discovered an out-of-bounds read issue in the v8 library. CVE-2016-1647 A use-after-free issue was discovered. CVE-2016-1648 A use-after-free issue was discovered in the handling of extensions. CVE-2016-1649 lokihardt discovered a buffer overflow issue in the Almost Native Graphics Layer Engine (ANGLE) library. CVE-2016-1650 The chrome development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.9.385.33. For the stable distribution (jessie), these problems have been fixed in version 49.0.2623.108-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 49.0.2623.108-1. We recommend that you upgrade your chromum-browser packages. |
Original Source
| Url : http://www.debian.org/security/2016/dsa-3531 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-125 | Out-of-bounds Read |
| 50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-05-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201605-02.nasl - Type : ACT_GATHER_INFO |
| 2016-05-02 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2955-1.nasl - Type : ACT_GATHER_INFO |
| 2016-04-18 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-459.nasl - Type : ACT_GATHER_INFO |
| 2016-04-01 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8be8ca39ae704422bf1ad8fae6911c5e.nasl - Type : ACT_GATHER_INFO |
| 2016-04-01 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-418.nasl - Type : ACT_GATHER_INFO |
| 2016-04-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0525.nasl - Type : ACT_GATHER_INFO |
| 2016-03-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3531.nasl - Type : ACT_GATHER_INFO |
| 2016-03-25 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : google_chrome_49_0_2623_108.nasl - Type : ACT_GATHER_INFO |
| 2016-03-25 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_49_0_2623_108.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-03-30 05:27:38 |
|
| 2016-03-29 17:22:09 |
|
| 2016-03-29 13:21:00 |
|
| 2016-03-26 05:23:28 |
|
