GLSA-201808-01 : Chromium, Google Chrome: Multiple vulnerabilities

critical Nessus Plugin ID 112075

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201808-01 (Chromium, Google Chrome: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details.
Impact :

A remote attacker could escalate privileges, cause a heap buffer overflow, obtain sensitive information or spoof a URL.
Workaround :

There is no known workaround at this time.

Solution

All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-68.0.3440.75' All Google Chrome users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/google-chrome-68.0.3440.75'

See Also

http://www.nessus.org/u?89d1144b

https://security.gentoo.org/glsa/201808-01

Plugin Details

Severity: Critical

ID: 112075

File Name: gentoo_GLSA-201808-01.nasl

Version: 1.4

Type: local

Published: 8/23/2018

Updated: 2/6/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:chromium, p-cpe:/a:gentoo:linux:google-chrome, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 8/22/2018

Vulnerability Publication Date: 4/3/2018

Reference Information

CVE: CVE-2018-4117, CVE-2018-6044, CVE-2018-6150, CVE-2018-6151, CVE-2018-6152, CVE-2018-6153, CVE-2018-6154, CVE-2018-6155, CVE-2018-6156, CVE-2018-6157, CVE-2018-6158, CVE-2018-6159, CVE-2018-6160, CVE-2018-6161, CVE-2018-6162, CVE-2018-6163, CVE-2018-6164, CVE-2018-6165, CVE-2018-6166, CVE-2018-6167, CVE-2018-6168, CVE-2018-6169, CVE-2018-6170, CVE-2018-6171, CVE-2018-6172, CVE-2018-6173, CVE-2018-6174, CVE-2018-6175, CVE-2018-6176, CVE-2018-6177, CVE-2018-6178, CVE-2018-6179

GLSA: 201808-01