RHEL 6 : chromium-browser (RHSA-2018:3803)

high Nessus Plugin ID 119568

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for chromium-browser.

Description

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:3803 advisory.

- chromium-browser: Out of bounds write in V8 (CVE-2018-17480, CVE-2018-18342)

- chromium-browser: Use after frees in PDFium (CVE-2018-17481)

- chromium-browser: Heap buffer overflow in Skia (CVE-2018-18335)

- chromium-browser: Use after free in PDFium (CVE-2018-18336)

- chromium-browser: Use after free in Blink (CVE-2018-18337)

- chromium-browser: Heap buffer overflow in Canvas (CVE-2018-18338)

- chromium-browser: Use after free in WebAudio (CVE-2018-18339)

- chromium-browser: Use after free in MediaRecorder (CVE-2018-18340)

- chromium-browser: Heap buffer overflow in Blink (CVE-2018-18341)

- chromium-browser: Use after free in Skia (CVE-2018-18343)

- chromium-browser: Inappropriate implementation in Extensions (CVE-2018-18344)

- chromium-browser: Inappropriate implementation in Site Isolation (CVE-2018-18345)

- chromium-browser: Incorrect security UI in Blink (CVE-2018-18346)

- chromium-browser: Inappropriate implementation in Navigation (CVE-2018-18347)

- chromium-browser: Inappropriate implementation in Omnibox (CVE-2018-18348)

- chromium-browser: Insufficient policy enforcement in Blink (CVE-2018-18349, CVE-2018-18350)

- chromium-browser: Insufficient policy enforcement in Navigation (CVE-2018-18351)

- chromium-browser: Inappropriate implementation in Media (CVE-2018-18352)

- chromium-browser: Inappropriate implementation in Network Authentication (CVE-2018-18353)

- chromium-browser: Insufficient data validation in Shell Integration (CVE-2018-18354)

- chromium-browser: Insufficient policy enforcement in URL Formatter (CVE-2018-18355, CVE-2018-18357)

- chromium-browser, mozilla: Use after free in Skia (CVE-2018-18356)

- chromium-browser: Insufficient policy enforcement in Proxy (CVE-2018-18358)

- chromium-browser: Out of bounds read in V8 (CVE-2018-18359)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL chromium-browser package based on the guidance in RHSA-2018:3803.

Plugin Details

Severity: High

ID: 119568

File Name: redhat-RHSA-2018-3803.nasl

Version: 1.12

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 12/11/2018

Updated: 4/27/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-18359

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:chromium-browser, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/10/2018

Vulnerability Publication Date: 12/11/2018

CISA Known Exploited Vulnerability Due Dates: 6/22/2022

Reference Information

CVE: CVE-2018-17480, CVE-2018-17481, CVE-2018-18335, CVE-2018-18336, CVE-2018-18337, CVE-2018-18338, CVE-2018-18339, CVE-2018-18340, CVE-2018-18341, CVE-2018-18342, CVE-2018-18343, CVE-2018-18344, CVE-2018-18345, CVE-2018-18346, CVE-2018-18347, CVE-2018-18348, CVE-2018-18349, CVE-2018-18350, CVE-2018-18351, CVE-2018-18352, CVE-2018-18353, CVE-2018-18354, CVE-2018-18355, CVE-2018-18356, CVE-2018-18357, CVE-2018-18358, CVE-2018-18359

CWE: 416

RHSA: 2018:3803

Detections

Analytics