http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html

RHSA-2014:1894

60194

71159

1031241

https://chromium.googlesource.com/chromium/src/+/3a2cf7d1376ae33054b878232fb38b8fbed29e31

https://code.google.com/p/chromium/issues/detail?id=423030

google-chrome-cve20147906-code-exec(98794)

The version of Google Chrome installed on the remote host is a version prior to 39.0.2171.65. It is, therefore, affected by the following vulnerabilities :

  - A double-free vulnerability exists in the version of Adobe Flash bundled with Chrome which could result in arbitrary code execution. (CVE-2014-0574)

  - An unspecified address bar spoofing vulnerability exists which could be used to aid in phishing attacks. (CVE-2014-7899)

  - Multiple use-after-free vulnerabilities exist in pdfium which could result in arbitrary code execution. (CVE-2014-7900, CVE-2014-7902)

  - Integer overflow vulnerabilities exist in pdfium and the media component which could result in arbitrary code execution. (CVE-2014-7901, CVE-2014-7908)

  - Buffer overflow vulnerabilities exist in pdfium and Skia which could result in arbitrary code execution. (CVE-2014-7903, CVE-2014-7904)

  - Use-after-free vulnerabilities exist in Pepper plugins and Blink which could result in arbitrary code execution. (CVE-2014-7906, CVE-2014-7907)

  - An unspecified uninitialized memory read exists. (CVE-2014-7909)

  - Other unspecified vulnerabilities exist. (CVE-2014-7910)

Additionally, a number of undisclosed issues have been fixed.

chromium was updated to version 39.0.2171.65 to fix 13 security issues.

These security issues were fixed :

  - Use-after-free in pepper plugins (CVE-2014-7906).

  - Buffer overflow in OpenJPEG before r2911 in PDFium, as     used in Google Chromebefore 39.0.2171.65, al...
    (CVE-2014-7903).

  - Uninitialized memory read in Skia (CVE-2014-7909).

  - Unspecified security issues (CVE-2014-7910).

  - Integer overflow in media (CVE-2014-7908).

  - Integer overflow in the opj_t2_read_packet_data function     infxcodec/fx_libopenjpeg/libopenjpeg20/t2....
    (CVE-2014-7901).

  - Use-after-free in blink (CVE-2014-7907).

  - Address bar spoofing (CVE-2014-7899).

  - Buffer overflow in Skia (CVE-2014-7904).

  - Use-after-free vulnerability in the CPDF_Parser     (CVE-2014-7900).

  - Use-after-free vulnerability in PDFium allows DoS     (CVE-2014-7902).

  - Flaw allowing navigation to intents that do not have the     BROWSABLE category (CVE-2014-7905).

  - Double-free in Flash (CVE-2014-0574).

The remote host is affected by the vulnerability described in GLSA-201412-13 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker may be able to execute arbitrary code with the       privileges of the process or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2014-7904, CVE-2014-7906, CVE-2014-7907, CVE-2014-7910, CVE-2014-7908, CVE-2014-7909)

A flaw was found in the way Chromium parsed certain URL values. A malicious attacker could use this flaw to perform phishing attacks.
(CVE-2014-7899)

All Chromium users should upgrade to these updated packages, which contain Chromium version 39.0.2171.65, which corrects these issues.
After installing the update, Chromium must be restarted for the changes to take effect.

The version of Google Chrome installed on the remote Mac OS X host is a version prior to 39.0.2171.65. It is, therefore, affected by the following vulnerabilities :

  - A double-free vulnerability exists in the version of     Adobe Flash bundled with Chrome which could result in     arbitrary code execution. (CVE-2014-0574)

  - An unspecified address bar spoofing vulnerability     exists which could be used to aid in phishing attacks.
    (CVE-2014-7899)

  - Multiple use-after-free vulnerabilities exist in pdfium     which could result in arbitrary code execution.
    (CVE-2014-7900, CVE-2014-7902)

  - Integer overflow vulnerabilities exist in pdfium and     the media component which could result in arbitrary     code execution. (CVE-2014-7901, CVE-2014-7908)

  - Buffer overflow vulnerabilities exist in pdfium and     Skia which could result in arbitrary code execution.
    (CVE-2014-7903, CVE-2014-7904)

  - Use-after-free vulnerabilities exist in Pepper plugins     and Blink which could result in arbitrary code     execution. (CVE-2014-7906, CVE-2014-7907)

  - An unspecified uninitialized memory read exists.
    (CVE-2014-7909)

  - Multiple unspecified vulnerabilities exist.
    (CVE-2014-7910)

The version of Google Chrome installed on the remote Windows host is a version prior to 39.0.2171.65. It is, therefore, affected by the following vulnerabilities :

  - A double-free vulnerability exists in the version of     Adobe Flash bundled with Chrome which could result in     arbitrary code execution. (CVE-2014-0574)

  - An unspecified address bar spoofing vulnerability     exists which could be used to aid in phishing attacks.
    (CVE-2014-7899)

  - Multiple use-after-free vulnerabilities exist in pdfium     which could result in arbitrary code execution.
    (CVE-2014-7900, CVE-2014-7902)

  - Integer overflow vulnerabilities exist in pdfium and     the media component which could result in arbitrary     code execution. (CVE-2014-7901, CVE-2014-7908)

  - Buffer overflow vulnerabilities exist in pdfium and     Skia which could result in arbitrary code execution.
    (CVE-2014-7903, CVE-2014-7904)

  - Use-after-free vulnerabilities exist in Pepper plugins     and Blink which could result in arbitrary code     execution. (CVE-2014-7906, CVE-2014-7907)

  - An unspecified uninitialized memory read exists.
    (CVE-2014-7909)

  - Multiple unspecified vulnerabilities exist.
    (CVE-2014-7910)

Google Chrome Releases reports :

42 security fixes in this release, including :

- [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey.

- [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG.

- [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer.

- [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer.

- [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer.

- [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG.

- [421817] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team.

- [423030] High CVE-2014-7906: Use-after-free in pepper plugins.
Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.

- [423703] High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou.

- [424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.

- [425980] High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl.

- [391001] Medium CVE-2014-7909: Uninitialized memory read in Skia.
Credit to miaubiz.

- CVE-2014-7910: Various fixes from internal audits, fuzzing and other initiatives.

ID	Name	Product	Family	Severity
8580	Google Chrome < 39.0.2171.65 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
79997	openSUSE Security Update : chromium (openSUSE-SU-2014:1626-1)	Nessus	SuSE Local Security Checks	critical
79966	GLSA-201412-13 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
79426	RHEL 6 : chromium-browser (RHSA-2014:1894)	Nessus	Red Hat Local Security Checks	high
79337	Google Chrome < 39.0.2171.65 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
79336	Google Chrome < 39.0.2171.65 Multiple Vulnerabilities	Nessus	Windows	critical
79320	FreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	critical

CVE-2014-7906

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

high

critical

critical

high

critical

critical

critical