http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html

openSUSE-SU-2016:0491

openSUSE-SU-2016:0518

RHSA-2016:0241

DSA-3486

83125

1035183

USN-2895-1

https://code.google.com/p/chromium/issues/detail?id=577105

https://codereview.chromium.org/1659013003

GLSA-201603-09

The remote host is affected by the vulnerability described in GLSA-201603-09 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in the Chromium web       browser. Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, or bypass security restrictions.
  Workaround :

    There is no known workaround at this time.

This update to Chromium 48.0.2564.109 fixes the following issues :

Security fixes (boo#965999) :

  - CVE-2016-1622: Same-origin bypass in Extensions

  - CVE-2016-1623: Same-origin bypass in DOM

  - CVE-2016-1624: Buffer overflow in Brotli

  - CVE-2016-1625: Navigation bypass in Chrome Instant

  - CVE-2016-1626: Out-of-bounds read in PDFium

  - CVE-2016-1627: Various fixes from internal audits,     fuzzing and other initiatives

Non-security bug fixes :

  - boo#965738: resolve issues with specific banking     websites when built against system libraries

  - boo#966082: chromium: sandbox related stacktrace printed

  - boo#965566: Drop libva support

  - Prevent graphical issues related to libjpeg

  - On KDE 5 kwallet5 is the default password store now

Several vulnerabilities have been discovered in the chromium web browser.

  - CVE-2016-1622     It was discovered that a maliciously crafted extension     could bypass the Same Origin Policy.

  - CVE-2016-1623     Mariusz Mlynski discovered a way to bypass the Same     Origin Policy.

  - CVE-2016-1624     lukezli discovered a buffer overflow issue in the Brotli     library.

  - CVE-2016-1625     Jann Horn discovered a way to cause the Chrome Instant     feature to navigate to unintended destinations.

  - CVE-2016-1626     An out-of-bounds read issue was discovered in the     openjpeg library.

  - CVE-2016-1627     It was discovered that the Developer Tools did not     validate URLs.

  - CVE-2016-1628     An out-of-bounds read issue was discovered in the pdfium     library.

  - CVE-2016-1629     A way to bypass the Same Origin Policy was discovered in     Blink/WebKit, along with a way to escape the chromium     sandbox.

The version of Google Chrome on the remote host is prior to 48.0.2564.109 and is affected by the following vulnerabilities :

  - An unspecified flaw exists in the extensions component which may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1622)
  - A flaw exists in 'loader/FrameLoader.cpp' that is triggered when handling attachment of child frames during frame detach. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1623)
  - A flaw exists in a pointer underflow condition in the 'ProcessCommandsInternal()' function in 'dec/decode.c' that is triggered when decoding literals. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code. (CVE-2016-1624)
  - A flaw exists in the 'SearchTabHelper::NavigateToURL()' function in 'ui/search/search_tab_helper.cc'. The issue is triggered as navigation is permitted to privileged URLs that should not be considered valid navigation targets. This may allow a context-dependent attacker to bypass intended navigation restrictions. (CVE-2016-1625)
  - An out-of-bounds read flaw exists in the 'opj_pi_update_decode_poc()' function in 'lib/openjp2/pi.c'. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-1626)
  - An unspecified flaw exists that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2016-1627)

The DOM implementation in Chromium did not properly restrict frame-attach operations from occurring during or after frame-detach operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-1623)

An integer underflow was discovered in Brotli. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1624).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1622, CVE-2016-1623, CVE-2016-1624, CVE-2016-1625, CVE-2016-1626, CVE-2016-1627)

All Chromium users should upgrade to these updated packages, which contain Chromium version 48.0.2564.109, which corrects these issues.
After installing the update, Chromium must be restarted for the changes to take effect.

The version of Google Chrome installed on the remote Mac OS X host is prior to 48.0.2564.109. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists in the Extensions component     that allows an attacker to bypass the same-origin     policy. No other details are available from the vendor.
    (CVE-2016-1622)

  - An unspecified flaw exists in the DOM component that     allows an attacker to bypass the same-origin policy. No     other details are available from the vendor.
    (CVE-2016-1623)

  - An overflow condition condition exists in the Brotli     component due to improper validation of user-supplied     input. An attacker can exploit this to execute arbitrary     code. (CVE-2016-1624)

  - An unspecified flaw exists in the Chrome Instant     component that allows an attacker to bypass navigation.
    No other details are available from the vendor.
    (CVE-2016-1625)

  - An out-of-bounds read error exists in Google PDFium that     allows an attacker to crash a process linked against the     library or to disclose memory contents. (CVE-2016-1626)

  - Multiple flaws exist that allow an attacker to have an     unspecified impact. No other details are available from     the vendor. (CVE-2016-1627)

The version of Google Chrome installed on the remote Windows host is prior to 48.0.2564.109. It is, therefore, affected by multiple vulnerabilities :

  - An unspecified flaw exists in the Extensions component     that allows an attacker to bypass the same-origin     policy. No other details are available from the vendor.
    (CVE-2016-1622)

  - An unspecified flaw exists in the DOM component that     allows an attacker to bypass the same-origin policy. No     other details are available from the vendor.
    (CVE-2016-1623)

  - An overflow condition condition exists in the Brotli     component due to improper validation of user-supplied     input. An attacker can exploit this to execute arbitrary     code. (CVE-2016-1624)

  - An unspecified flaw exists in the Chrome Instant     component that allows an attacker to bypass navigation.
    No other details are available from the vendor.
    (CVE-2016-1625)

  - An out-of-bounds read error exists in Google PDFium that     allows an attacker to crash a process linked against the     library or to disclose memory contents. (CVE-2016-1626)

  - Multiple flaws exist that allow an attacker to have an     unspecified impact. No other details are available from     the vendor. (CVE-2016-1627)

Google Chrome Releases reports :

6 security fixes in this release, including :

- [546677] High CVE-2016-1622: Same-origin bypass in Extensions.
Credit to anonymous.

- [577105] High CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski.

- [509313] Medium CVE-2016-1625: Navigation bypass in Chrome Instant.
Credit to Jann Horn.

- [571480] Medium CVE-2016-1626: Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.

- [585517] CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives.

ID	Name	Product	Family	Severity
89902	GLSA-201603-09 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
88879	openSUSE Security Update : Chromium (openSUSE-2016-238)	Nessus	SuSE Local Security Checks	high
88869	Debian DSA-3486-1 : chromium-browser - security update	Nessus	Debian Local Security Checks	critical
9083	Google Chrome < 48.0.2564.109 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
88861	Ubuntu 14.04 LTS / 15.10 : oxide-qt vulnerabilities (USN-2895-1)	Nessus	Ubuntu Local Security Checks	high
88826	openSUSE Security Update : Chromium (openSUSE-2016-221)	Nessus	SuSE Local Security Checks	high
88794	RHEL 6 : chromium-browser (RHSA-2016:0241)	Nessus	Red Hat Local Security Checks	high
88682	Google Chrome < 48.0.2564.109 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
88681	Google Chrome < 48.0.2564.109 Multiple Vulnerabilities	Nessus	Windows	high
88667	FreeBSD : chromium -- multiple vulnerabilities (36034227-cf81-11e5-9c2b-00262d5ed8ee)	Nessus	FreeBSD Local Security Checks	high

CVE-2016-1623

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

critical

high

critical

high

high

high

high

high

high

high