The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:3803 advisory.

    Chromium is an open-source web browser, powered by WebKit (Blink).

    This update upgrades Chromium to version 71.0.3578.80.

    Security Fix(es):

    * chromium-browser: Out of bounds write in V8 (CVE-2018-17480)

    * chromium-browser: Use after frees in PDFium (CVE-2018-17481)

    * chromium-browser: Heap buffer overflow in Skia (CVE-2018-18335)

    * chromium-browser: Use after free in PDFium (CVE-2018-18336)

    * chromium-browser: Use after free in Blink (CVE-2018-18337)

    * chromium-browser: Heap buffer overflow in Canvas (CVE-2018-18338)

    * chromium-browser: Use after free in WebAudio (CVE-2018-18339)

    * chromium-browser: Use after free in MediaRecorder (CVE-2018-18340)

    * chromium-browser: Heap buffer overflow in Blink (CVE-2018-18341)

    * chromium-browser: Out of bounds write in V8 (CVE-2018-18342)

    * chromium-browser: Use after free in Skia (CVE-2018-18343)

    * chromium-browser: Inappropriate implementation in Extensions (CVE-2018-18344)

    * chromium-browser: Inappropriate implementation in Site Isolation (CVE-2018-18345)

    * chromium-browser: Incorrect security UI in Blink (CVE-2018-18346)

    * chromium-browser: Inappropriate implementation in Navigation (CVE-2018-18347)

    * chromium-browser: Inappropriate implementation in Omnibox (CVE-2018-18348)

    * chromium-browser: Insufficient policy enforcement in Blink (CVE-2018-18349)

    * chromium-browser: Insufficient policy enforcement in Blink (CVE-2018-18350)

    * chromium-browser: Insufficient policy enforcement in Navigation (CVE-2018-18351)

    * chromium-browser: Inappropriate implementation in Media (CVE-2018-18352)

    * chromium-browser: Inappropriate implementation in Network Authentication (CVE-2018-18353)

    * chromium-browser: Insufficient data validation in Shell Integration (CVE-2018-18354)

    * chromium-browser: Insufficient policy enforcement in URL Formatter (CVE-2018-18355)

    * chromium-browser: Use after free in Skia (CVE-2018-18356)

    * chromium-browser: Insufficient policy enforcement in URL Formatter (CVE-2018-18357)

    * chromium-browser: Insufficient policy enforcement in Proxy (CVE-2018-18358)

    * chromium-browser: Out of bounds read in V8 (CVE-2018-18359)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : chromium-browser (RHSA-2018:3803)

high Nessus Plugin ID 119568

Version 1.13

Version 1.12

Version 1.11

Version 1.13 Nov 5, 2024, 12:50 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411051250
Version 1.12 Apr 28, 2024, 3:17 AM Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404280317
Version 1.11 Apr 25, 2023, 11:11 PM CVSS temporal metrics (Adjust exploitability metrics for CISA KEV vulnerabilities) Plugin Feed: 202304252311