Vulnerabilities > CVE-2015-7834 - Unspecified vulnerability in Google V8

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
google
nessus

Summary

Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Google
3947

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2770-1.NASL
    descriptionIt was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2015-6755) A use-after-free was discovered in the service worker implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-6757) It was discovered that Blink did not ensure that the origin of LocalStorage resources are considered unique. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-6759) A race condition and memory corruption was discovered in FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-6761) It was discovered that CSSFontFaceSrcValue::fetch in Blink did not use CORS in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2015-6762) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-6763) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-7834). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86491
    published2015-10-21
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86491
    titleUbuntu 14.04 LTS / 15.04 : oxide-qt vulnerabilities (USN-2770-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2770-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86491);
      script_version("1.9");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2015-6755", "CVE-2015-6757", "CVE-2015-6759", "CVE-2015-6761", "CVE-2015-6762", "CVE-2015-6763", "CVE-2015-7834");
      script_xref(name:"USN", value:"2770-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 15.04 : oxide-qt vulnerabilities (USN-2770-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that ContainerNode::parserInsertBefore in Blink
    would incorrectly proceed with a DOM tree insertion in some
    circumstances. If a user were tricked in to opening a specially
    crafted website, an attacker could potentially exploit this to bypass
    same origin restrictions. (CVE-2015-6755)
    
    A use-after-free was discovered in the service worker implementation
    in Chromium. If a user were tricked in to opening a specially crafted
    website, an attacker could potentially exploit this to cause a denial
    of service via application crash, or execute arbitrary code with the
    privileges of the user invoking the program. (CVE-2015-6757)
    
    It was discovered that Blink did not ensure that the origin of
    LocalStorage resources are considered unique. If a user were tricked
    in to opening a specially crafted website, an attacker could
    potentially exploit this to obtain sensitive information.
    (CVE-2015-6759)
    
    A race condition and memory corruption was discovered in FFmpeg. If a
    user were tricked in to opening a specially crafted website, an
    attacker could potentially exploit this to cause a denial of service
    via renderer crash, or execute arbitrary code with the privileges of
    the sandboxed render process. (CVE-2015-6761)
    
    It was discovered that CSSFontFaceSrcValue::fetch in Blink did not use
    CORS in some circumstances. If a user were tricked in to opening a
    specially crafted website, an attacker could potentially exploit this
    to bypass same origin restrictions. (CVE-2015-6762)
    
    Multiple security issues were discovered in Chromium. If a user were
    tricked in to opening a specially crafted website, an attacker could
    potentially exploit these to read uninitialized memory, cause a denial
    of service via application crash or execute arbitrary code with the
    privileges of the user invoking the program. (CVE-2015-6763)
    
    Multiple security issues were discovered in V8. If a user were tricked
    in to opening a specially crafted website, an attacker could
    potentially exploit these to read uninitialized memory, cause a denial
    of service via renderer crash or execute arbitrary code with the
    privileges of the sandboxed render process. (CVE-2015-7834).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2770-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected liboxideqtcore0 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|15\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 15.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"liboxideqtcore0", pkgver:"1.10.3-0ubuntu0.14.04.1")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"liboxideqtcore0", pkgver:"1.10.3-0ubuntu0.15.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "liboxideqtcore0");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-679.NASL
    descriptionChromium was update do the stable release 46.0.2490.71 to fix security issues. The following vulnerabilities were fixed : - CVE-2015-6755: Cross-origin bypass in Blink - CVE-2015-6756: Use-after-free in PDFium - CVE-2015-6757: Use-after-free in ServiceWorker - CVE-2015-6758: Bad-cast in PDFium - CVE-2015-6759: Information leakage in LocalStorage - CVE-2015-6760: Improper error handling in libANGLE - CVE-2015-6761: Memory corruption in FFMpeg - CVE-2015-6762: CORS bypass via CSS fonts - CVE-2015-6763: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2015-7834: Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch
    last seen2020-06-05
    modified2015-10-26
    plugin id86596
    published2015-10-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86596
    titleopenSUSE Security Update : Chromium (openSUSE-2015-679)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-679.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86596);
      script_version("2.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-6755", "CVE-2015-6756", "CVE-2015-6757", "CVE-2015-6758", "CVE-2015-6759", "CVE-2015-6760", "CVE-2015-6761", "CVE-2015-6762", "CVE-2015-6763", "CVE-2015-6764", "CVE-2015-7834");
    
      script_name(english:"openSUSE Security Update : Chromium (openSUSE-2015-679)");
      script_summary(english:"Check for the openSUSE-2015-679 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Chromium was update do the stable release 46.0.2490.71 to fix security
    issues.
    
    The following vulnerabilities were fixed :
    
      - CVE-2015-6755: Cross-origin bypass in Blink
    
      - CVE-2015-6756: Use-after-free in PDFium
    
      - CVE-2015-6757: Use-after-free in ServiceWorker
    
      - CVE-2015-6758: Bad-cast in PDFium
    
      - CVE-2015-6759: Information leakage in LocalStorage
    
      - CVE-2015-6760: Improper error handling in libANGLE
    
      - CVE-2015-6761: Memory corruption in FFMpeg
    
      - CVE-2015-6762: CORS bypass via CSS fonts
    
      - CVE-2015-6763: Various fixes from internal audits,
        fuzzing and other initiatives.
    
      - CVE-2015-7834: Multiple vulnerabilities in V8 fixed at
        the tip of the 4.6 branch"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950290"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected Chromium packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-desktop-kde");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"chromedriver-46.0.2490.71-109.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromedriver-debuginfo-46.0.2490.71-109.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-46.0.2490.71-109.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-debuginfo-46.0.2490.71-109.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-debugsource-46.0.2490.71-109.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-desktop-gnome-46.0.2490.71-109.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-desktop-kde-46.0.2490.71-109.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-ffmpegsumo-46.0.2490.71-109.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"chromium-ffmpegsumo-debuginfo-46.0.2490.71-109.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"chromedriver-46.0.2490.71-54.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"chromedriver-debuginfo-46.0.2490.71-54.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"chromium-46.0.2490.71-54.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"chromium-debuginfo-46.0.2490.71-54.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"chromium-debugsource-46.0.2490.71-54.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"chromium-desktop-gnome-46.0.2490.71-54.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"chromium-desktop-kde-46.0.2490.71-54.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"chromium-ffmpegsumo-46.0.2490.71-54.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"chromium-ffmpegsumo-debuginfo-46.0.2490.71-54.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2770-2.NASL
    descriptionUSN-2770-1 fixed vulnerabilities in Oxide in Ubuntu 14.04 LTS and Ubuntu 15.04. This update provides the corresponding updates for Ubuntu 15.10. It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2015-6755) A use-after-free was discovered in the service worker implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-6757) It was discovered that Blink did not ensure that the origin of LocalStorage resources are considered unique. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-6759) A race condition and memory corruption was discovered in FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-6761) It was discovered that CSSFontFaceSrcValue::fetch in Blink did not use CORS in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. (CVE-2015-6762) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-6763) Multiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-7834). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86565
    published2015-10-23
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86565
    titleUbuntu 15.10 : oxide-qt vulnerabilities (USN-2770-2)