Vulnerabilities > CVE-2017-5068 - Race Condition vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_58_0_3029_96.NASL description The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 58.0.3029.96. It is, therefore, affected by an unspecified race condition in the WebRTC component in frame_buffer2.cc that is triggered during the handling of frame orders. An unauthenticated, remote attacker can exploit this to have an unspecified impact. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 99996 published 2017-05-05 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99996 title Google Chrome < 58.0.3029.96 WebRTC Frame Order Handling Race Condition (macOS) NASL family Fedora Local Security Checks NASL id FEDORA_2017-E83C26A8C9.NASL description This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.8.0: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and CVE-2017-5069. Other important changes include : - Based on Chromium 56.0.2924.122 with security fixes from Chromium up to version 58.0.3029.96. (5.8.0 was based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75.) - [QTBUG-54650, QTBUG-59922] Accessibility is now disabled by default on Linux, like it is in Chrome, due to poor options for enabling it conditionally and its heavy performance impact. Set the environment variable `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it again. - [QTBUG-56531] Enabled `filesystem:` protocol handler. - [QTBUG-57720] Optimized incremental scene-graph rendering in particular for software rendering. - [QTBUG-60049] Enabled brotli support. - Many bug fixes, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha nges-5.9.0?h=5.9 for details. In addition, this build includes a fix for https://bugreports.qt.io/browse/QTBUG-61521 , a binary incompatibility in QtWebEngine 5.9.0 compared to 5.8.0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101740 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101740 title Fedora 26 : qt5-qtwebengine (2017-e83c26a8c9) NASL family Fedora Local Security Checks NASL id FEDORA_2017-811133DC2C.NASL description Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101668 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101668 title Fedora 26 : 1:chromium-native_client / chromium (2017-811133dc2c) NASL family Windows NASL id GOOGLE_CHROME_58_0_3029_96.NASL description The version of Google Chrome installed on the remote Windows host is prior to 58.0.3029.96. It is, therefore, affected by an unspecified race condition in the WebRTC component in frame_buffer2.cc that is triggered during the handling of frame orders. An unauthenticated, remote attacker can exploit this to have an unspecified impact. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 99995 published 2017-05-05 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99995 title Google Chrome < 58.0.3029.96 WebRTC Frame Order Handling Race Condition NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_92E345D0304D11E78359E8E0B747A45A.NASL description Google Chrome Releases reports : 1 security fix in this release : - [679306] High CVE-2017-5068: Race condition in WebRTC. Credit to Philipp Hancke last seen 2020-06-01 modified 2020-06-02 plugin id 99974 published 2017-05-04 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99974 title FreeBSD : chromium -- race condition vulnerability (92e345d0-304d-11e7-8359-e8e0b747a45a) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201706-20.NASL description The remote host is affected by the vulnerability described in GLSA-201706-20 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass security restrictions or spoof content. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 100946 published 2017-06-21 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100946 title GLSA-201706-20 : Chromium: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2017-7D698EBA8B.NASL description Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069 ---- Security fix for CVE-2017-5055, CVE-2017-5054, CVE-2017-5052, CVE-2017-5056, CVE-2017-5053 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-06-05 plugin id 100606 published 2017-06-05 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100606 title Fedora 24 : 1:chromium-native_client / chromium (2017-7d698eba8b) NASL family Fedora Local Security Checks NASL id FEDORA_2017-58CDE32413.NASL description This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.8.0: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5036, CVE-2017-5039, CVE-2017-5040, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046, CVE-2017-5052, CVE-2017-5053, CVE-2017-5055, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, and CVE-2017-5069. Other important changes include : - Based on Chromium 56.0.2924.122 with security fixes from Chromium up to version 58.0.3029.96. (5.8.0 was based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75.) - [QTBUG-54650, QTBUG-59922] Accessibility is now disabled by default on Linux, like it is in Chrome, due to poor options for enabling it conditionally and its heavy performance impact. Set the environment variable `QTWEBENGINE_ENABLE_LINUX_ACCESSIBILITY` to enable it again. - [QTBUG-56531] Enabled `filesystem:` protocol handler. - [QTBUG-57720] Optimized incremental scene-graph rendering in particular for software rendering. - [QTBUG-60049] Enabled brotli support. - Many bug fixes, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/cha nges-5.9.0?h=5.9 for details. In addition, this build includes a fix for https://bugreports.qt.io/browse/QTBUG-61521 , a binary incompatibility in QtWebEngine 5.9.0 compared to 5.8.0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-13 plugin id 101504 published 2017-07-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101504 title Fedora 25 : qt5-qtwebengine (2017-58cde32413) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-541.NASL description This update to Chromium 58.0.3029.96 fixes one security issue : - CVE-2017-5068: race condition in WebRTC (bsc#1037594) last seen 2020-06-05 modified 2017-05-08 plugin id 100019 published 2017-05-08 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100019 title openSUSE Security Update : Chromium (openSUSE-2017-541) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1228.NASL description An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 58.0.3029.96. Security Fix(es) : * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5068) last seen 2020-05-31 modified 2017-05-12 plugin id 100144 published 2017-05-12 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100144 title RHEL 6 : chromium-browser (RHSA-2017:1228) NASL family Fedora Local Security Checks NASL id FEDORA_2017-DC7CE3B314.NASL description Update to chromium 58. Move chrome-remote-desktop to user systemd service. Security fixes for CVE-2017-5068, CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-05-23 plugin id 100336 published 2017-05-23 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100336 title Fedora 25 : 1:chromium-native_client / chromium (2017-dc7ce3b314)
Redhat
advisories |
| ||||
rpms |
|
References
- http://www.securityfocus.com/bid/98288
- http://www.securityfocus.com/bid/98288
- https://access.redhat.com/errata/RHSA-2017:1228
- https://access.redhat.com/errata/RHSA-2017:1228
- https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html
- https://crbug.com/679306
- https://crbug.com/679306
- https://security.gentoo.org/glsa/201706-20
- https://security.gentoo.org/glsa/201706-20