The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1021 advisory.

    Chromium is an open-source web browser, powered by WebKit (Blink).

    This update upgrades Chromium to version 74.0.3729.108.

    Security Fix(es):

    * chromium-browser: Use after free in PDFium (CVE-2019-5805)

    * chromium-browser: Integer overflow in Angle (CVE-2019-5806)

    * chromium-browser: Memory corruption in V8 (CVE-2019-5807)

    * chromium-browser: Use after free in Blink (CVE-2019-5808)

    * chromium-browser: Use after free in Blink (CVE-2019-5809)

    * chromium-browser: User information disclosure in Autofill (CVE-2019-5810)

    * chromium-browser: CORS bypass in Blink (CVE-2019-5811)

    * chromium-browser: Out of bounds read in V8 (CVE-2019-5813)

    * chromium-browser: CORS bypass in Blink (CVE-2019-5814)

    * chromium-browser: Heap buffer overflow in Blink (CVE-2019-5815)

    * chromium-browser: Uninitialized value in media reader (CVE-2019-5818)

    * chromium-browser: Incorrect escaping in developer tools (CVE-2019-5819)

    * chromium-browser: Integer overflow in PDFium (CVE-2019-5820)

    * chromium-browser: Integer overflow in PDFium (CVE-2019-5821)

    * chromium-browser: CORS bypass in download manager (CVE-2019-5822)

    * chromium-browser: Forced navigation from service worker (CVE-2019-5823)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : chromium-browser (RHSA-2019:1021)

high Nessus Plugin ID 124691

Version 1.16

Version 1.15

Version 1.14

Version 1.13

Version 1.16 Nov 7, 2024, 2:42 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411070242
Version 1.15 May 28, 2024, 12:26 PM Exploit attributes ("Exploit framework metasploit" set to "True") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202405281226
Version 1.14 Apr 28, 2024, 1:01 AM CVE (set "CVE" coverage to "CVE-2019-5805,CVE-2019-5806,CVE-2019-5807,CVE-2019-5808,CVE-2019-5809,CVE-2019-5810,CVE-2019-5811,CVE-2019-5813,CVE-2019-5814,CVE-2019-5815,CVE-2019-5818,CVE-2019-5819,CVE-2019-5820,CVE-2019-5821,CVE-2019-5822,CVE-2019-5823,CVE-2019-5825,CVE-2019-5826,CVE-2020-6503,CVE-2020-6504") Detection (updated detection logic) Exploit attributes ("Exploit framework metasploit" changed from "True" to none) Exploit attributes ("Exploited by malware" changed from "True" to none) Plugin metadata Reference Plugin Feed: 202404280101
Version 1.13 Mar 23, 2023, 8:46 PM Plugin requirements Plugin Feed: 202303232046