SB2017110701 - Debian update for chromium-browser
Published: November 7, 2017 Updated: June 14, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 20 secuirty vulnerabilities.
1) Universal XSS (CVE-ID: CVE-2017-5124)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in the link modal due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary MHTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Heap-based buffer overflow (CVE-ID: CVE-2017-5125)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow in Skia. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
3) Use-after-free error (CVE-ID: CVE-2017-5126)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
4) Use-after-free error (CVE-ID: CVE-2017-5127)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
5) Heap-based buffer overflow (CVE-ID: CVE-2017-5128)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow in WebGLk. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
6) Use-after-free error (CVE-ID: CVE-2017-5129)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in WebAudio. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
7) Out-of-bounds write (CVE-ID: CVE-2017-5131)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to out-of-bounds write in Skia. A remote attacker can trick the victim into visiting a specially crafted website trigger out-of-bounds error and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
8) Memory corruption (CVE-ID: CVE-2017-5132)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to incorrect stack manipulation in WebAssembly. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
9) Out-of-bounds write (CVE-ID: CVE-2017-5133)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to out-of-bounds write in Skia. A remote attacker can trick the victim into visiting a specially crafted website trigger out-of-bounds error and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
10) Spoofing attack (CVE-ID: CVE-2017-15386)
The disclosed vulnerability allows a remote attacker to conduct spoofing attacks.
The vulnerability exists due to an error in Blink. A remote attacker can trick the victim into visiting a specially crafted website and spoof the UI.
11) Spoofing attack (CVE-ID: CVE-2017-15387)
The disclosed vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Blink. A remote attacker can trick the victim into visiting a specially crafted website and bypass content security restrictions.
12) Out-of-bounds read (CVE-ID: CVE-2017-15388)
The disclosed vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to out-of-bounds read in Skia. A remote attacker can trick the victim into visiting a specially crafted website and gain access to arbitrary data.
13) Spoofing attack (CVE-ID: CVE-2017-15389)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.
Successful exploitation of the vulnerability results in address spoofing.
14) Spoofing attack (CVE-ID: CVE-2017-15390)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.
Successful exploitation of the vulnerability results in address spoofing.
15) Security restrictions bypass (CVE-ID: CVE-2017-15391)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Extensions. A remote attacker can trick the victim into visiting a specially crafted website and bypass extension limitation.
16) Security restrictions bypass (CVE-ID: CVE-2017-15392)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to incorrect registry key handling in PlatformIntegration. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions.
17) Memory leak (CVE-ID: CVE-2017-15393)
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to referrer leak in Devtools. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary files on the target system.
18) Spoofing attack (CVE-ID: CVE-2017-15394)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to URL spoofing in extensions UI. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.
19) Null pointer dereference (CVE-ID: CVE-2017-15395)
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to null pointer dereference in ImageCapture. A remote attacker can trick the victim into visiting a specially crafted website, trigger null pointer dereference and cause the application to crash.
20) Stack-based buffer overflow (CVE-ID: CVE-2017-15396)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to stack-based buffer overflow in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the system to crash.
Remediation
Install update from vendor's website.