101482

RHSA-2017:2997

https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html

https://crbug.com/745580

GLSA-201710-24

DSA-4020

Security fix for CVE-2017-15398, CVE-2017-15399

----

Security fix for CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127.

Build switched to use gtk3.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of QtWebEngine to the security and bugfix release 5.9.3, including :

  - Security fixes from Chromium up to version 62.0.3202.89.
    Including: CVE-2017-5124, CVE-2017-5126, CVE-2017-5127,     CVE-2017-5128, CVE-2017-5129, CVE-2017-5132,     CVE-2017-5133, CVE-2017-15386, CVE-2017-15387,     CVE-2017-15388, CVE-2017-15390, CVE-2017-15392,     CVE-2017-15394, CVE-2017-15396, CVE-2017-15398.

  - QtWebEngineCore: [QTBUG-64032] Fix crash after resizing     view to be empty.

  - QtWebEngine[QML]: Fix loading some favicons including     qt.io's

  - QtWebEngineWidgets: [QTBUG-62147] Fix crash on shutdown     if a QWebEngineProfile was child of QApplication.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security fix for CVE-2017-15412 CVE-2017-15422 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 CVE-2017-15429

----

Security fix for CVE-2017-15398, CVE-2017-15399

----

Security fix for CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127.

Build switched to use gtk3.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in the chromium web browser.

In addition, this message serves as an annoucment that security support for chromium in the oldstable release (jessie), Debian 8, is now discontinued.

Debian 8 chromium users that desire continued security updates are strongly encouraged to upgrade now to the current stable release (stretch), Debian 9.

An alternative is to switch to the firefox browser, which will continue to receive security updates in jessie for some time.

  - CVE-2017-5124     A cross-site scripting issue was discovered in MHTML.

  - CVE-2017-5125     A heap overflow issue was discovered in the skia     library.

  - CVE-2017-5126     Luat Nguyen discovered a use-after-free issue in the     pdfium library.

  - CVE-2017-5127     Luat Nguyen discovered another use-after-free issue in     the pdfium library.

  - CVE-2017-5128     Omair discovered a heap overflow issue in the WebGL     implementation.

  - CVE-2017-5129     Omair discovered a use-after-free issue in the WebAudio     implementation.

  - CVE-2017-5131     An out-of-bounds write issue was discovered in the skia     library.

  - CVE-2017-5132     Guarav Dewan discovered an error in the WebAssembly     implementation.

  - CVE-2017-5133     Aleksandar Nikolic discovered an out-of-bounds write     issue in the skia library.

  - CVE-2017-15386     WenXu Wu discovered a user interface spoofing issue.

  - CVE-2017-15387     Jun Kokatsu discovered a way to bypass the content     security policy.

  - CVE-2017-15388     Kushal Arvind Shah discovered an out-of-bounds read     issue in the skia library.

  - CVE-2017-15389     xisigr discovered a URL spoofing issue.

  - CVE-2017-15390     Haosheng Wang discovered a URL spoofing issue.

  - CVE-2017-15391     Joao Lucas Melo Brasio discovered a way for an extension     to bypass its limitations.

  - CVE-2017-15392     Xiaoyin Liu discovered an error the implementation of     registry keys.

  - CVE-2017-15393     Svyat Mitin discovered an issue in the devtools.

  - CVE-2017-15394     Sam discovered a URL spoofing issue.

  - CVE-2017-15395     Johannes Bergman discovered a NULL pointer dereference     issue.

  - CVE-2017-15396     Yuan Deng discovered a stack overflow issue in the v8     JavaScript library.

This update to Chromium 62.0.3202.75 fixes the following security issues :

  - CVE-2017-5124: UXSS with MHTML

  - CVE-2017-5125: Heap overflow in Skia

  - CVE-2017-5126: Use after free in PDFium 

  - CVE-2017-5127: Use after free in PDFium

  - CVE-2017-5128: Heap overflow in WebGL

  - CVE-2017-5129: Use after free in WebAudio 

  - CVE-2017-5132: Incorrect stack manipulation in     WebAssembly.

  - CVE-2017-5130: Heap overflow in libxml2

  - CVE-2017-5131: Out of bounds write in Skia 

  - CVE-2017-5133: Out of bounds write in Skia 

  - CVE-2017-15386: UI spoofing in Blink

  - CVE-2017-15387: Content security bypass

  - CVE-2017-15388: Out of bounds read in Skia

  - CVE-2017-15389: URL spoofing in OmniBox

  - CVE-2017-15390: URL spoofing in OmniBox 

  - CVE-2017-15391: Extension limitation bypass in     Extensions.

  - CVE-2017-15392: Incorrect registry key handling in     PlatformIntegration

  - CVE-2017-15393: Referrer leak in Devtools

  - CVE-2017-15394: URL spoofing in extensions UI

  - CVE-2017-15395: NULL pointer dereference in ImageCapture

  - CVE-2017-15396: Stack overflow in V8

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 62.0.3202.62.

Security Fix(es) :

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5130, CVE-2017-5132, CVE-2017-5131, CVE-2017-5133, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395)

The remote host is affected by the vulnerability described in GLSA-201710-24 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the referenced CVE identifiers and Google Chrome       Releases for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, bypass       content security controls, or conduct URL spoofing.
  Workaround :

    There is no known workaround at this time.

Google Chrome Releases reports :

35 security fixes in this release, including :

- [762930] High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07

- [749147] High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26

- [760455] High CVE-2017-5126: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-08-30

- [765384] High CVE-2017-5127: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-09-14

- [765469] High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14

- [765495] High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15

- [718858] High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan of Adobe Systems India Pvt. Ltd.
on 2017-05-05

- [722079] High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde on 2017-05-14

- [744109] Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16

- [762106] Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05

- [752003] Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03

- [756040] Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu on 2017-08-16

- [756563] Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17

- [739621] Medium CVE-2017-15389: URL spoofing in Omnibox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06

- [750239] Medium CVE-2017-15390: URL spoofing in Omnibox. Reported by Haosheng Wang on 2017-07-28

- [598265] Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by Joao Lucas Melo Brasio on 2016-03-28

- [714401] Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu on 2017-04-22

- [732751] Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13

- [745580] Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam on 2017-07-18

- [759457] Low CVE-2017-15395: NULL pointer dereference in ImageCapture. Reported by Johannes Bergman on 2017-08-28

- [775550] Various fixes from internal audits, fuzzing and other initiatives

The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 62.0.32. It is, therefore, affected by multiple vulnerabilities as noted in Chrome stable channel update release notes for October 17th 2017. Please refer to the release notes for additional information.

The version of Google Chrome installed on the remote Windows host is prior to 62.0.3202.62. It is, therefore, affected by multiple vulnerabilities as noted in Chrome stable channel update release notes.
Please refer to the release notes for additional information.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
106002	Fedora 27 : chromium (2017-f2f3fa09e3)	Nessus	Fedora Local Security Checks	high
105822	Fedora 27 : qt5-qtwebengine (2017-15b815b9b7)	Nessus	Fedora Local Security Checks	high
105501	Fedora 26 : chromium (2017-ea44f172e3)	Nessus	Fedora Local Security Checks	high
105012	Fedora 25 : qt5-qtwebengine (2017-9015553e3d)	Nessus	Fedora Local Security Checks	high
105010	Fedora 26 : qt5-qtwebengine (2017-4d90e9fc97)	Nessus	Fedora Local Security Checks	high
104414	Debian DSA-4020-1 : chromium-browser - security update	Nessus	Debian Local Security Checks	medium
104244	openSUSE Security Update : chromium (openSUSE-2017-1221)	Nessus	SuSE Local Security Checks	medium
104091	RHEL 6 : chromium-browser (RHSA-2017:2997)	Nessus	Red Hat Local Security Checks	medium
104067	GLSA-201710-24 : Chromium, Google Chrome: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
104063	FreeBSD : chromium -- multiple vulnerabilities (a692bffe-b6ad-11e7-a1c2-e8e0b747a45a)	Nessus	FreeBSD Local Security Checks	medium
103934	Google Chrome < 62.0.3202.62 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	medium
103933	Google Chrome < 62.0.3202.62 Multiple Vulnerabilities	Nessus	Windows	medium

CVE-2017-15394

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins