pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.

Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed.

The remote host is affected by the vulnerability described in GLSA-201710-26 (OpenJPEG: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenJPEG. Please review       the references below for details.
  Impact :

    A remote attacker, via a crafted BMP, PDF, or j2k document, could       execute arbitrary code, cause a Denial of Service condition, or have       other unspecified impacts.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-201603-09 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in the Chromium web       browser. Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, or bypass security restrictions.
  Workaround :

    There is no known workaround at this time.

Several vulnerabilities have been discovered in the chromium web browser.

  - CVE-2016-1622     It was discovered that a maliciously crafted extension     could bypass the Same Origin Policy.

  - CVE-2016-1623     Mariusz Mlynski discovered a way to bypass the Same     Origin Policy.

  - CVE-2016-1624     lukezli discovered a buffer overflow issue in the Brotli     library.

  - CVE-2016-1625     Jann Horn discovered a way to cause the Chrome Instant     feature to navigate to unintended destinations.

  - CVE-2016-1626     An out-of-bounds read issue was discovered in the     openjpeg library.

  - CVE-2016-1627     It was discovered that the Developer Tools did not     validate URLs.

  - CVE-2016-1628     An out-of-bounds read issue was discovered in the pdfium     library.

  - CVE-2016-1629     A way to bypass the Same Origin Policy was discovered in     Blink/WebKit, along with a way to escape the chromium     sandbox.

Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1622, CVE-2016-1623, CVE-2016-1624, CVE-2016-1625, CVE-2016-1626, CVE-2016-1627)

All Chromium users should upgrade to these updated packages, which contain Chromium version 48.0.2564.109, which corrects these issues.
After installing the update, Chromium must be restarted for the changes to take effect.

The version of Google Chrome installed on the remote macOS host is prior to 48.0.2564.109. It is, therefore, affected by multiple vulnerabilities as referenced in the 2016_02_stable-channel-update_9 advisory.

  - The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL     schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com     URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to     browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js. (CVE-2016-1627)

  - pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain     precision value, which allows remote attackers to execute arbitrary code or cause a denial of service     (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl,     opj_pi_next_pcrl, and opj_pi_next_cprl functions. (CVE-2016-1628)

  - The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the     Object.defineProperty method to override intended extension behavior, which allows remote attackers to     bypass the Same Origin Policy via crafted JavaScript code. (CVE-2016-1622)

  - The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach     operations from occurring during or after frame-detach operations, which allows remote attackers to bypass     the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h,     LocalFrame.cpp, and WebLocalFrameImpl.cpp. (CVE-2016-1623)

  - Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google     Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or     possibly have unspecified other impact via crafted data with brotli compression. (CVE-2016-1624)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 48.0.2564.109. It is, therefore, affected by multiple vulnerabilities as referenced in the 2016_02_stable-channel-update_9 advisory.

  - The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL     schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com     URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to     browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js. (CVE-2016-1627)

  - pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain     precision value, which allows remote attackers to execute arbitrary code or cause a denial of service     (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl,     opj_pi_next_pcrl, and opj_pi_next_cprl functions. (CVE-2016-1628)

  - The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the     Object.defineProperty method to override intended extension behavior, which allows remote attackers to     bypass the Same Origin Policy via crafted JavaScript code. (CVE-2016-1622)

  - The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach     operations from occurring during or after frame-detach operations, which allows remote attackers to bypass     the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h,     LocalFrame.cpp, and WebLocalFrameImpl.cpp. (CVE-2016-1623)

  - Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google     Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or     possibly have unspecified other impact via crafted data with brotli compression. (CVE-2016-1624)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
104339	Debian DSA-4013-1 : openjpeg2 - security update	Nessus	Debian Local Security Checks	high
104069	GLSA-201710-26 : OpenJPEG: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
89902	GLSA-201603-09 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
88869	Debian DSA-3486-1 : chromium-browser - security update	Nessus	Debian Local Security Checks	critical
88794	RHEL 6 : chromium-browser (RHSA-2016:0241)	Nessus	Red Hat Local Security Checks	high
88682	Google Chrome < 48.0.2564.109 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
88681	Google Chrome < 48.0.2564.109 Multiple Vulnerabilities	Nessus	Windows	high

Detections

Analytics

CVE-2016-1628

medium

Tenable Plugins

high

high

critical

critical

high

high

high