RHEL 6 : chromium-browser (RHSA-2018:3004)

critical Nessus Plugin ID 118373

Synopsis

The remote Red Hat host is missing one or more security updates for chromium-browser.

Description

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:3004 advisory.

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 70.0.3538.67.

Security Fix(es):

* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)

* chromium-browser: Remote code execution in V8 (CVE-2018-17463)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)

* chromium-browser: Use after free in V8 (CVE-2018-17465)

* chromium-browser: Memory corruption in Angle (CVE-2018-17466)

* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)

* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)

* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)

* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)

* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)

* chromium-browser: Use after free in Blink (CVE-2018-17474)

* chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179)

* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)

* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476)

* chromium-browser: UI spoof in Extensions (CVE-2018-17477)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL chromium-browser package based on the guidance in RHSA-2018:3004.

See Also

http://www.nessus.org/u?17964bcf

https://access.redhat.com/errata/RHSA-2018:3004

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=1628969

https://bugzilla.redhat.com/show_bug.cgi?id=1640098

https://bugzilla.redhat.com/show_bug.cgi?id=1640099

https://bugzilla.redhat.com/show_bug.cgi?id=1640100

https://bugzilla.redhat.com/show_bug.cgi?id=1640101

https://bugzilla.redhat.com/show_bug.cgi?id=1640102

https://bugzilla.redhat.com/show_bug.cgi?id=1640103

https://bugzilla.redhat.com/show_bug.cgi?id=1640104

https://bugzilla.redhat.com/show_bug.cgi?id=1640105

https://bugzilla.redhat.com/show_bug.cgi?id=1640106

https://bugzilla.redhat.com/show_bug.cgi?id=1640107

https://bugzilla.redhat.com/show_bug.cgi?id=1640110

https://bugzilla.redhat.com/show_bug.cgi?id=1640111

https://bugzilla.redhat.com/show_bug.cgi?id=1640112

https://bugzilla.redhat.com/show_bug.cgi?id=1640113

https://bugzilla.redhat.com/show_bug.cgi?id=1640114

https://bugzilla.redhat.com/show_bug.cgi?id=1640115

Plugin Details

Severity: Critical

ID: 118373

File Name: redhat-RHSA-2018-3004.nasl

Version: 1.15

Type: local

Agent: unix

Published: 10/25/2018

Updated: 11/5/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-17474

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2018-17462

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:chromium-browser, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/24/2018

Vulnerability Publication Date: 9/4/2018

CISA Known Exploited Vulnerability Due Dates: 6/22/2022

Exploitable With

Metasploit (Google Chrome 67, 68 and 69 Object.create exploit)

Reference Information

CVE: CVE-2018-16435, CVE-2018-17462, CVE-2018-17463, CVE-2018-17464, CVE-2018-17465, CVE-2018-17466, CVE-2018-17467, CVE-2018-17468, CVE-2018-17469, CVE-2018-17470, CVE-2018-17471, CVE-2018-17473, CVE-2018-17474, CVE-2018-17475, CVE-2018-17476, CVE-2018-17477, CVE-2018-5179

CWE: 122

RHSA: 2018:3004