SB2017121202 - Debian update for chromium-browser
Published: December 12, 2017 Updated: July 1, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2017-15407)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write in QUIC. A remote attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
2) Heap-based buffer overflow (CVE-ID: CVE-2017-15408)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
3) Out-of-bounds write (CVE-ID: CVE-2017-15409)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds write in Skia. A remote attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
4) Use-after-free error (CVE-ID: CVE-2017-15410)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
5) Use-after-free error (CVE-ID: CVE-2017-15411)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
6) Type confusion (CVE-ID: CVE-2017-15413)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion in WebAssembly. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
7) Information disclosure (CVE-ID: CVE-2017-15415)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to pointer information disclosure in IPC call. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary data from system memory.
Successful exploitation of the vulnerability results in information disclosure.
8) Out-of-bounds read (CVE-ID: CVE-2017-15416)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to out-of-bounds read in Blink. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary data from system memory.
Successful exploitation of the vulnerability results in information disclosure.
9) Information disclosure (CVE-ID: CVE-2017-15417)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to cross origin information disclosure in Skia. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary data from system memory.
Successful exploitation of the vulnerability results in information disclosure.
10) Information disclosure (CVE-ID: CVE-2017-15418)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to use of uninitialized value in Skia. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary data from system memory.
Successful exploitation of the vulnerability results in information disclosure.
11) Memory leak (CVE-ID: CVE-2017-15419)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to cross origin leak of redirect URL in Blink. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary data from system memory.
Successful exploitation of the vulnerability results in information disclosure.
12) Spoofing attack (CVE-ID: CVE-2017-15420)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.
Successful exploitation of the vulnerability results in address spoofing.
13) Security restrictions bypass (CVE-ID: CVE-2017-15423)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to an issue with SPAKE implementation in BoringSSL. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions.
14) Spoofing attack (CVE-ID: CVE-2017-15424)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.
Successful exploitation of the vulnerability results in address spoofing.
15) Spoofing attack (CVE-ID: CVE-2017-15425)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.
Successful exploitation of the vulnerability results in address spoofing.
16) Spoofing attack (CVE-ID: CVE-2017-15426)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.
Successful exploitation of the vulnerability results in address spoofing.
17) Security restrictions bypass (CVE-ID: CVE-2017-15427)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to insufficient blocking of JavaScript in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions.
Remediation
Install update from vendor's website.