Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.

This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update.

The update fixes the following security issues in QtWebEngine 5.8.0:
CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and CVE-2017-5069.

Other important changes include :

  - Based on Chromium 56.0.2924.122 with security fixes from     Chromium up to version 58.0.3029.96. (5.8.0 was based on     Chromium 53.0.2785.148 with security fixes from Chromium     up to version 55.0.2883.75.)

  - [QTBUG-54650, QTBUG-59922] Accessibility is now disabled     by default on Linux, like it is in Chrome, due to poor     options for enabling it conditionally and its heavy     performance impact. Set the environment variable     `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it     again.

  - [QTBUG-56531] Enabled `filesystem:` protocol handler.

  - [QTBUG-57720] Optimized incremental scene-graph     rendering in particular for software rendering.

  - [QTBUG-60049] Enabled brotli support.

  - Many bug fixes, see     https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha     nges-5.9.0?h=5.9 for details.

In addition, this build includes a fix for https://bugreports.qt.io/browse/QTBUG-61521 , a binary incompatibility in QtWebEngine 5.9.0 compared to 5.8.0.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201706-20 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in the Chromium web       browser. Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, bypass security restrictions or spoof content.
  Workaround :

    There is no known workaround at this time.

Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069

----

Security fix for CVE-2017-5055, CVE-2017-5054, CVE-2017-5052, CVE-2017-5056, CVE-2017-5053

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Google Chrome installed on the remote host is prior to 58.0.3029.96, and is affected by an unspecified race condition in 'modules/video_coding/frame_buffer2.cc' that is triggered during the handling of frame orders. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 58.0.3029.96.

Security Fix(es) :

* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5068)

This update to Chromium 58.0.3029.96 fixes one security issue :

  - CVE-2017-5068: race condition in WebRTC (bsc#1037594)

The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 58.0.3029.96. It is, therefore, affected by an unspecified race condition in the WebRTC component in frame_buffer2.cc that is triggered during the handling of frame orders. An unauthenticated, remote attacker can exploit this to have an unspecified impact.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 58.0.3029.96. It is, therefore, affected by an unspecified race condition in the WebRTC component in frame_buffer2.cc that is triggered during the handling of frame orders. An unauthenticated, remote attacker can exploit this to have an unspecified impact.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Google Chrome Releases reports :

1 security fix in this release :

- [679306] High CVE-2017-5068: Race condition in WebRTC. Credit to Philipp Hancke

ID	Name	Product	Family	Severity
101740	Fedora 26 : qt5-qtwebengine (2017-e83c26a8c9)	Nessus	Fedora Local Security Checks	critical
101668	Fedora 26 : 1:chromium-native_client / chromium (2017-811133dc2c)	Nessus	Fedora Local Security Checks	high
101504	Fedora 25 : qt5-qtwebengine (2017-58cde32413)	Nessus	Fedora Local Security Checks	critical
100946	GLSA-201706-20 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
100606	Fedora 24 : 1:chromium-native_client / chromium (2017-7d698eba8b)	Nessus	Fedora Local Security Checks	critical
100336	Fedora 25 : 1:chromium-native_client / chromium (2017-dc7ce3b314)	Nessus	Fedora Local Security Checks	high
700098	Google Chrome < 58.0.3029.96 Unspecified Vunlerability	Nessus Network Monitor	Web Clients	medium
100144	RHEL 6 : chromium-browser (RHSA-2017:1228)	Nessus	Red Hat Local Security Checks	high
100019	openSUSE Security Update : Chromium (openSUSE-2017-541)	Nessus	SuSE Local Security Checks	high
99996	Google Chrome < 58.0.3029.96 WebRTC Frame Order Handling Race Condition (macOS)	Nessus	MacOS X Local Security Checks	high
99995	Google Chrome < 58.0.3029.96 WebRTC Frame Order Handling Race Condition	Nessus	Windows	high
99974	FreeBSD : chromium -- race condition vulnerability (92e345d0-304d-11e7-8359-e8e0b747a45a)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2017-5068

high

Tenable Plugins

critical

high

critical

high

critical

high

medium

high

high

high

high

high