Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.

Several vulnerabilities have been discovered in the chromium web browser.

  - CVE-2017-5087     Ned Williamson discovered a way to escape the sandbox.

  - CVE-2017-5088     Xiling Gong discovered an out-of-bounds read issue in     the v8 JavaScript library.

  - CVE-2017-5089     Michal Bentkowski discovered a spoofing issue.

  - CVE-2017-5091     Ned Williamson discovered a use-after-free issue in     IndexedDB.

  - CVE-2017-5092     Yu Zhou discovered a use-after-free issue in PPAPI.

  - CVE-2017-5093     Luan Herrera discovered a user interface spoofing issue.

  - CVE-2017-5094     A type confusion issue was discovered in extensions.

  - CVE-2017-5095     An out-of-bounds write issue was discovered in the     pdfium library.

  - CVE-2017-5097     An out-of-bounds read issue was discovered in the skia     library.

  - CVE-2017-5098     Jihoon Kim discovered a use-after-free issue in the v8     JavaScript library.

  - CVE-2017-5099     Yuan Deng discovered an out-of-bounds write issue in     PPAPI.

  - CVE-2017-5100     A use-after-free issue was discovered in Chrome Apps.

  - CVE-2017-5101     Luan Herrera discovered a URL spoofing issue.

  - CVE-2017-5102     An uninitialized variable was discovered in the skia     library.

  - CVE-2017-5103     Another uninitialized variable was discovered in the     skia library.

  - CVE-2017-5104     Khalil Zhani discovered a user interface spoofing issue.

  - CVE-2017-5105     Rayyan Bijoora discovered a URL spoofing issue.

  - CVE-2017-5106     Jack Zac discovered a URL spoofing issue.

  - CVE-2017-5107     David Kohlbrenner discovered an information leak in SVG     file handling.

  - CVE-2017-5108     Guang Gong discovered a type confusion issue in the     pdfium library.

  - CVE-2017-5109     Jose Maria Acuna Morgado discovered a user interface     spoofing issue.

  - CVE-2017-5110     xisigr discovered a way to spoof the payments dialog.

  - CVE-2017-7000     Chaitin Security Research Lab discovered an information     disclosure issue in the sqlite library.

This update updates QtWebEngine to a snapshot from the Qt 5.6 LTS (long-term support) branch. This is a snapshot of the QtWebEngine that will be included in the bugfix and security release Qt 5.6.3, but only the QtWebEngine component is included in this update.

The update fixes the following security issues in QtWebEngine 5.6.2:
CVE-2016-5133, CVE-2016-5147, CVE-2016-5153, CVE-2016-5155, CVE-2016-5161, CVE-2016-5166, CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5181, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5198, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5214, CVE-2016-5215, CVE-2016-5221, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652, CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5012, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5019, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5033, CVE-2017-5037, CVE-2017-5044, CVE-2017-5046, CVE-2017-5047, CVE-2017-5048, CVE-2017-5049, CVE-2017-5050, CVE-2017-5051, CVE-2017-5059, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5067, CVE-2017-5069, CVE-2017-5070, CVE-2017-5071, CVE-2017-5075, CVE-2017-5076, CVE-2016-5078, CVE-2017-5083, and CVE-2017-5089.

Other important changes include :

  - Based on Chromium 49.0.2623.111 (the version used in     QtWebEngine 5.7.x) with security fixes from Chromium up     to version 59.0.3071.104. (5.6.2 was based on Chromium     45.0.2554.101 with security fixes from Chromium up to     version 52.0.2743.116.)

  - All other bug fixes from QtWebEngine 5.7.1 have been     backported.

See http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.6.3?h=5.
6 for details. (Please note that at the time of this writing, not all security backports are listed in that file yet. The list above is accurate.)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update updates QtWebEngine to the 5.9.1 release, a security and bugfix release from the 5.9 branch. QtWebEngine 5.9.1 is part of the Qt 5.9.1 release, but only the QtWebEngine component is included in this update.

The update fixes the following security issues in QtWebEngine 5.9.0:
CVE-2017-5070, CVE-2017-5071, CVE-2017-5075, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078, CVE-2017-5079, CVE-2017-5083, CVE-2017-5088, and CVE-2017-5089 (security fixes from Chromium up to version 59.0.3071.104).

Other notable bugfixes include :

  - [QTBUG-59690] Fixed issue with drops

  - [QTBUG-60588] Fixed error in updating user-agent and     accept-language

  - [QTBUG-61047] Fixed assert in URLRequestContextGetterQt

  - [QTBUG-61186] Fixed cancellation of upload folder     dialogs

  - [QTBUG-57675] Fixed     WebEngineNewViewRequest::requestedUrl when opening     window from JavaScript

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to .104. Fix mp3 playback. Security fix for CVE-2017-5087, CVE-2017-5088, CVE-2017-5089

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 59.0.3071.104. It is, therefore, affected by the following vulnerabilities :

  - A security bypass vulnerability exists in the IndexedDB     component that allows an unauthenticated, remote     attacker to bypass the sandbox. (CVE-2017-5087)

  - An out-of-bounds read error exists in the V8 component     that allows an unauthenticated, remote attacker to cause     a denial of service condition. (CVE-2017-5088)

  - An unspecified flaw exists in the Omnibox address bar     component that allows an unauthenticated, remote     attacker to spoof domains. (CVE-2017-5089)

  - Multiple unspecified vulnerabilities exist that allow an     unauthenticated, remote attacker to have a high severity     impact.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 59.0.3071.104. It is, therefore, affected by the following vulnerabilities :

  - A security bypass vulnerability exists in the IndexedDB     component that allows an unauthenticated, remote     attacker to bypass the sandbox. (CVE-2017-5087)

  - An out-of-bounds read error exists in the V8 component     that allows an unauthenticated, remote attacker to cause     a denial of service condition. (CVE-2017-5088)

  - An unspecified flaw exists in the Omnibox address bar     component that allows an unauthenticated, remote     attacker to spoof domains. (CVE-2017-5089)

  - Multiple unspecified vulnerabilities exist that allow an     unauthenticated, remote attacker to have a high severity     impact.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-201706-20 (Chromium: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in the Chromium web       browser. Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, obtain       sensitive information, bypass security restrictions or spoof content.
  Workaround :

    There is no known workaround at this time.

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 59.0.3071.104.

Security Fix(es) :

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5087, CVE-2017-5088, CVE-2017-5089)

This update to Chromium 59.0.3071.104 fixes the following security issues :

  - CVE-2017-5087: Sandbox Escape in IndexedDB

  - CVE-2017-5088: Out of bounds read in V8

  - CVE-2017-5089: Domain spoofing in Omnibox

  - Various fixes from internal audits, fuzzing and other     initiatives

The following tracked packaging changes are included :

  - In about dialog, refer to the build as 'openSUSE build'     (boo#1043420)

Google Chrome releases reports :

5 security fixes in this release, including :

- [725032] High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson on 2017-05-22

- [729991] High CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong of Tencent Security Platform Department on 2017-06-06

- [714196] Medium CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michal Bentkowski on 2017-04-21

- [732498] Various fixes from internal audits, fuzzing and other initiatives

ID	Name	Product	Family	Severity
102210	Debian DSA-3926-1 : chromium-browser - security update	Nessus	Debian Local Security Checks	high
101920	Fedora 24 : qt5-qtwebengine (2017-98bed96d12)	Nessus	Fedora Local Security Checks	critical
101779	Fedora 25 : qt5-qtwebengine (2017-a7a488d8d0)	Nessus	Fedora Local Security Checks	high
101583	Fedora 26 : qt5-qtwebengine (2017-1e34da27f3)	Nessus	Fedora Local Security Checks	high
101558	Fedora 26 : chromium (2017-01e4d46f23)	Nessus	Fedora Local Security Checks	high
101072	Fedora 24 : chromium (2017-c2e1dc46a1)	Nessus	Fedora Local Security Checks	high
101038	Fedora 25 : chromium (2017-e8a1e1e62a)	Nessus	Fedora Local Security Checks	high
100992	Google Chrome < 59.0.3071.104 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
100991	Google Chrome < 59.0.3071.104 Multiple Vulnerabilities	Nessus	Windows	high
100946	GLSA-201706-20 : Chromium: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
100902	RHEL 6 : chromium-browser (RHSA-2017:1495)	Nessus	Red Hat Local Security Checks	high
100862	openSUSE Security Update : chromium (openSUSE-2017-701)	Nessus	SuSE Local Security Checks	high
100861	FreeBSD : chromium -- multiple vulnerabilities (f53dd5cc-527f-11e7-a772-e8e0b747a45a)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2017-5089

medium

Tenable Plugins

high

critical

high

high

high

high

high

high

high

high

high

high

high