DSA-3985

100610

1039291

RHSA-2017:2676

https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html

https://crbug.com/747847

GLSA-201709-15

An update of QtWebEngine to the security and bugfix release 5.9.2, including :

Chromium Snapshot :

  - Security fixes from Chromium up to version 61.0.3163.79     Including: CVE-2017-5092, CVE-2017-5093, CVE-2017-5095,     CVE-2017-5097, CVE-2017-5099, CVE-2017-5102,     CVE-2017-5103, CVE-2017-5107, CVE-2017-5112,     CVE-2017-5114, CVE-2017-5117 and CVE-2017-5118

  - Fixed Skia to to render text correctly with FreeType     2.8.1

  - [QTBUG-50389] Fixed assert on some flash content

QtWebEngine :

  - [QTBUG-57505] Handle --force-webrtc-ip-handling-policy     on command-line

  - [QTBUG-58306] Fixed handling of menu key

  - [QTBUG-60790] Fixed dragging images to desktop

  - [QTBUG-61354] Set referrer on download requests

  - [QTBUG-61429] Fixed cancelling IME composition

  - [QTBUG-61506] Stop searching when navigating away

  - [QTBUG-61910] Fixed an issue where system proxy settings     were not picked up correctly

  - [QTBUG-62112] Fixed upside-down rendering in software     rendering mode

  - [QTBUG-62112] Fixed rendering of content with     preserve-3d in CSS

  - [QTBUG-62311] Fixed hang when exiting with open combobox

  - [QTBUG-62808] Handle --explicitly-allowed-ports on     command-line

  - [QTBUG-62898] Fixed accessing webchannels from     document-creation user-scripts after navigation.

  - [QTBUG-62942] Fixed committing IME composition on touch     events

QWebEngineView :

  - [QTBUG-61621] Fixed propagation of unhandled key press     events

WebEngineView :

  - The callback version of printToPdf is now called with a     proper bytearray result instead of a PDF data in a     JavaScript string.

Platform Specific Changes :

  - [QTBUG-61528, QTBUG-62673] Fixed various multilib build     configurations

  - [QTBUG-61846] Fixed host builds on Arm and MIPS

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to 61.0.3163.100. Security fix for CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120, CVE-2017-5121, CVE-2017-5122

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in the chromium web browser.

  - CVE-2017-5111     Luat Nguyen discovered a use-after-free issue in the     pdfium library.

  - CVE-2017-5112     Tobias Klein discovered a buffer overflow issue in the     webgl library.

  - CVE-2017-5113     A buffer overflow issue was discovered in the skia     library.

  - CVE-2017-5114     Ke Liu discovered a memory issue in the pdfium library.

  - CVE-2017-5115     Marco Giovannini discovered a type confusion issue in     the v8 JavaScript library.

  - CVE-2017-5116     Guang Gong discovered a type confusion issue in the v8     JavaScript library.

  - CVE-2017-5117     Tobias Klein discovered an uninitialized value in the     skia library.

  - CVE-2017-5118     WenXu Wu discovered a way to bypass the Content Security     Policy.

  - CVE-2017-5119     Another uninitialized value was discovered in the skia     library.

  - CVE-2017-5120     Xiaoyin Liu discovered a way downgrade HTTPS connections     during redirection.

  - CVE-2017-5121     Jordan Rabet discovered an out-of-bounds memory access     in the v8 JavaScript library.

  - CVE-2017-5122     Choongwoo Han discovered an out-of-bounds memory access     in the v8 JavaScript library.

The remote host is affected by the vulnerability described in GLSA-201709-15 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium. Please review       the referenced CVE identifiers for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, bypass security restrictions, or spoof content.
  Workaround :

    There is no known workaround at this time.

This update for chromium to version 61.0.3163.79 fixes several issues.

These security issues were fixed :

  - CVE-2017-5111: Use after free in PDFium (boo#1057364).

  - CVE-2017-5112: Heap buffer overflow in WebGL     (boo#1057364).

  - CVE-2017-5113: Heap buffer overflow in Skia     (boo#1057364).

  - CVE-2017-5114: Memory lifecycle issue in PDFium     (boo#1057364).

  - CVE-2017-5115: Type confusion in V8 (boo#1057364).

  - CVE-2017-5116: Type confusion in V8 (boo#1057364).

  - CVE-2017-5117: Use of uninitialized value in Skia     (boo#1057364).

  - CVE-2017-5118: Bypass of Content Security Policy in     Blink (boo#1057364).

  - CVE-2017-5119: Use of uninitialized value in Skia     (boo#1057364).

  - CVE-2017-5120: Potential HTTPS downgrade during redirect     navigation (boo#1057364).

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 61.0.3163.79.

Security Fix(es) :

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120)

The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 61.0.3163.79. It is, therefore, affected by the following vulnerabilities :

  - A use-after-free error exists in PDFium. A unauthenticated, remote     attacker can exploit this to execute arbitrary code.
    (CVE-2017-5111)

  - A heap buffer overflow condition exists in WebGL that allows an     unauthenticated, remote attacker to execute arbitrary code.
    (CVE-2017-5112)

  - A heap buffer overflow condition exists in Skia that allows an     unauthenticated, remote attacker to execute arbitrary code.
    (CVE-2017-5113)

  - An unspecified memory lifecycle issue exists in PDFium that allow     an unauthenticated, remote attacker to have an unspecified impact     (CVE-2017-5114)

  - An unspecified type confusion errors exist in V8.
    (CVE-2017-5115, CVE-2017-5116)

  - An unspecified uninitialized value flaws exist in Skia that allows     an unauthenticated, remote attacker to have an unspecified impact.
    (CVE-2017-5117, CVE-2017-5119)

  - An unspecified security bypass vulnerability exists in Blink. An     unauthenticated, remote attacker can exploit this to bypass     content security policy. (CVE-2017-5118)

  - An unspecified flaw allows HTTPS downgrade during redirection.
    (CVE-2017-5120)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 61.0.3163.79. It is, therefore, affected by the following vulnerabilities :

  - A use-after-free error exists in PDFium. A unauthenticated, remote     attacker can exploit this to execute arbitrary code.
    (CVE-2017-5111)

  - A heap buffer overflow condition exists in WebGL that allows an     unauthenticated, remote attacker to execute arbitrary code.
    (CVE-2017-5112)

  - A heap buffer overflow condition exists in Skia that allows an     unauthenticated, remote attacker to execute arbitrary code.
    (CVE-2017-5113)

  - An unspecified memory lifecycle issue exists in PDFium that allow     an unauthenticated, remote attacker to have an unspecified impact     (CVE-2017-5114)

  - An unspecified type confusion errors exist in V8.
    (CVE-2017-5115, CVE-2017-5116)

  - An unspecified uninitialized value flaws exist in Skia that allows     an unauthenticated, remote attacker to have an unspecified impact.
    (CVE-2017-5117, CVE-2017-5119)

  - An unspecified security bypass vulnerability exists in Blink. An     unauthenticated, remote attacker can exploit this to bypass     content security policy. (CVE-2017-5118)

  - An unspecified flaw allows HTTPS downgrade during redirection.
    (CVE-2017-5120)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Google Chrome releases reports :

22 security fixes in this release, including :

- [737023] High CVE-2017-5111: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-06-27

- [740603] High CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein on 2017-07-10

- [747043] High CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous on 2017-07-20

- [752829] High CVE-2017-5114: Memory life cycle issue in PDFium.
Reported by Ke Liu of Tencent's Xuanwu LAB on 2017-08-07

- [744584] High CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini on 2017-07-17

- [759624] High CVE-2017-5116: Type confusion in V8. Reported by Anonymous on 2017-08-28

- [739190] Medium CVE-2017-5117: Use of uninitialized value in Skia.
Reported by Tobias Klein on 2017-07-04

- [747847] Medium CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-07-24

- [725127] Medium CVE-2017-5119: Use of uninitialized value in Skia.
Reported by Anonymous on 2017-05-22

- [718676] Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu on 2017-05-05

- [762099] Various fixes from internal audits, fuzzing and other initiatives

ID	Name	Product	Family	Severity
105875	Fedora 27 : qt5-qtwebengine (2017-4f9bb0861b)	Nessus	Fedora Local Security Checks	medium
105815	Fedora 27 : chromium (2017-109f8db088)	Nessus	Fedora Local Security Checks	medium
104757	Fedora 25 : qt5-qtwebengine (2017-580f91f6b0)	Nessus	Fedora Local Security Checks	medium
104691	Fedora 26 : qt5-qtwebengine (2017-9a7e562fca)	Nessus	Fedora Local Security Checks	medium
103907	Fedora 26 : chromium (2017-efeb59171d)	Nessus	Fedora Local Security Checks	medium
103539	Debian DSA-3985-1 : chromium-browser - security update	Nessus	Debian Local Security Checks	medium
103443	GLSA-201709-15 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
103283	openSUSE Security Update : chromium (openSUSE-2017-1047)	Nessus	SuSE Local Security Checks	medium
103119	RHEL 6 : chromium-browser (RHSA-2017:2676)	Nessus	Red Hat Local Security Checks	medium
102994	Google Chrome < 61.0.3163.79 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	medium
102993	Google Chrome < 61.0.3163.79 Multiple Vulnerabilities	Nessus	Windows	medium
102988	FreeBSD : chromium -- multiple vulnerabilities (e1100e63-92f7-11e7-bd95-e8e0b747a45a)	Nessus	FreeBSD Local Security Checks	medium

CVE-2017-5118

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins