DSA-3926

99950

RHSA-2017:1833

https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html

https://crbug.com/732661

GLSA-201709-15

An update of QtWebEngine to the security and bugfix release 5.9.2, including :

Chromium Snapshot :

  - Security fixes from Chromium up to version 61.0.3163.79     Including: CVE-2017-5092, CVE-2017-5093, CVE-2017-5095,     CVE-2017-5097, CVE-2017-5099, CVE-2017-5102,     CVE-2017-5103, CVE-2017-5107, CVE-2017-5112,     CVE-2017-5114, CVE-2017-5117 and CVE-2017-5118

  - Fixed Skia to to render text correctly with FreeType     2.8.1

  - [QTBUG-50389] Fixed assert on some flash content

QtWebEngine :

  - [QTBUG-57505] Handle --force-webrtc-ip-handling-policy     on command-line

  - [QTBUG-58306] Fixed handling of menu key

  - [QTBUG-60790] Fixed dragging images to desktop

  - [QTBUG-61354] Set referrer on download requests

  - [QTBUG-61429] Fixed cancelling IME composition

  - [QTBUG-61506] Stop searching when navigating away

  - [QTBUG-61910] Fixed an issue where system proxy settings     were not picked up correctly

  - [QTBUG-62112] Fixed upside-down rendering in software     rendering mode

  - [QTBUG-62112] Fixed rendering of content with     preserve-3d in CSS

  - [QTBUG-62311] Fixed hang when exiting with open combobox

  - [QTBUG-62808] Handle --explicitly-allowed-ports on     command-line

  - [QTBUG-62898] Fixed accessing webchannels from     document-creation user-scripts after navigation.

  - [QTBUG-62942] Fixed committing IME composition on touch     events

QWebEngineView :

  - [QTBUG-61621] Fixed propagation of unhandled key press     events

WebEngineView :

  - The callback version of printToPdf is now called with a     proper bytearray result instead of a PDF data in a     JavaScript string.

Platform Specific Changes :

  - [QTBUG-61528, QTBUG-62673] Fixed various multilib build     configurations

  - [QTBUG-61846] Fixed host builds on Arm and MIPS

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201709-15 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium. Please review       the referenced CVE identifiers for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, bypass security restrictions, or spoof content.
  Workaround :

    There is no known workaround at this time.

Update to 60.0.3112.113. Added support for aarch64 (except on EPEL7).

----

Update to 60.0.3112.101. Apply upstream fix for cameras reporting 0x0 resolution formats.

----

Chromium 60. Security fix for CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-7000, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110.

New subpackage -headless.

----

Update to 59.0.3071.115

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Chromium 60. Security fix for CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-7000, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110.

New subpackage -headless.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in the chromium web browser.

  - CVE-2017-5087     Ned Williamson discovered a way to escape the sandbox.

  - CVE-2017-5088     Xiling Gong discovered an out-of-bounds read issue in     the v8 JavaScript library.

  - CVE-2017-5089     Michal Bentkowski discovered a spoofing issue.

  - CVE-2017-5091     Ned Williamson discovered a use-after-free issue in     IndexedDB.

  - CVE-2017-5092     Yu Zhou discovered a use-after-free issue in PPAPI.

  - CVE-2017-5093     Luan Herrera discovered a user interface spoofing issue.

  - CVE-2017-5094     A type confusion issue was discovered in extensions.

  - CVE-2017-5095     An out-of-bounds write issue was discovered in the     pdfium library.

  - CVE-2017-5097     An out-of-bounds read issue was discovered in the skia     library.

  - CVE-2017-5098     Jihoon Kim discovered a use-after-free issue in the v8     JavaScript library.

  - CVE-2017-5099     Yuan Deng discovered an out-of-bounds write issue in     PPAPI.

  - CVE-2017-5100     A use-after-free issue was discovered in Chrome Apps.

  - CVE-2017-5101     Luan Herrera discovered a URL spoofing issue.

  - CVE-2017-5102     An uninitialized variable was discovered in the skia     library.

  - CVE-2017-5103     Another uninitialized variable was discovered in the     skia library.

  - CVE-2017-5104     Khalil Zhani discovered a user interface spoofing issue.

  - CVE-2017-5105     Rayyan Bijoora discovered a URL spoofing issue.

  - CVE-2017-5106     Jack Zac discovered a URL spoofing issue.

  - CVE-2017-5107     David Kohlbrenner discovered an information leak in SVG     file handling.

  - CVE-2017-5108     Guang Gong discovered a type confusion issue in the     pdfium library.

  - CVE-2017-5109     Jose Maria Acuna Morgado discovered a user interface     spoofing issue.

  - CVE-2017-5110     xisigr discovered a way to spoof the payments dialog.

  - CVE-2017-7000     Chaitin Security Research Lab discovered an information     disclosure issue in the sqlite library.

Google Chrome releases reports :

40 security fixes in this release

Please reference CVE/URL list for details

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 60.0.3112.78.

Security Fix(es) :

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5106, CVE-2017-7000, CVE-2017-5105, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110)

This update Chromium to version 60.0.3112.78 fixes security issue and bugs.

The following security issues were fixed :

  - CVE-2017-5091: Use after free in IndexedDB

  - CVE-2017-5092: Use after free in PPAPI

  - CVE-2017-5093: UI spoofing in Blink

  - CVE-2017-5094: Type confusion in extensions

  - CVE-2017-5095: Out-of-bounds write in PDFium

  - CVE-2017-5096: User information leak via Android intents

  - CVE-2017-5097: Out-of-bounds read in Skia

  - CVE-2017-5098: Use after free in V8

  - CVE-2017-5099: Out-of-bounds write in PPAPI

  - CVE-2017-5100: Use after free in Chrome Apps

  - CVE-2017-5101: URL spoofing in OmniBox

  - CVE-2017-5102: Uninitialized use in Skia

  - CVE-2017-5103: Uninitialized use in Skia

  - CVE-2017-5104: UI spoofing in browser

  - CVE-2017-7000: Pointer disclosure in SQLite

  - CVE-2017-5105: URL spoofing in OmniBox

  - CVE-2017-5106: URL spoofing in OmniBox

  - CVE-2017-5107: User information leak via SVG

  - CVE-2017-5108: Type confusion in PDFium

  - CVE-2017-5109: UI spoofing in browser

  - CVE-2017-5110: UI spoofing in payments dialog

  - Various fixes from internal audits, fuzzing and other     initiatives

A number of upstream bugfixes are also included in this release.

The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 60.0.3112.78. It is, therefore, affected by the following vulnerabilities :

  - A use-after-free error exists in IndexedDB due to     improper handling of cursors during transactions. An     unauthenticated, remote attacker can exploit this to     execute arbitrary code. (CVE-2017-5091)

  - A use-after-free error exists in the PPAPI component     that allows unauthenticated, remote attacker to execute     arbitrary code. (CVE-2017-5092)

  - An unspecified flaw exists in Blink that is triggered     when displaying JavaScript alerts in fullscreen mode. An     unauthenticated, remote attacker can exploit this to     spoof components in the user interface. (CVE-2017-5093)

  - A type confusion error exists in the 'Extensions     Bindings' component that is triggered when passing event     filters. An unauthenticated, remote attacker can exploit     this to execute arbitrary code. (CVE-2017-5094)

  - An overflow condition exists in PDFium due to improper     validation of user-supplied input. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5095)

  - An unspecified flaw exists related to 'Android intents'     that allows an unauthenticated, remote attacker to     disclose sensitive user information. (CVE-2017-5096)

  - An out-of-bounds read error exists in Skia due to     improper handling of verb arrays. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5097)

  - A use-after-free error exists in Google V8 that allows     an unauthenticated, remote attacker to execute arbitrary     code. (CVE-2017-5098)

  - An out-of-bounds write error exists in the PPAPI     component that allows an unauthenticated, remote     attacker to execute arbitrary code. (CVE-2017-5099)

  - A use-after-free error exists in the 'Chrome Apps'     component that allows an unauthenticated, remote     attacker to have an unspecified impact. (CVE-2017-5100)

  - Multiple unspecified flaws exist in the OmniBox     component that allow an unauthenticated, remote attacker     to spoof URLs in the address bar. (CVE-2017-5101,     CVE-2017-5105)

  - Multiple uninitialized memory use flaws exist in Skia     that allow an unauthenticated, remote attacker to have     an unspecified impact. (CVE-2017-5102, CVE-2017-5103)

  - Multiple unspecified flaws exist that allow an     unauthenticated, remote attacker to spoof components in     the user interface. (CVE-2017-5104, CVE-2017-5109)

  - A flaw exists in OmniBox that is triggered as domain     names containing arbitrary Cyrillic letters are rendered     in the address bar. An unauthenticated, remote attacker     can exploit this, via a specially crafted domain name,     to spoof the URL in the address bar. (CVE-2017-5106)

  - A flaw exists in the SVG filters component due to     improper handling of floating point multiplication. An     unauthenticated, remote attacker can exploit this, via a     timing attack, to extract sensitive user information.
    (CVE-2017-5107)

  - A type confusion error exists in Google V8 that allows     an unauthenticated, remote attacker to have an     unspecified impact. (CVE-2017-5108)

  - An unspecified flaw exists in the Payments dialog that     allows an unauthenticated, remote attacker to spoof     components in the user interface. (CVE-2017-5110)

  - A type confusion error exists in SQLite due to improper     validation of user-supplied input. An unauthenticated,     remote attacker can exploit this to execute arbitrary     code. (CVE-2017-7000)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 60.0.3112.78. It is, therefore, affected by the following vulnerabilities :

  - A use-after-free error exists in IndexedDB due to     improper handling of cursors during transactions. An     unauthenticated, remote attacker can exploit this to     execute arbitrary code. (CVE-2017-5091)

  - A use-after-free error exists in the PPAPI component     that allows unauthenticated, remote attacker to execute     arbitrary code. (CVE-2017-5092)

  - An unspecified flaw exists in Blink that is triggered     when displaying JavaScript alerts in fullscreen mode. An     unauthenticated, remote attacker can exploit this to     spoof components in the user interface. (CVE-2017-5093)

  - A type confusion error exists in the 'Extensions     Bindings' component that is triggered when passing event     filters. An unauthenticated, remote attacker can exploit     this to execute arbitrary code. (CVE-2017-5094)

  - An overflow condition exists in PDFium due to improper     validation of user-supplied input. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5095)

  - An unspecified flaw exists related to 'Android intents'     that allows an unauthenticated, remote attacker to     disclose sensitive user information. (CVE-2017-5096)

  - An out-of-bounds read error exists in Skia due to     improper handling of verb arrays. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5097)

  - A use-after-free error exists in Google V8 that allows     an unauthenticated, remote attacker to execute arbitrary     code. (CVE-2017-5098)

  - An out-of-bounds write error exists in the PPAPI     component that allows an unauthenticated, remote     attacker to execute arbitrary code. (CVE-2017-5099)

  - A use-after-free error exists in the 'Chrome Apps'     component that allows an unauthenticated, remote     attacker to have an unspecified impact. (CVE-2017-5100)

  - Multiple unspecified flaws exist in the OmniBox     component that allow an unauthenticated, remote attacker     to spoof URLs in the address bar. (CVE-2017-5101,     CVE-2017-5105)

  - Multiple uninitialized memory use flaws exist in Skia     that allow an unauthenticated, remote attacker to have     an unspecified impact. (CVE-2017-5102, CVE-2017-5103)

  - Multiple unspecified flaws exist that allow an     unauthenticated, remote attacker to spoof components in     the user interface. (CVE-2017-5104, CVE-2017-5109)

  - A flaw exists in OmniBox that is triggered as domain     names containing arbitrary Cyrillic letters are rendered     in the address bar. An unauthenticated, remote attacker     can exploit this, via a specially crafted domain name,     to spoof the URL in the address bar. (CVE-2017-5106)

  - A flaw exists in the SVG filters component due to     improper handling of floating point multiplication. An     unauthenticated, remote attacker can exploit this, via a     timing attack, to extract sensitive user information.
    (CVE-2017-5107)

  - A type confusion error exists in Google V8 that allows     an unauthenticated, remote attacker to have an     unspecified impact. (CVE-2017-5108)

  - An unspecified flaw exists in the Payments dialog that     allows an unauthenticated, remote attacker to spoof     components in the user interface. (CVE-2017-5110)

  - A type confusion error exists in SQLite due to improper     validation of user-supplied input. An unauthenticated,     remote attacker can exploit this to execute arbitrary     code. (CVE-2017-7000)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
105875	Fedora 27 : qt5-qtwebengine (2017-4f9bb0861b)	Nessus	Fedora Local Security Checks	medium
104757	Fedora 25 : qt5-qtwebengine (2017-580f91f6b0)	Nessus	Fedora Local Security Checks	medium
104691	Fedora 26 : qt5-qtwebengine (2017-9a7e562fca)	Nessus	Fedora Local Security Checks	medium
103443	GLSA-201709-15 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
103104	Fedora 25 : chromium (2017-c708c044e3)	Nessus	Fedora Local Security Checks	medium
102612	Fedora 26 : chromium (2017-f79ae2b96f)	Nessus	Fedora Local Security Checks	medium
102210	Debian DSA-3926-1 : chromium-browser - security update	Nessus	Debian Local Security Checks	medium
102101	FreeBSD : chromium -- multiple vulnerabilities (7d138476-7710-11e7-88a1-e8e0b747a45a)	Nessus	FreeBSD Local Security Checks	medium
102090	RHEL 6 : chromium-browser (RHSA-2017:1833)	Nessus	Red Hat Local Security Checks	medium
102054	openSUSE Security Update : chromium (openSUSE-2017-854)	Nessus	SuSE Local Security Checks	medium
101981	Google Chrome < 60.0.3112.78 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	medium
101980	Google Chrome < 60.0.3112.78 Multiple Vulnerabilities	Nessus	Windows	medium

CVE-2017-5095

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins