GLSA-201811-10 : Chromium: Multiple vulnerabilities

Medium Nessus Plugin ID 119130

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201811-10 (Chromium: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details.
Impact :

A remote attacker could execute arbitrary code, escalate privileges, cause a heap buffer overflow, obtain sensitive information, or spoof a URL.
Workaround :

There is no known workaround at this time.

Solution

All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-70.0.3538.67'

See Also

https://security.gentoo.org/glsa/201811-10

Plugin Details

Severity: Medium

ID: 119130

File Name: gentoo_GLSA-201811-10.nasl

Version: 1.1

Type: local

Published: 2018/11/26

Modified: 2018/11/26

Dependencies: 12634

Risk Information

Risk Factor: Medium

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:chromium, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2018/11/23

Reference Information

CVE: CVE-2018-16065, CVE-2018-16066, CVE-2018-16067, CVE-2018-16068, CVE-2018-16069, CVE-2018-16070, CVE-2018-16071, CVE-2018-16072, CVE-2018-16073, CVE-2018-16074, CVE-2018-16075, CVE-2018-16076, CVE-2018-16077, CVE-2018-16078, CVE-2018-16079, CVE-2018-16080, CVE-2018-16081, CVE-2018-16082, CVE-2018-16083, CVE-2018-16084, CVE-2018-16085, CVE-2018-16086, CVE-2018-16087, CVE-2018-16088, CVE-2018-17462, CVE-2018-17463, CVE-2018-17464, CVE-2018-17465, CVE-2018-17466, CVE-2018-17467, CVE-2018-17468, CVE-2018-17469, CVE-2018-17470, CVE-2018-17471, CVE-2018-17472, CVE-2018-17473, CVE-2018-17474, CVE-2018-17475, CVE-2018-17476, CVE-2018-17477, CVE-2018-5179

GLSA: 201811-10