GLSA-201012-01 : Chromium: Multiple vulnerabilities

Medium Nessus Plugin ID 51349


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-201012-01 (Chromium: Multiple vulnerabilities)

Multiple vulnerabilities were found in Chromium. For further information please consult the release notes referenced below.
Impact :

A remote attacker could trick a user to perform a set of UI actions that trigger a possibly exploitable crash, leading to execution of arbitrary code or a Denial of Service.
It was also possible for an attacker to entice a user to visit a specially crafted web page that would trigger one of the vulnerabilities, leading to execution of arbitrary code within the confines of the sandbox, successful Cross-Site Scripting attacks, violation of the same-origin policy, successful website spoofing attacks, information leak, or a Denial of Service. An attacker could also trick a user to perform a set of UI actions that might result in a successful website spoofing attack.
Multiple bugs in the sandbox could result in a sandbox escape.
Multiple UI bugs could lead to information leak and successful website spoofing attacks.
Workaround :

There is no known workaround at this time.


All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-8.0.552.224'

See Also

Plugin Details

Severity: Medium

ID: 51349

File Name: gentoo_GLSA-201012-01.nasl

Version: $Revision: 1.10 $

Type: local

Published: 2010/12/20

Modified: 2017/11/02

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:chromium, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2010/12/17

Reference Information

OSVDB: 70102, 70103, 70104, 70105, 70106

GLSA: 201012-01