Debian DSA-3590-1 : chromium-browser - security update

high Nessus Plugin ID 91429
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the chromium web browser.

- CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass.

- CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8.

- CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 JavaScript library.

- CVE-2016-1670 A race condition was found that could cause the renderer process to reuse ids that should have been unique.

- CVE-2016-1672 Mariusz Mylinski discovered a cross-origin bypass in extension bindings.

- CVE-2016-1673 Mariusz Mylinski discovered a cross-origin bypass in Blink/Webkit.

- CVE-2016-1674 Mariusz Mylinski discovered another cross-origin bypass in extension bindings.

- CVE-2016-1675 Mariusz Mylinski discovered another cross-origin bypass in Blink/Webkit.

- CVE-2016-1676 Rob Wu discovered a cross-origin bypass in extension bindings.

- CVE-2016-1677 Guang Gong discovered a type confusion issue in the v8 JavaScript library.

- CVE-2016-1678 Christian Holler discovered an overflow issue in the v8 JavaScript library.

- CVE-2016-1679 Rob Wu discovered a use-after-free issue in the bindings to v8.

- CVE-2016-1680 Atte Kettunen discovered a use-after-free issue in the skia library.

- CVE-2016-1681 Aleksandar Nikolic discovered an overflow issue in the pdfium library.

- CVE-2016-1682 KingstonTime discovered a way to bypass the Content Security Policy.

- CVE-2016-1683 Nicolas Gregoire discovered an out-of-bounds write issue in the libxslt library.

- CVE-2016-1684 Nicolas Gregoire discovered an integer overflow issue in the libxslt library.

- CVE-2016-1685 Ke Liu discovered an out-of-bounds read issue in the pdfium library.

- CVE-2016-1686 Ke Liu discovered another out-of-bounds read issue in the pdfium library.

- CVE-2016-1687 Rob Wu discovered an information leak in the handling of extensions.

- CVE-2016-1688 Max Korenko discovered an out-of-bounds read issue in the v8 JavaScript library.

- CVE-2016-1689 Rob Wu discovered a buffer overflow issue.

- CVE-2016-1690 Rob Wu discovered a use-after-free issue.

- CVE-2016-1691 Atte Kettunen discovered a buffer overflow issue in the skia library.

- CVE-2016-1692 Til Jasper Ullrich discovered a cross-origin bypass issue.

- CVE-2016-1693 Khalil Zhani discovered that the Software Removal Tool download was done over an HTTP connection.

- CVE-2016-1694 Ryan Lester and Bryant Zadegan discovered that pinned public keys would be removed when clearing the browser cache.

- CVE-2016-1695 The chrome development team found and fixed various issues during internal auditing.

Solution

Upgrade the chromium-browser packages.

For the stable distribution (jessie), these problems have been fixed in version 51.0.2704.63-1~deb8u1.

See Also

https://security-tracker.debian.org/tracker/CVE-2016-1667

https://security-tracker.debian.org/tracker/CVE-2016-1668

https://security-tracker.debian.org/tracker/CVE-2016-1669

https://security-tracker.debian.org/tracker/CVE-2016-1670

https://security-tracker.debian.org/tracker/CVE-2016-1672

https://security-tracker.debian.org/tracker/CVE-2016-1673

https://security-tracker.debian.org/tracker/CVE-2016-1674

https://security-tracker.debian.org/tracker/CVE-2016-1675

https://security-tracker.debian.org/tracker/CVE-2016-1676

https://security-tracker.debian.org/tracker/CVE-2016-1677

https://security-tracker.debian.org/tracker/CVE-2016-1678

https://security-tracker.debian.org/tracker/CVE-2016-1679

https://security-tracker.debian.org/tracker/CVE-2016-1680

https://security-tracker.debian.org/tracker/CVE-2016-1681

https://security-tracker.debian.org/tracker/CVE-2016-1682

https://security-tracker.debian.org/tracker/CVE-2016-1683

https://security-tracker.debian.org/tracker/CVE-2016-1684

https://security-tracker.debian.org/tracker/CVE-2016-1685

https://security-tracker.debian.org/tracker/CVE-2016-1686

https://security-tracker.debian.org/tracker/CVE-2016-1687

https://security-tracker.debian.org/tracker/CVE-2016-1688

https://security-tracker.debian.org/tracker/CVE-2016-1689

https://security-tracker.debian.org/tracker/CVE-2016-1690

https://security-tracker.debian.org/tracker/CVE-2016-1691

https://security-tracker.debian.org/tracker/CVE-2016-1692

https://security-tracker.debian.org/tracker/CVE-2016-1693

https://security-tracker.debian.org/tracker/CVE-2016-1694

https://security-tracker.debian.org/tracker/CVE-2016-1695

https://packages.debian.org/source/jessie/chromium-browser

https://www.debian.org/security/2016/dsa-3590

Plugin Details

Severity: High

ID: 91429

File Name: debian_DSA-3590.nasl

Version: 2.17

Type: local

Agent: unix

Published: 6/2/2016

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:chromium-browser, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 6/1/2016

Vulnerability Publication Date: 5/14/2016

Reference Information

CVE: CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1672, CVE-2016-1673, CVE-2016-1674, CVE-2016-1675, CVE-2016-1676, CVE-2016-1677, CVE-2016-1678, CVE-2016-1679, CVE-2016-1680, CVE-2016-1681, CVE-2016-1682, CVE-2016-1683, CVE-2016-1684, CVE-2016-1685, CVE-2016-1686, CVE-2016-1687, CVE-2016-1688, CVE-2016-1689, CVE-2016-1690, CVE-2016-1691, CVE-2016-1692, CVE-2016-1693, CVE-2016-1694, CVE-2016-1695

DSA: 3590