http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html

openSUSE-SU-2016:0249

openSUSE-SU-2016:0250

openSUSE-SU-2016:0271

RHSA-2016:0072

DSA-3456

81430

1034801

USN-2877-1

https://code.google.com/p/chromium/issues/detail?id=544691

https://codereview.chromium.org/1407393002/

GLSA-201603-09

The remote host is affected by the vulnerability described in GLSA-201603-09 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in the Chromium web       browser. Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, or bypass security restrictions.
  Workaround :

    There is no known workaround at this time.

Chromium was updated to 48.0.2564.82 to fix security issues and bugs.

The following vulnerabilities were fixed :

  - CVE-2016-1612: Bad cast in V8 (boo#963184)

  - CVE-2016-1613: Use-after-free in PDFium (boo#963185)

  - CVE-2016-1614: Information leak in Blink (boo#963186)

  - CVE-2016-1615: Origin confusion in Omnibox (boo#963187)

  - CVE-2016-1616: URL Spoofing (boo#963188)

  - CVE-2016-1617: History sniffing with HSTS and CSP     (boo#963189)

  - CVE-2016-1618: Weak random number generator in Blink     (boo#963190)

  - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)

  - CVE-2016-1620 chromium-browser: various fixes     (boo#963192)

This update also enables SSE2 support on x86_64, VA-API hardware acceleration and fixes a crash when trying to enable the Chromecast extension.

The version of Google Chrome on the remote host is prior to 48.0.2564.82 and is affected by the following vulnerabilities :

 - An unspecified vulnerability exists in Google V8 when handling compatible receiver checks hidden behind receptors.  An attacker can exploit this to have an unspecified impact.  No other details are available. (CVE-2016-1612)
 - A use-after-free error exists in 'PDFium' due to improper invalidation of 'IPWL_FocusHandler' and 'IPWL_Provider' upon destruction.  An attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-1613)
 - An unspecified vulnerability exists in 'Blink' that is related to the handling of bitmaps.  An attacker can exploit this to access sensitive information.  No other details are available. (CVE-2016-1614)
 - An unspecified vulnerability exists in 'omnibox' that is related to origin confusion.  An attacker can exploit this to have an unspecified impact.  No other details are available. (CVE-2016-1615)
 - An unspecified vulnerability exists that allows an attacker to spoof a displayed URL.  No other details are available. (CVE-2016-1616)
 - An unspecified vulnerability exists that is related to history sniffing with HSTS and CSP. No other details are available. (CVE-2016-1617)
 - A flaw exists in 'Blink' due to the weak generation of random numbers by the ARC4-based random number generator.  An attacker can exploit this to gain access to sensitive information.  No other details are available. (CVE-2016-1618)
 - An out-of-bounds read error exists in 'PDFium' in file 'fx_codec_jpx_opj.cpp' in the 'sycc4{22,44}_to_rgb()' functions. An attacker can exploit this to cause a denial of service by crashing the application linked using the library. (CVE-2016-1619)
 - Multiple vulnerabilities exist, the most serious of which allow an attacker to execute arbitrary code via a crafted web page. (CVE-2016-1620)
 - A flaw in 'objects.cc' is triggered when handling cleared 'WeakCells', which may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (CVE-2016-2051)

A bad cast was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process.
(CVE-2016-1612)

An issue was discovered when initializing the UnacceleratedImageBufferSurface class in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information.
(CVE-2016-1614)

An issue was discovered with the CSP implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to determine whether specific HSTS sites had been visited by reading a CSP report. (CVE-2016-1617)

An issue was discovered with random number generator in Blink. An attacker could potentially exploit this to defeat cryptographic protection mechanisms. (CVE-2016-1618)

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1620)

Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-2051)

Multiple security issues were discovered in Harfbuzz. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2016-2052).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615, CVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620, CVE-2016-2051, CVE-2016-2052)

All Chromium users should upgrade to these updated packages, which contain Chromium version 48.0.2564.82, which corrects these issues.
After installing the update, Chromium must be restarted for the changes to take effect.

Several vulnerabilities were discovered in the chromium web browser.

  - CVE-2015-6792     An issue was found in the handling of MIDI files.

  - CVE-2016-1612     cloudfuzzer discovered a logic error related to receiver     compatibility in the v8 JavaScript library.

  - CVE-2016-1613     A use-after-free issue was discovered in the pdfium     library.

  - CVE-2016-1614     Christoph Diehl discovered an information leak in     Webkit/Blink.

  - CVE-2016-1615     Ron Masas discovered a way to spoof URLs.

  - CVE-2016-1616     Luan Herrera discovered a way to spoof URLs.

  - CVE-2016-1617     jenuis discovered a way to discover whether an HSTS     website had been visited.

  - CVE-2016-1618     Aaron Toponce discovered the use of weak random number     generator.

  - CVE-2016-1619     Keve Nagy discovered an out-of-bounds-read issue in the     pdfium library.

  - CVE-2016-1620     The chrome 48 development team found and fixed various     issues during internal auditing. Also multiple issues     were fixed in the v8 JavaScript library, version     4.7.271.17.

The version of Google Chrome installed on the remote Mac OS X host is prior to 48.0.2564.82. It is, therefore, affected by multiple vulnerabilities :

  - A unspecified vulnerability exists in Google V8 when     handling compatible receiver checks hidden behind     receptors. An attacker can exploit this to have an     unspecified impact. No other details are available.
    (CVE-2016-1612)

  - A user-after-free error exists in PDFium due to improper     invalidation of IPWL_FocusHandler and IPWL_Provider upon     destruction. An attacker can exploit this to deference     already freed memory, resulting in the execution of     arbitrary code. (CVE-2016-1613)

  - An unspecified vulnerability exists in Blink that is     related to the handling of bitmaps. An attacker can     exploit this to access sensitive information. No other     details are available. (CVE-2016-1614)

  - An unspecified vulnerability exists in omnibox that is     related to origin confusion. An attacker can exploit     this to have an unspecified impact. No other details are     available. (CVE-2016-1615)

  - An unspecified vulnerability exists that allows an     attacker to spoof a displayed URL. No other details are     available. (CVE-2016-1616)

  - An unspecified vulnerability exists that is related to     history sniffing with HSTS and CSP. No other details     are available. (CVE-2016-1617)

  - A flaw exists in Blink due to the weak generation of     random numbers by the ARC4-based random number     generator. An attacker can exploit this to gain     access to sensitive information. No other details are     available. (CVE-2016-1618)

  - A out-of-bounds read error exists in PDFium in file     fx_codec_jpx_opj.cpp in the sycc4{22,44}_to_rgb()     functions. An attacker can exploit this to cause a     denial of service by crashing the application linked     using the library. (CVE-2016-1619)

  - Multiple vulnerabilities exist, the most serious of     which allow an attacker to execute arbitrary code via a     crafted web page. (CVE-2016-1620)

The version of Google Chrome installed on the remote Windows host is prior to 48.0.2564.82. It is, therefore, affected by multiple vulnerabilities :

  - A unspecified vulnerability exists in Google V8 when     handling compatible receiver checks hidden behind     receptors. An attacker can exploit this to have an     unspecified impact. No other details are available.
    (CVE-2016-1612)

  - A user-after-free error exists in PDFium due to improper     invalidation of IPWL_FocusHandler and IPWL_Provider upon     destruction. An attacker can exploit this to deference     already freed memory, resulting in the execution of     arbitrary code. (CVE-2016-1613)

  - An unspecified vulnerability exists in Blink that is     related to the handling of bitmaps. An attacker can     exploit this to access sensitive information. No other     details are available. (CVE-2016-1614)

  - An unspecified vulnerability exists in omnibox that is     related to origin confusion. An attacker can exploit     this to have an unspecified impact. No other details are     available. (CVE-2016-1615)

  - An unspecified vulnerability exists that allows an     attacker to spoof a displayed URL. No other details are     available. (CVE-2016-1616)

  - An unspecified vulnerability exists that is related to     history sniffing with HSTS and CSP. No other details     are available. (CVE-2016-1617)

  - A flaw exists in Blink due to the weak generation of     random numbers by the ARC4-based random number     generator. An attacker can exploit this to gain     access to sensitive information. No other details are     available. (CVE-2016-1618)

  - A out-of-bounds read error exists in PDFium in file     fx_codec_jpx_opj.cpp in the sycc4{22,44}_to_rgb()     functions. An attacker can exploit this to cause a     denial of service by crashing the application linked     using the library. (CVE-2016-1619)

  - Multiple vulnerabilities exist, the most serious of     which allow an attacker to execute arbitrary code via a     crafted web page. (CVE-2016-1620)

Google Chrome Releases reports :

This update includes 37 security fixes, including :

- [497632] High CVE-2016-1612: Bad cast in V8.

- [572871] High CVE-2016-1613: Use-after-free in PDFium.

- [544691] Medium CVE-2016-1614: Information leak in Blink.

- [468179] Medium CVE-2016-1615: Origin confusion in Omnibox.

- [541415] Medium CVE-2016-1616: URL Spoofing.

- [544765] Medium CVE-2016-1617: History sniffing with HSTS and CSP.

- [552749] Medium CVE-2016-1618: Weak random number generator in Blink.

- [557223] Medium CVE-2016-1619: Out-of-bounds read in PDFium.

- [579625] CVE-2016-1620: Various fixes from internal audits, fuzzing and other initiatives.

- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch.

ID	Name	Product	Family	Severity
89902	GLSA-201603-09 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
88539	openSUSE Security Update : Chromium (openSUSE-2016-109)	Nessus	SuSE Local Security Checks	high
9062	Google Chrome < 48.0.2564.82 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
88455	Ubuntu 14.04 LTS / 15.04 / 15.10 : oxide-qt vulnerabilities (USN-2877-1)	Nessus	Ubuntu Local Security Checks	high
88447	RHEL 6 : chromium-browser (RHSA-2016:0072)	Nessus	Red Hat Local Security Checks	high
88425	Debian DSA-3456-1 : chromium-browser - security update	Nessus	Debian Local Security Checks	critical
88402	openSUSE Security Update : Chromium (openSUSE-2016-99)	Nessus	SuSE Local Security Checks	high
88089	Google Chrome < 48.0.2564.82 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
88088	Google Chrome < 48.0.2564.82 Multiple Vulnerabilities	Nessus	Windows	high
88067	FreeBSD : chromium -- multiple vulnerabilities (371bbea9-3836-4832-9e70-e8e928727f8c)	Nessus	FreeBSD Local Security Checks	high

CVE-2016-1614

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins