The version of Google Chrome installed on the remote host is prior to 58.0.3029.96, and is affected by an unspecified race condition in 'modules/video_coding/frame_buffer2.cc' that is triggered during the handling of frame orders. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided.

Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 58.0.3029.96.

Security Fix(es) :

* A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5068)

Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069

----

Security fix for CVE-2017-5055, CVE-2017-5054, CVE-2017-5052, CVE-2017-5056, CVE-2017-5053

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Google Chrome installed on the remote macOS host is prior to 58.0.3029.96. It is, therefore, affected by a vulnerability as referenced in the 2017_05_stable-channel-update-for-desktop advisory.

  - Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and     Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. (CVE-2017-5068)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update to Chromium 58.0.3029.96 fixes one security issue :

  - CVE-2017-5068: race condition in WebRTC (bsc#1037594)

This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update.

The update fixes the following security issues in QtWebEngine 5.8.0:
CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and CVE-2017-5069.

Other important changes include :

  - Based on Chromium 56.0.2924.122 with security fixes from     Chromium up to version 58.0.3029.96. (5.8.0 was based on     Chromium 53.0.2785.148 with security fixes from Chromium     up to version 55.0.2883.75.)

  - [QTBUG-54650, QTBUG-59922] Accessibility is now disabled     by default on Linux, like it is in Chrome, due to poor     options for enabling it conditionally and its heavy     performance impact. Set the environment variable     `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it     again.

  - [QTBUG-56531] Enabled `filesystem:` protocol handler.

  - [QTBUG-57720] Optimized incremental scene-graph     rendering in particular for software rendering.

  - [QTBUG-60049] Enabled brotli support.

  - Many bug fixes, see     https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha     nges-5.9.0?h=5.9 for details.

In addition, this build includes a fix for https://bugreports.qt.io/browse/QTBUG-61521 , a binary incompatibility in QtWebEngine 5.9.0 compared to 5.8.0.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Google Chrome Releases reports :

1 security fix in this release :

- [679306] High CVE-2017-5068: Race condition in WebRTC. Credit to Philipp Hancke

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and     Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. (CVE-2017-5068)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of Google Chrome installed on the remote Windows host is prior to 58.0.3029.96. It is, therefore, affected by a vulnerability as referenced in the 2017_05_stable-channel-update-for-desktop advisory.

  - Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and     Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. (CVE-2017-5068)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-201706-20 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in the Chromium web       browser. Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, bypass security restrictions or spoof content.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Published	Updated	Severity
700098	Google Chrome < 58.0.3029.96 Unspecified Vunlerability	Nessus Network Monitor	Web Clients	5/12/2017	3/6/2019	medium
101668	Fedora 26 : 1:chromium-native_client / chromium (2017-811133dc2c)	Nessus	Fedora Local Security Checks	7/17/2017	12/10/2025	high
100144	RHEL 6 : chromium-browser (RHSA-2017:1228)	Nessus	Red Hat Local Security Checks	5/12/2017	12/19/2025	high
100606	Fedora 24 : 1:chromium-native_client / chromium (2017-7d698eba8b)	Nessus	Fedora Local Security Checks	6/5/2017	12/17/2025	critical
99996	Google Chrome < 58.0.3029.96 Vulnerability	Nessus	MacOS X Local Security Checks	5/5/2017	11/24/2025	high
100019	openSUSE Security Update : Chromium (openSUSE-2017-541)	Nessus	SuSE Local Security Checks	5/8/2017	12/19/2025	high
100336	Fedora 25 : 1:chromium-native_client / chromium (2017-dc7ce3b314)	Nessus	Fedora Local Security Checks	5/23/2017	12/18/2025	high
101504	Fedora 25 : qt5-qtwebengine (2017-58cde32413)	Nessus	Fedora Local Security Checks	7/13/2017	12/11/2025	critical
101740	Fedora 26 : qt5-qtwebengine (2017-e83c26a8c9)	Nessus	Fedora Local Security Checks	7/17/2017	12/10/2025	critical
99974	FreeBSD : chromium -- race condition vulnerability (92e345d0-304d-11e7-8359-e8e0b747a45a)	Nessus	FreeBSD Local Security Checks	5/4/2017	12/22/2025	high
251799	Linux Distros Unpatched Vulnerability : CVE-2017-5068	Nessus	Misc.	8/19/2025	8/19/2025	high
99995	Google Chrome < 58.0.3029.96 Vulnerability	Nessus	Windows	5/5/2017	11/24/2025	high
100946	GLSA-201706-20 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	6/21/2017	12/15/2025	high

Detections

Analytics

Plugins Search

medium

high

high

critical

high

high

high

critical

critical

high

high

high

high