The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:0265 advisory.

    Chromium is an open-source web browser, powered by WebKit (Blink).

    This update upgrades Chromium to version 64.0.3282.119.

    Security Fix(es):

    * Multiple flaws were found in the processing of malformed web content. A web page containing malicious     content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when     visited by the victim. (CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035,     CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042,     CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050,     CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054)

    * To mitigate timing-based side-channel attacks similar to Spectre and Meltdown, this update reduces     the precision of the timing data provided by the Date object and the performance.now() API, and the V8     JavaScript engine now uses masking of certain addresses and array or string indices.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : chromium-browser (RHSA-2018:0265)

high Nessus Plugin ID 106574

Version 3.13