Vulnerabilities > CVE-2016-5199 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
google
CWE-119
nessus

Summary

An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

Vulnerable Configurations

Part Description Count
Application
Google
3776

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-A815B7BF5D.NASL
    descriptionUpdate to Chromium 55. Security fix for CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202, CVE-2016-9651, CVE-2016-5208, CVE-2016-5207, CVE-2016-5206, CVE-2016-5205, CVE-2016-5204, CVE-2016-5209, CVE-2016-5203, CVE-2016-5210, CVE-2016-5212, CVE-2016-5211, CVE-2016-5213, CVE-2016-5214, CVE-2016-5216, CVE-2016-5215, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5220, CVE-2016-5222, CVE-2016-9650, CVE-2016-5223, CVE-2016-5226, CVE-2016-5225, CVE-2016-5224, CVE-2016-9652 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-12-16
    plugin id95903
    published2016-12-16
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95903
    titleFedora 25 : chromium (2016-a815b7bf5d)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-a815b7bf5d.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95903);
      script_version("3.14");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-5199", "CVE-2016-5200", "CVE-2016-5201", "CVE-2016-5202", "CVE-2016-5203", "CVE-2016-5204", "CVE-2016-5205", "CVE-2016-5206", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5209", "CVE-2016-5210", "CVE-2016-5211", "CVE-2016-5212", "CVE-2016-5213", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5216", "CVE-2016-5217", "CVE-2016-5218", "CVE-2016-5219", "CVE-2016-5220", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5223", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-5226", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652");
      script_xref(name:"FEDORA", value:"2016-a815b7bf5d");
    
      script_name(english:"Fedora 25 : chromium (2016-a815b7bf5d)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to Chromium 55. 
    
    Security fix for CVE-2016-5199, CVE-2016-5200, CVE-2016-5201,
    CVE-2016-5202, CVE-2016-9651, CVE-2016-5208, CVE-2016-5207,
    CVE-2016-5206, CVE-2016-5205, CVE-2016-5204, CVE-2016-5209,
    CVE-2016-5203, CVE-2016-5210, CVE-2016-5212, CVE-2016-5211,
    CVE-2016-5213, CVE-2016-5214, CVE-2016-5216, CVE-2016-5215,
    CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221,
    CVE-2016-5220, CVE-2016-5222, CVE-2016-9650, CVE-2016-5223,
    CVE-2016-5226, CVE-2016-5225, CVE-2016-5224, CVE-2016-9652
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a815b7bf5d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected chromium package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC25", reference:"chromium-55.0.2883.87-1.fc25")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1365.NASL
    descriptionThis update to ffmpeg 3.2 fixes the following issues : - CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892) FFmpeg was updated to version 3.2, incorporating the following upstream improvements : - SDL2 output device and ffplay support - SDL1 output device and SDL1 support removed - New: libopenmpt demuxer, fifo muxer, True Audio (TTA) muxer - New filters: weave, gblur, avgblur, sobel, prewitt, vaguedenoiser, yuvtestsrc, lut2, hysteresis, maskedclamp, crystalizer, acrusher, bitplanenoise, sidedata, asidedata - Non-Local Means (nlmeans) denoising filter - 16-bit support in curves filter and selectivecolor filter - Added threads option per filter instance - The
    last seen2020-06-05
    modified2016-11-29
    plugin id95377
    published2016-11-29
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95377
    titleopenSUSE Security Update : ffmpeg (openSUSE-2016-1365)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201611-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201611-16 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id95267
    published2016-11-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95267
    titleGLSA-201611-16 : Chromium: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3731.NASL
    descriptionSeveral vulnerabilities have been discovered in the chromium web browser. - CVE-2016-5181 A cross-site scripting issue was discovered. - CVE-2016-5182 Giwan Go discovered a heap overflow issue. - CVE-2016-5183 A use-after-free issue was discovered in the pdfium library. - CVE-2016-5184 Another use-after-free issue was discovered in the pdfium library. - CVE-2016-5185 cloudfuzzer discovered a use-after-free issue in Blink/Webkit. - CVE-2016-5186 Abdulrahman Alqabandi discovered an out-of-bounds read issue in the developer tools. - CVE-2016-5187 Luan Herrera discovered a URL spoofing issue. - CVE-2016-5188 Luan Herrera discovered that some drop down menus can be used to hide parts of the user interface. - CVE-2016-5189 xisigr discovered a URL spoofing issue. - CVE-2016-5190 Atte Kettunen discovered a use-after-free issue. - CVE-2016-5191 Gareth Hughes discovered a cross-site scripting issue. - CVE-2016-5192 [email protected] discovered a same-origin bypass. - CVE-2016-5193 Yuyang Zhou discovered a way to pop open a new window. - CVE-2016-5194 The chrome development team found and fixed various issues during internal auditing. - CVE-2016-5198 Tencent Keen Security Lab discovered an out-of-bounds memory access issue in the v8 JavaScript library. - CVE-2016-5199 A heap corruption issue was discovered in the ffmpeg library. - CVE-2016-5200 Choongwoo Han discovered an out-of-bounds memory access issue in the v8 JavaScript library. - CVE-2016-5201 Rob Wu discovered an information leak. - CVE-2016-5202 The chrome development team found and fixed various issues during internal auditing. - CVE-2016-5203 A use-after-free issue was discovered in the pdfium library. - CVE-2016-5204 Mariusz Mlynski discovered a cross-site scripting issue in SVG image handling. - CVE-2016-5205 A cross-site scripting issue was discovered. - CVE-2016-5206 Rob Wu discovered a same-origin bypass in the pdfium library. - CVE-2016-5207 Mariusz Mlynski discovered a cross-site scripting issue. - CVE-2016-5208 Mariusz Mlynski discovered another cross-site scripting issue. - CVE-2016-5209 Giwan Go discovered an out-of-bounds write issue in Blink/Webkit. - CVE-2016-5210 Ke Liu discovered an out-of-bounds write in the pdfium library. - CVE-2016-5211 A use-after-free issue was discovered in the pdfium library. - CVE-2016-5212 Khalil Zhani discovered an information disclosure issue in the developer tools. - CVE-2016-5213 Khalil Zhani discovered a use-after-free issue in the v8 JavaScript library. - CVE-2016-5214 Jonathan Birch discovered a file download protection bypass. - CVE-2016-5215 Looben Yang discovered a use-after-free issue. - CVE-2016-5216 A use-after-free issue was discovered in the pdfium library. - CVE-2016-5217 Rob Wu discovered a condition where data was not validated by the pdfium library. - CVE-2016-5218 Abdulrahman Alqabandi discovered a URL spoofing issue. - CVE-2016-5219 Rob Wu discovered a use-after-free issue in the v8 JavaScript library. - CVE-2016-5220 Rob Wu discovered a way to access files on the local system. - CVE-2016-5221 Tim Becker discovered an integer overflow issue in the angle library. - CVE-2016-5222 xisigr discovered a URL spoofing issue. - CVE-2016-5223 Hwiwon Lee discovered an integer overflow issue in the pdfium library. - CVE-2016-5224 Roeland Krak discovered a same-origin bypass in SVG image handling. - CVE-2016-5225 Scott Helme discovered a Content Security Protection bypass. - CVE-2016-5226 Jun Kokatsu discovered a cross-scripting issue. - CVE-2016-9650 Jakub Zoczek discovered a Content Security Protection information disclosure. - CVE-2016-9651 Guang Gong discovered a way to access private data in the v8 JavaScript library. - CVE-2016-9652 The chrome development team found and fixed various issues during internal auditing.
    last seen2020-06-01
    modified2020-06-02
    plugin id95667
    published2016-12-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95667
    titleDebian DSA-3731-1 : chromium-browser - security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2718.NASL
    descriptionAn update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 54.0.2840.100. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-5199, CVE-2016-5200, CVE-2016-5202, CVE-2016-5201)
    last seen2020-05-31
    modified2016-11-15
    plugin id94897
    published2016-11-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94897
    titleRHEL 6 : chromium-browser (RHSA-2016:2718)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-C5B2C9A435.NASL
    descriptionThis update updates QtWebEngine to the 5.8.0 release. QtWebEngine 5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.7.1: CVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199, CVE-2016-5201, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5208, CVE-2016-5207, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215. CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650 and CVE-2016-9651. Other immediately usable changes in QtWebEngine 5.8 include : - Based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75. (5.7.1 was based on Chromium 49.0.2623.111 with security fixes from Chromium up to version 54.0.2840.87.) - The `view-source:` scheme is now supported. - User scripts now support metadata (`@include`, `@exclude`, `@match`) as in Greasemonkey. - Some `chrome:` schemes now supported, for instance `chrome://gpu`. - Several bugs were fixed, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha nges-5.8.0 for details. The following changes in QtWebEngine 5.8 require compile-time application support and will only be available after applications are rebuilt (and patched to remove the checks for Qt 5.8, because Qt is still version 5.7.1, only QtWebEngine is being updated) : - Spellchecking with a forked version of Hunspell. This Fedora package automatically converts system Hunspell dictionaries (installed by system RPMs into the systemwide location) to the Chromium `bdic` format used by QtWebEngine (using an RPM file trigger). If you wish to use dictionaries installed manually, use the included `qwebengine_convert_dict` tool. Alternatively, you can also download dictionaries directly in the Chromium `bdic` format. - Support for printing directly to a printer. (Note that QupZilla already supports printing to a printer, because it can use the printToPdf API that has existed since QtWebEngine 5.7 to print to a printer with the help of the `lpr` command-line tool. But other applications such as KMail require the new direct printing API.) - Added a setting to enable printing of CSS backgrounds. The following new QML APIs are available to developers : - Tooltips (HTML5 global title attribute) are now also supported in the QML API. - Qt WebEngine (QML) allows defining custom dialogs / context menus. - Qt WebEngine (QML) on `eglfs` uses builtin dialogs based on Qt Quick Controls 2. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-17
    plugin id101716
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101716
    titleFedora 26 : qt5-qtwebengine (2017-c5b2c9a435)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3133-1.NASL
    descriptionMultiple security vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5198, CVE-2016-5200, CVE-2016-5202) A heap-corruption issue was discovered in FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5199). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id95466
    published2016-12-02
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95466
    titleUbuntu 14.04 LTS / 16.04 LTS / 16.10 : oxide-qt vulnerabilities (USN-3133-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_54_0_2840_98.NASL
    descriptionThe version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 54.0.2840.98. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in the FFmpeg component due to an integer overflow condition in the mov_read_keys() function in mov.c caused by improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted content, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5199) - A denial of service vulnerability exists in the V8 component due to an out-of-bounds read error that is triggered when handling
    last seen2020-06-01
    modified2020-06-02
    plugin id94677
    published2016-11-10
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94677
    titleGoogle Chrome < 54.0.2840.98 Multiple Vulnerabilities (macOS)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1292.NASL
    descriptionThis update to Chromium 54.0.2840.100 fixes the following vulnerabilities : - CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892) - CVE-2016-5200: out of bounds memory access in v8 (boo#1009893) - CVE-2016-5201: info leak in extensions (boo#1009894) - CVE-2016-5202: various fixes from internal audits (boo#1009895)
    last seen2020-06-05
    modified2016-11-15
    plugin id94894
    published2016-11-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94894
    titleopenSUSE Security Update : Chromium (openSUSE-2016-1292)
  • NASL familyWindows
    NASL idGOOGLE_CHROME_54_0_2840_99.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 54.0.2840.99. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in the FFmpeg component due to an integer overflow condition in the mov_read_keys() function in mov.c caused by improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted content, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5199) - A denial of service vulnerability exists in the V8 component due to an out-of-bounds read error that is triggered when handling
    last seen2020-06-01
    modified2020-06-02
    plugin id94676
    published2016-11-10
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94676
    titleGoogle Chrome < 54.0.2840.99 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-AE1FDE5FB8.NASL
    descriptionThis update updates QtWebEngine to the 5.8.0 release. QtWebEngine 5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.7.1: CVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199, CVE-2016-5201, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5208, CVE-2016-5207, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215. CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650 and CVE-2016-9651. Other immediately usable changes in QtWebEngine 5.8 include : - Based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75. (5.7.1 was based on Chromium 49.0.2623.111 with security fixes from Chromium up to version 54.0.2840.87.) - The `view-source:` scheme is now supported. - User scripts now support metadata (`@include`, `@exclude`, `@match`) as in Greasemonkey. - Some `chrome:` schemes now supported, for instance `chrome://gpu`. - Several bugs were fixed, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha nges-5.8.0 for details. The following changes in QtWebEngine 5.8 require compile-time application support and will only be available after applications are rebuilt (and patched to remove the checks for Qt 5.8, because Qt is still version 5.7.1, only QtWebEngine is being updated) : - Spellchecking with a forked version of Hunspell. This Fedora package automatically converts system Hunspell dictionaries (installed by system RPMs into the systemwide location) to the Chromium `bdic` format used by QtWebEngine (using an RPM file trigger). If you wish to use dictionaries installed manually, use the included `qwebengine_convert_dict` tool. Alternatively, you can also download dictionaries directly in the Chromium `bdic` format. - Support for printing directly to a printer. (Note that QupZilla already supports printing to a printer, because it can use the printToPdf API that has existed since QtWebEngine 5.7 to print to a printer with the help of the `lpr` command-line tool. But other applications such as KMail require the new direct printing API.) - Added a setting to enable printing of CSS backgrounds. The following new QML APIs are available to developers : - Tooltips (HTML5 global title attribute) are now also supported in the QML API. - Qt WebEngine (QML) allows defining custom dialogs / context menus. - Qt WebEngine (QML) on `eglfs` uses builtin dialogs based on Qt Quick Controls 2. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-04-17
    plugin id99415
    published2017-04-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99415
    titleFedora 25 : qt5-qtwebengine (2017-ae1fde5fb8)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-E0E1CB2B2B.NASL
    descriptionUpdate to Chromium 55. Security fix for CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202, CVE-2016-9651, CVE-2016-5208, CVE-2016-5207, CVE-2016-5206, CVE-2016-5205, CVE-2016-5204, CVE-2016-5209, CVE-2016-5203, CVE-2016-5210, CVE-2016-5212, CVE-2016-5211, CVE-2016-5213, CVE-2016-5214, CVE-2016-5216, CVE-2016-5215, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5220, CVE-2016-5222, CVE-2016-9650, CVE-2016-5223, CVE-2016-5226, CVE-2016-5225, CVE-2016-5224, CVE-2016-9652 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-12-16
    plugin id95906
    published2016-12-16
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95906
    titleFedora 24 : chromium (2016-e0e1cb2b2b)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A3473F5AA73911E6AFAAE8E0B747A45A.NASL
    descriptionGoogle Chrome Releases reports : 4 security fixes in this release, including : - [643948] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to Paul Mehta - [658114] High CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han - [660678] Medium CVE-2016-5201: Info leak in extensions. Credit to Rob Wu - [662843] CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives
    last seen2020-06-01
    modified2020-06-02
    plugin id94693
    published2016-11-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94693
    titleFreeBSD : chromium -- multiple vulnerabilities (a3473f5a-a739-11e6-afaa-e8e0b747a45a)

Redhat

advisories
rhsa
idRHSA-2016:2718
rpms
  • chromium-browser-0:54.0.2840.100-1.el6
  • chromium-browser-debuginfo-0:54.0.2840.100-1.el6