Debian DSA-3590-1 : chromium-browser - security update

high Nessus Plugin ID 91429

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the chromium web browser.

- CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass.

- CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8.

- CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 JavaScript library.

- CVE-2016-1670 A race condition was found that could cause the renderer process to reuse ids that should have been unique.

- CVE-2016-1672 Mariusz Mylinski discovered a cross-origin bypass in extension bindings.

- CVE-2016-1673 Mariusz Mylinski discovered a cross-origin bypass in Blink/Webkit.

- CVE-2016-1674 Mariusz Mylinski discovered another cross-origin bypass in extension bindings.

- CVE-2016-1675 Mariusz Mylinski discovered another cross-origin bypass in Blink/Webkit.

- CVE-2016-1676 Rob Wu discovered a cross-origin bypass in extension bindings.

- CVE-2016-1677 Guang Gong discovered a type confusion issue in the v8 JavaScript library.

- CVE-2016-1678 Christian Holler discovered an overflow issue in the v8 JavaScript library.

- CVE-2016-1679 Rob Wu discovered a use-after-free issue in the bindings to v8.

- CVE-2016-1680 Atte Kettunen discovered a use-after-free issue in the skia library.

- CVE-2016-1681 Aleksandar Nikolic discovered an overflow issue in the pdfium library.

- CVE-2016-1682 KingstonTime discovered a way to bypass the Content Security Policy.

- CVE-2016-1683 Nicolas Gregoire discovered an out-of-bounds write issue in the libxslt library.

- CVE-2016-1684 Nicolas Gregoire discovered an integer overflow issue in the libxslt library.

- CVE-2016-1685 Ke Liu discovered an out-of-bounds read issue in the pdfium library.

- CVE-2016-1686 Ke Liu discovered another out-of-bounds read issue in the pdfium library.

- CVE-2016-1687 Rob Wu discovered an information leak in the handling of extensions.

- CVE-2016-1688 Max Korenko discovered an out-of-bounds read issue in the v8 JavaScript library.

- CVE-2016-1689 Rob Wu discovered a buffer overflow issue.

- CVE-2016-1690 Rob Wu discovered a use-after-free issue.

- CVE-2016-1691 Atte Kettunen discovered a buffer overflow issue in the skia library.

- CVE-2016-1692 Til Jasper Ullrich discovered a cross-origin bypass issue.

- CVE-2016-1693 Khalil Zhani discovered that the Software Removal Tool download was done over an HTTP connection.

- CVE-2016-1694 Ryan Lester and Bryant Zadegan discovered that pinned public keys would be removed when clearing the browser cache.

- CVE-2016-1695 The chrome development team found and fixed various issues during internal auditing.

Solution

Upgrade the chromium-browser packages.

For the stable distribution (jessie), these problems have been fixed in version 51.0.2704.63-1~deb8u1.

See Also

https://security-tracker.debian.org/tracker/CVE-2016-1667

https://security-tracker.debian.org/tracker/CVE-2016-1668

https://security-tracker.debian.org/tracker/CVE-2016-1669

https://security-tracker.debian.org/tracker/CVE-2016-1670

https://security-tracker.debian.org/tracker/CVE-2016-1672

https://security-tracker.debian.org/tracker/CVE-2016-1673

https://security-tracker.debian.org/tracker/CVE-2016-1674

https://security-tracker.debian.org/tracker/CVE-2016-1675

https://security-tracker.debian.org/tracker/CVE-2016-1676

https://security-tracker.debian.org/tracker/CVE-2016-1677

https://security-tracker.debian.org/tracker/CVE-2016-1678

https://security-tracker.debian.org/tracker/CVE-2016-1679

https://security-tracker.debian.org/tracker/CVE-2016-1680

https://security-tracker.debian.org/tracker/CVE-2016-1681

https://security-tracker.debian.org/tracker/CVE-2016-1682

https://security-tracker.debian.org/tracker/CVE-2016-1683

https://security-tracker.debian.org/tracker/CVE-2016-1684

https://security-tracker.debian.org/tracker/CVE-2016-1685

https://security-tracker.debian.org/tracker/CVE-2016-1686

https://security-tracker.debian.org/tracker/CVE-2016-1687

https://security-tracker.debian.org/tracker/CVE-2016-1688

https://security-tracker.debian.org/tracker/CVE-2016-1689

https://security-tracker.debian.org/tracker/CVE-2016-1690

https://security-tracker.debian.org/tracker/CVE-2016-1691

https://security-tracker.debian.org/tracker/CVE-2016-1692

https://security-tracker.debian.org/tracker/CVE-2016-1693

https://security-tracker.debian.org/tracker/CVE-2016-1694

https://security-tracker.debian.org/tracker/CVE-2016-1695

https://packages.debian.org/source/jessie/chromium-browser

https://www.debian.org/security/2016/dsa-3590

Plugin Details

Severity: High

ID: 91429

File Name: debian_DSA-3590.nasl

Version: 2.17

Type: local

Agent: unix

Published: 6/2/2016

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:chromium-browser, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 6/1/2016

Vulnerability Publication Date: 5/14/2016

Reference Information

CVE: CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1672, CVE-2016-1673, CVE-2016-1674, CVE-2016-1675, CVE-2016-1676, CVE-2016-1677, CVE-2016-1678, CVE-2016-1679, CVE-2016-1680, CVE-2016-1681, CVE-2016-1682, CVE-2016-1683, CVE-2016-1684, CVE-2016-1685, CVE-2016-1686, CVE-2016-1687, CVE-2016-1688, CVE-2016-1689, CVE-2016-1690, CVE-2016-1691, CVE-2016-1692, CVE-2016-1693, CVE-2016-1694, CVE-2016-1695

DSA: 3590