http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html

openSUSE-SU-2015:2290

openSUSE-SU-2015:2291

RHSA-2015:2618

DSA-3418

78734

USN-2860-1

https://code.google.com/p/chromium/issues/detail?id=542054

https://codereview.chromium.org/1398453005

GLSA-201603-09

The remote host is affected by the vulnerability described in GLSA-201603-09 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in the Chromium web       browser. Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, or bypass security restrictions.
  Workaround :

    There is no known workaround at this time.

A race condition was discovered in the MutationObserver implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-6789)

An issue was discovered with the page serializer in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to inject arbitrary script or HTML.
(CVE-2015-6790)

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-6791)

Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-8548)

An integer overflow was discovered in the WebCursor::Deserialize function in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-8664).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Chromium was updated to 47.0.2526.80 to fix security issues and bugs.

The following vulnerabilities were fixed :

  - CVE-2015-6788: Type confusion in extensions

  - CVE-2015-6789: Use-after-free in Blink

  - CVE-2015-6790: Escaping issue in saved pages

  - CVE-2015-6791: Various fixes from internal audits,     fuzzing and other initiatives

The following vulnerabilities were fixed in 47.0.2526.73 :

  - CVE-2015-6765: Use-after-free in AppCache

  - CVE-2015-6766: Use-after-free in AppCache

  - CVE-2015-6767: Use-after-free in AppCache

  - CVE-2015-6768: Cross-origin bypass in DOM

  - CVE-2015-6769: Cross-origin bypass in core

  - CVE-2015-6770: Cross-origin bypass in DOM

  - CVE-2015-6771: Out of bounds access in v8

  - CVE-2015-6772: Cross-origin bypass in DOM

  - CVE-2015-6764: Out of bounds access in v8

  - CVE-2015-6773: Out of bounds access in Skia

  - CVE-2015-6774: Use-after-free in Extensions

  - CVE-2015-6775: Type confusion in PDFium

  - CVE-2015-6776: Out of bounds access in PDFium

  - CVE-2015-6777: Use-after-free in DOM

  - CVE-2015-6778: Out of bounds access in PDFium

  - CVE-2015-6779: Scheme bypass in PDFium

  - CVE-2015-6780: Use-after-free in Infobars

  - CVE-2015-6781: Integer overflow in Sfntly

  - CVE-2015-6782: Content spoofing in Omnibox

  - CVE-2015-6783: Signature validation issue in Android     Crazy Linker.

  - CVE-2015-6784: Escaping issue in saved pages

  - CVE-2015-6785: Wildcard matching issue in CSP

  - CVE-2015-6786: Scheme bypass in CSP

  - CVE-2015-6787: Various fixes from internal audits,     fuzzing and other initiatives.

  - Multiple vulnerabilities in V8 fixed at the tip of the     4.7 branch (currently 4.7.80.23)

The version of Google Chrome installed on the remote host is prior to 47.0.2526.80 and is affected by multiple vulnerabilities :

 - A type confusion error exists related to extensions that allows an attacker to have an unspecified impact. (CVE-2015-6788)
 - A use-after-free error exists in Blink that is triggered when handling updates. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-6789)
 - An unspecified escaping issue exists in saved pages. (CVE-2015-6790)
 - Multiple unspecified vulnerabilities exist that an attacker can exploit to have an unspecified impact. (CVE-2015-6791)
 - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-8438, CVE-2015-8446)
 - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455)
 - Multiple security bypass vulnerabilities exist that allow an attacker to write arbitrary data to the file system under user permissions. (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409)
 - A stack buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-8407, CVE-2015-8457)
 - A type confusion error exists that allows an attacker to execute arbitrary code. (CVE-2015-8439, CVE-2015-8456)
 - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-8445)
 - A buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-8415)
 - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454)
 - A flaw exists in Google V8 in serialize.cc that is triggered when handling alignment for deferred objects. An attacker can exploit this to have an unspecified impact. (CVE-2015-8548)
 This version of Chrome is also affect by the following Flash Player vulnerabilities :
 - Adobe Flash Player MP4 File Handling Out-of-bounds Access Arbitrary Code Execution. (CVE-2015-8652, CVE-2015-8654, CVE-2015-8655, CVE-2015-8656, CVE-2015-8657, CVE-2015-8820)
 - Adobe Flash Player MP4 File Handling Use-after-free Arbitrary Code Execution. (CVE-2015-8653)
 - Adobe Flash Player MP4 File Handling Uninitialized Pointer Deferefence Arbitrary Code Execution. (CVE-2015-8658)
 - Adobe Flash Player MP4 File Handling Use-after-free Arbitrary Code Execution. (CVE-2015-8821, CVE-2015-8822)

Google Chrome Releases reports :

7 security fixes in this release, including :

- [548273] High CVE-2015-6788: Type confusion in extensions. Credit to anonymous.

- [557981] High CVE-2015-6789: Use-after-free in Blink. Credit to cloudfuzzer.

- [542054] Medium CVE-2015-6790: Escaping issue in saved pages. Credit to Inti De Ceukelaire.

- [567513] CVE-2015-6791: Various fixes from internal audits, fuzzing and other initiatives.

- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23).

Several vulnerabilities have been discovered in the chromium web browser.

  - CVE-2015-6788     A type confusion issue was discovered in the handling of     extensions.

  - CVE-2015-6789     cloudfuzzer discovered a use-after-free issue.

  - CVE-2015-6790     Inti De Ceukelaire discovered a way to inject HTML into     serialized web pages.

  - CVE-2015-6791     The chrome 47 development team found and fixed various     issues during internal auditing. Also multiple issues     were fixed in the v8 JavaScript library, version     4.7.80.23.

Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2015-6788, CVE-2015-6789, CVE-2015-6790, CVE-2015-6791)

All Chromium users should upgrade to these updated packages, which contain Chromium version 47.0.2526.80, which corrects these issues.
After installing the update, Chromium must be restarted for the changes to take effect.

The version of Google Chrome installed on the remote Mac OS X host is prior to 47.0.2526.80. It is, therefore, affected by multiple vulnerabilities :

  - A type confusion error exists related to extensions that     allows an attacker to have an unspecified impact.
    (CVE-2015-6788)

  - A use-after-free error exists in Blink that is triggered     when handling updates. An unauthenticated, remote     attacker can exploit this to dereference already freed     memory, resulting in the execution of arbitrary code.
    (CVE-2015-6789)

  - An unspecified escaping issue exists in saved pages.
    (CVE-2015-6790)

  - Multiple unspecified vulnerabilities exist that an     attacker can exploit to have an unspecified impact.
    (CVE-2015-6791)

  - Multiple heap buffer overflow conditions exist that     allow an attacker to execute arbitrary code.
    (CVE-2015-8438, CVE-2015-8446)

  - Multiple memory corruption issues exist that allow an     attacker to execute arbitrary code. (CVE-2015-8045,     CVE-2015-8047, CVE-2015-8060, CVE-2015-8408,     CVE-2015-8416, CVE-2015-8417, CVE-2015-8418,     CVE-2015-8419, CVE-2015-8443, CVE-2015-8444,     CVE-2015-8451, CVE-2015-8455)

  - Multiple security bypass vulnerabilities exist that     allow an attacker to write arbitrary data to the file     system under user permissions. (CVE-2015-8453,     CVE-2015-8440,  CVE-2015-8409)

  - A stack buffer overflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2015-8407,     CVE-2015-8457)

  - A type confusion error exists that allows an attacker to     execute arbitrary code. (CVE-2015-8439, CVE-2015-8456)

  - An integer overflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2015-8445)

  - A buffer overflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2015-8415)

  - Multiple use-after-free errors exist that allow an     attacker to execute arbitrary code. (CVE-2015-8048,     CVE-2015-8049, CVE-2015-8050, CVE-2015-8055,     CVE-2015-8056, CVE-2015-8057, CVE-2015-8058,     CVE-2015-8059, CVE-2015-8061, CVE-2015-8062,     CVE-2015-8063, CVE-2015-8064, CVE-2015-8065,     CVE-2015-8066, CVE-2015-8067, CVE-2015-8068,     CVE-2015-8069, CVE-2015-8070, CVE-2015-8071,     CVE-2015-8401, CVE-2015-8402, CVE-2015-8403,     CVE-2015-8404, CVE-2015-8405, CVE-2015-8406,     CVE-2015-8410, CVE-2015-8411, CVE-2015-8412,     CVE-2015-8413, CVE-2015-8414, CVE-2015-8420,     CVE-2015-8421, CVE-2015-8422, CVE-2015-8423,     CVE-2015-8424, CVE-2015-8425, CVE-2015-8426,     CVE-2015-8427, CVE-2015-8428, CVE-2015-8429,     CVE-2015-8430, CVE-2015-8431, CVE-2015-8432,     CVE-2015-8433, CVE-2015-8434, CVE-2015-8435,     CVE-2015-8436, CVE-2015-8437, CVE-2015-8441,     CVE-2015-8442, CVE-2015-8447, CVE-2015-8448,     CVE-2015-8449, CVE-2015-8450, CVE-2015-8452,     CVE-2015-8454)

  - A flaw exists in Google V8 in serialize.cc that is     triggered when handling alignment for deferred objects.
    An attacker can exploit this to have an unspecified     impact. (CVE-2015-8548)

The version of Google Chrome installed on the remote Windows host is prior to 47.0.2526.80. It is, therefore, affected by multiple vulnerabilities :

  - A type confusion error exists related to extensions that     allows an attacker to have an unspecified impact.
    (CVE-2015-6788)

  - A use-after-free error exists in Blink that is triggered     when handling updates. An unauthenticated, remote     attacker can exploit this to dereference already freed     memory, resulting in the execution of arbitrary code.
    (CVE-2015-6789)

  - An unspecified escaping issue exists in saved pages.
    (CVE-2015-6790)

  - Multiple unspecified vulnerabilities exist that an     attacker can exploit to have an unspecified impact.
    (CVE-2015-6791)

  - Multiple heap buffer overflow conditions exist that     allow an attacker to execute arbitrary code.
    (CVE-2015-8438, CVE-2015-8446)

  - Multiple memory corruption issues exist that allow an     attacker to execute arbitrary code. (CVE-2015-8045,     CVE-2015-8047, CVE-2015-8060, CVE-2015-8408,     CVE-2015-8416, CVE-2015-8417, CVE-2015-8418,     CVE-2015-8419, CVE-2015-8443, CVE-2015-8444,     CVE-2015-8451, CVE-2015-8455)

  - Multiple security bypass vulnerabilities exist that     allow an attacker to write arbitrary data to the file     system under user permissions. (CVE-2015-8453,     CVE-2015-8440,  CVE-2015-8409)

  - A stack buffer overflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2015-8407,     CVE-2015-8457)

  - A type confusion error exists that allows an attacker to     execute arbitrary code. (CVE-2015-8439, CVE-2015-8456)

  - An integer overflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2015-8445)

  - A buffer overflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2015-8415)

  - Multiple use-after-free errors exist that allow an     attacker to execute arbitrary code. (CVE-2015-8048,     CVE-2015-8049, CVE-2015-8050, CVE-2015-8055,     CVE-2015-8056, CVE-2015-8057, CVE-2015-8058,     CVE-2015-8059, CVE-2015-8061, CVE-2015-8062,     CVE-2015-8063, CVE-2015-8064, CVE-2015-8065,     CVE-2015-8066, CVE-2015-8067, CVE-2015-8068,     CVE-2015-8069, CVE-2015-8070, CVE-2015-8071,     CVE-2015-8401, CVE-2015-8402, CVE-2015-8403,     CVE-2015-8404, CVE-2015-8405, CVE-2015-8406,     CVE-2015-8410, CVE-2015-8411, CVE-2015-8412,     CVE-2015-8413, CVE-2015-8414, CVE-2015-8420,     CVE-2015-8421, CVE-2015-8422, CVE-2015-8423,     CVE-2015-8424, CVE-2015-8425, CVE-2015-8426,     CVE-2015-8427, CVE-2015-8428, CVE-2015-8429,     CVE-2015-8430, CVE-2015-8431, CVE-2015-8432,     CVE-2015-8433, CVE-2015-8434, CVE-2015-8435,     CVE-2015-8436, CVE-2015-8437, CVE-2015-8441,     CVE-2015-8442, CVE-2015-8447, CVE-2015-8448,     CVE-2015-8449, CVE-2015-8450, CVE-2015-8452,     CVE-2015-8454)

  - A flaw exists in Google V8 in serialize.cc that is     triggered when handling alignment for deferred objects.
    An attacker can exploit this to have an unspecified     impact. (CVE-2015-8548)

ID	Name	Product	Family	Severity
89902	GLSA-201603-09 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
87868	Ubuntu 14.04 LTS / 15.04 / 15.10 : oxide-qt vulnerabilities (USN-2860-1)	Nessus	Ubuntu Local Security Checks	critical
87488	openSUSE Security Update : Chromium (openSUSE-2015-912)	Nessus	SuSE Local Security Checks	critical
9034	Google Chrome < 47.0.2526.80 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
87362	FreeBSD : chromium -- multiple vulnerabilities (72c145df-a1e0-11e5-8ad0-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	critical
87360	Debian DSA-3418-1 : chromium-browser - security update	Nessus	Debian Local Security Checks	critical
87336	RHEL 6 : chromium-browser (RHSA-2015:2618)	Nessus	Red Hat Local Security Checks	critical
87248	Google Chrome < 47.0.2526.80 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
87245	Google Chrome < 47.0.2526.80 Multiple Vulnerabilities	Nessus	Windows	critical

CVE-2015-6790

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins