Executive Summary
| Summary | |
|---|---|
| Title | chromium-browser security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-3590 | First vendor Publication | 2016-06-01 |
| Vendor | Debian | Last vendor Modification | 2016-06-01 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass. CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8. CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 javascript library. CVE-2016-1670 A race condition was found that could cause the renderer process to reuse ids that should have been unique. CVE-2016-1672 Mariusz Mylinski discovered a cross-origin bypass in extension bindings. CVE-2016-1673 Mariusz Mylinski discovered a cross-origin bypass in Blink/Webkit. CVE-2016-1674 Mariusz Mylinski discovered another cross-origin bypass in extension bindings. CVE-2016-1675 Mariusz Mylinski discovered another cross-origin bypass in Blink/Webkit. CVE-2016-1676 Rob Wu discovered a cross-origin bypass in extension bindings. CVE-2016-1677 Guang Gong discovered a type confusion issue in the v8 javascript library. CVE-2016-1678 Christian Holler discovered an overflow issue in the v8 javascript library. CVE-2016-1679 Rob Wu discovered a use-after-free issue in the bindings to v8. CVE-2016-1680 Atte Kettunen discovered a use-after-free issue in the skia library. CVE-2016-1681 Aleksandar Nikolic discovered an overflow issue in the pdfium library. CVE-2016-1682 KingstonTime discovered a way to bypass the Content Security Policy. CVE-2016-1683 Nicolas Gregoire discovered an out-of-bounds write issue in the libxslt library. CVE-2016-1684 Nicolas Gregoire discovered an integer overflow issue in the libxslt library. CVE-2016-1685 Ke Liu discovered an out-of-bounds read issue in the pdfium library. CVE-2016-1686 Ke Liu discovered another out-of-bounds read issue in the pdfium library. CVE-2016-1687 Rob Wu discovered an information leak in the handling of extensions. CVE-2016-1688 Max Korenko discovered an out-of-bounds read issue in the v8 javascript library. CVE-2016-1689 Rob Wu discovered a buffer overflow issue. CVE-2016-1690 Rob Wu discovered a use-after-free issue. CVE-2016-1691 Atte Kettunen discovered a buffer overflow issue in the skia library. CVE-2016-1692 Til Jasper Ullrich discovered a cross-origin bypass issue. CVE-2016-1693 Khalil Zhani discovered that the Software Removal Tool download was done over an HTTP connection. CVE-2016-1694 Ryan Lester and Bryant Zadegan discovered that pinned public keys would be removed when clearing the browser cache. CVE-2016-1695 The chrome development team found and fixed various issues during internal auditing. For the stable distribution (jessie), these problems have been fixed in version 51.0.2704.63-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 51.0.2704.63-1. We recommend that you upgrade your chromium-browser packages. |
Original Source
| Url : http://www.debian.org/security/2016/dsa-3590 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 42 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 38 % | CWE-284 | Access Control (Authorization) Issues |
| 8 % | CWE-254 | Security Features |
| 8 % | CWE-200 | Information Exposure |
| 4 % | CWE-362 | Race Condition |
CPE : Common Platform Enumeration
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-06-09 | Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow ... RuleID : 39162 - Revision : 4 - Type : FILE-PDF |
| 2016-06-09 | Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow ... RuleID : 39161 - Revision : 4 - Type : FILE-PDF |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2017-04-28 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-3271-1.nasl - Type : ACT_GATHER_INFO |
| 2016-11-17 | Name : An IDE application installed on the remote macOS or Mac OS X host is affected... File : macosx_xcode_81.nasl - Type : ACT_GATHER_INFO |
| 2016-10-12 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1172.nasl - Type : ACT_GATHER_INFO |
| 2016-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2016-6fd3131c03.nasl - Type : ACT_GATHER_INFO |
| 2016-08-09 | Name : The remote Fedora host is missing a security update. File : fedora_2016-e720bc8451.nasl - Type : ACT_GATHER_INFO |
| 2016-07-21 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-884.nasl - Type : ACT_GATHER_INFO |
| 2016-07-21 | Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File : macosx_SecUpd2016-004.nasl - Type : ACT_GATHER_INFO |
| 2016-07-21 | Name : The remote host is missing a Mac OS X security update that fixes multiple vul... File : macosx_10_11_6.nasl - Type : ACT_GATHER_INFO |
| 2016-07-21 | Name : The remote device is affected by multiple vulnerabilities. File : appletv_9_2_2.nasl - Type : ACT_GATHER_INFO |
| 2016-07-19 | Name : The remote host is running an application that is affected by multiple vulner... File : itunes_12_4_2_banner.nasl - Type : ACT_GATHER_INFO |
| 2016-07-19 | Name : The remote host contains an application that is affected by multiple vulnerab... File : itunes_12_4_2.nasl - Type : ACT_GATHER_INFO |
| 2016-07-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201607-07.nasl - Type : ACT_GATHER_INFO |
| 2016-06-27 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-756.nasl - Type : ACT_GATHER_INFO |
| 2016-06-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_1a2aa04f371811e6b3c814dae9d210b8.nasl - Type : ACT_GATHER_INFO |
| 2016-06-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3605.nasl - Type : ACT_GATHER_INFO |
| 2016-06-14 | Name : The remote Debian host is missing a security update. File : debian_DLA-514.nasl - Type : ACT_GATHER_INFO |
| 2016-06-07 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2992-1.nasl - Type : ACT_GATHER_INFO |
| 2016-06-07 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c039a7612c2911e689123065ec8fd3ec.nasl - Type : ACT_GATHER_INFO |
| 2016-06-06 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-682.nasl - Type : ACT_GATHER_INFO |
| 2016-06-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-1190.nasl - Type : ACT_GATHER_INFO |
| 2016-06-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3590.nasl - Type : ACT_GATHER_INFO |
| 2016-06-01 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-652.nasl - Type : ACT_GATHER_INFO |
| 2016-05-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4dfafa1624ba11e6bd313065ec8fd3ec.nasl - Type : ACT_GATHER_INFO |
| 2016-05-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1a6bbb9524b811e6bd313065ec8fd3ec.nasl - Type : ACT_GATHER_INFO |
| 2016-05-27 | Name : A web browser installed on the remote Mac OS X host is affected by multiple v... File : macosx_google_chrome_51_0_2704_63.nasl - Type : ACT_GATHER_INFO |
| 2016-05-27 | Name : A web browser installed on the remote Windows host is affected by multiple vu... File : google_chrome_51_0_2704_63.nasl - Type : ACT_GATHER_INFO |
| 2016-05-19 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2960-1.nasl - Type : ACT_GATHER_INFO |
| 2016-05-17 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-584.nasl - Type : ACT_GATHER_INFO |
| 2016-05-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201605-02.nasl - Type : ACT_GATHER_INFO |
| 2016-05-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-1080.nasl - Type : ACT_GATHER_INFO |
| 2016-05-13 | Name : A web browser installed on the remote Windows host is affected by multiple vu... File : google_chrome_50_0_2661_102.nasl - Type : ACT_GATHER_INFO |
| 2016-05-13 | Name : A web browser installed on the remote Mac OS X host is affected by multiple v... File : macosx_google_chrome_50_0_2661_102.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-06-06 05:38:06 |
|
| 2016-06-03 13:27:14 |
|
| 2016-06-01 09:24:08 |
|
