Detections
Analytics
Debian DSA-3590-1 : chromium-browser - security update
high Nessus Plugin ID 91429
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities have been discovered in the chromium web browser.- CVE-2016-1667 Mariusz Mylinski discovered a cross-origin bypass.
- CVE-2016-1668 Mariusz Mylinski discovered a cross-origin bypass in bindings to v8.
- CVE-2016-1669 Choongwoo Han discovered a buffer overflow in the v8 JavaScript library.
- CVE-2016-1670 A race condition was found that could cause the renderer process to reuse ids that should have been unique.
- CVE-2016-1672 Mariusz Mylinski discovered a cross-origin bypass in extension bindings.
- CVE-2016-1673 Mariusz Mylinski discovered a cross-origin bypass in Blink/Webkit.
- CVE-2016-1674 Mariusz Mylinski discovered another cross-origin bypass in extension bindings.
- CVE-2016-1675 Mariusz Mylinski discovered another cross-origin bypass in Blink/Webkit.
- CVE-2016-1676 Rob Wu discovered a cross-origin bypass in extension bindings.
- CVE-2016-1677 Guang Gong discovered a type confusion issue in the v8 JavaScript library.
- CVE-2016-1678 Christian Holler discovered an overflow issue in the v8 JavaScript library.
- CVE-2016-1679 Rob Wu discovered a use-after-free issue in the bindings to v8.
- CVE-2016-1680 Atte Kettunen discovered a use-after-free issue in the skia library.
- CVE-2016-1681 Aleksandar Nikolic discovered an overflow issue in the pdfium library.
- CVE-2016-1682 KingstonTime discovered a way to bypass the Content Security Policy.
- CVE-2016-1683 Nicolas Gregoire discovered an out-of-bounds write issue in the libxslt library.
- CVE-2016-1684 Nicolas Gregoire discovered an integer overflow issue in the libxslt library.
- CVE-2016-1685 Ke Liu discovered an out-of-bounds read issue in the pdfium library.
- CVE-2016-1686 Ke Liu discovered another out-of-bounds read issue in the pdfium library.
- CVE-2016-1687 Rob Wu discovered an information leak in the handling of extensions.
- CVE-2016-1688 Max Korenko discovered an out-of-bounds read issue in the v8 JavaScript library.
- CVE-2016-1689 Rob Wu discovered a buffer overflow issue.
- CVE-2016-1690 Rob Wu discovered a use-after-free issue.
- CVE-2016-1691 Atte Kettunen discovered a buffer overflow issue in the skia library.
- CVE-2016-1692 Til Jasper Ullrich discovered a cross-origin bypass issue.
- CVE-2016-1693 Khalil Zhani discovered that the Software Removal Tool download was done over an HTTP connection.
- CVE-2016-1694 Ryan Lester and Bryant Zadegan discovered that pinned public keys would be removed when clearing the browser cache.
- CVE-2016-1695 The chrome development team found and fixed various issues during internal auditing.
Solution
Upgrade the chromium-browser packages.For the stable distribution (jessie), these problems have been fixed in version 51.0.2704.63-1~deb8u1.
See Also
https://security-tracker.debian.org/tracker/CVE-2016-1667
https://security-tracker.debian.org/tracker/CVE-2016-1668
https://security-tracker.debian.org/tracker/CVE-2016-1669
https://security-tracker.debian.org/tracker/CVE-2016-1670
https://security-tracker.debian.org/tracker/CVE-2016-1672
https://security-tracker.debian.org/tracker/CVE-2016-1673
https://security-tracker.debian.org/tracker/CVE-2016-1674
https://security-tracker.debian.org/tracker/CVE-2016-1675
https://security-tracker.debian.org/tracker/CVE-2016-1676
https://security-tracker.debian.org/tracker/CVE-2016-1677
https://security-tracker.debian.org/tracker/CVE-2016-1678
https://security-tracker.debian.org/tracker/CVE-2016-1679
https://security-tracker.debian.org/tracker/CVE-2016-1680
https://security-tracker.debian.org/tracker/CVE-2016-1681
https://security-tracker.debian.org/tracker/CVE-2016-1682
https://security-tracker.debian.org/tracker/CVE-2016-1683
https://security-tracker.debian.org/tracker/CVE-2016-1684
https://security-tracker.debian.org/tracker/CVE-2016-1685
https://security-tracker.debian.org/tracker/CVE-2016-1686
https://security-tracker.debian.org/tracker/CVE-2016-1687
https://security-tracker.debian.org/tracker/CVE-2016-1688
https://security-tracker.debian.org/tracker/CVE-2016-1689
https://security-tracker.debian.org/tracker/CVE-2016-1690
https://security-tracker.debian.org/tracker/CVE-2016-1691
https://security-tracker.debian.org/tracker/CVE-2016-1692
https://security-tracker.debian.org/tracker/CVE-2016-1693
https://security-tracker.debian.org/tracker/CVE-2016-1694
https://security-tracker.debian.org/tracker/CVE-2016-1695
Plugin Details
Severity: High
ID: 91429
File Name: debian_DSA-3590.nasl
Version: 2.17
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 6/2/2016
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:debian:debian_linux:8.0, p-cpe:/a:debian:debian_linux:chromium-browser
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 6/1/2016
Vulnerability Publication Date: 5/14/2016
Reference Information
CVE: CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1672, CVE-2016-1673, CVE-2016-1674, CVE-2016-1675, CVE-2016-1676, CVE-2016-1677, CVE-2016-1678, CVE-2016-1679, CVE-2016-1680, CVE-2016-1681, CVE-2016-1682, CVE-2016-1683, CVE-2016-1684, CVE-2016-1685, CVE-2016-1686, CVE-2016-1687, CVE-2016-1688, CVE-2016-1689, CVE-2016-1690, CVE-2016-1691, CVE-2016-1692, CVE-2016-1693, CVE-2016-1694, CVE-2016-1695
DSA: 3590