GLSA-201012-01 : Chromium: Multiple vulnerabilities

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201012-01
(Chromium: Multiple vulnerabilities)

Multiple vulnerabilities were found in Chromium. For further
information please consult the release notes referenced below.

Impact :

A remote attacker could trick a user to perform a set of UI actions
that trigger a possibly exploitable crash, leading to execution of
arbitrary code or a Denial of Service.
It was also possible for an attacker to entice a user to visit a
specially crafted web page that would trigger one of the
vulnerabilities, leading to execution of arbitrary code within the
confines of the sandbox, successful Cross-Site Scripting attacks,
violation of the same-origin policy, successful website spoofing
attacks, information leak, or a Denial of Service. An attacker could
also trick a user to perform a set of UI actions that might result in a
successful website spoofing attack.
Multiple bugs in the sandbox could result in a sandbox escape.
Multiple UI bugs could lead to information leak and successful website
spoofing attacks.

Workaround :

There is no known workaround at this time.

See also :

http://www.nessus.org/u?ff6f59b6
http://www.nessus.org/u?2d9edb9b
http://www.nessus.org/u?773dbeae
http://www.nessus.org/u?8b57d228
http://www.nessus.org/u?a10300d4
http://www.nessus.org/u?f46b762b
http://www.nessus.org/u?3c1092e3
http://www.nessus.org/u?9b767048
http://www.nessus.org/u?899de47f
http://www.nessus.org/u?8f9e7cff
https://security.gentoo.org/glsa/201012-01

Solution :

All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/chromium-8.0.552.224'

Risk factor :

Medium

Family: Gentoo Local Security Checks

Nessus Plugin ID: 51349 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now