Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 3776-1 (chromium-browser - security update)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5006 Mariusz Mlynski discovered a cross-site scripting issue. CVE-2017-5007 Mariusz Mlynski discovered another cross-site scripting issue. CVE-2017-5008 Mariusz Mlynski discovered a third cross-site scripting issue. CVE-2017-5009 Sean Stanek and Chip Bradford discovered an out-of-bounds memory issue in the webrtc library. CVE-2017-5010 Mariusz Mlynski discovered a fourth cross-site scripting issue. CVE-2017-5011 Khalil Zhani discovered a way to access unauthorized files in the developer tools. CVE-2017-5012 Gergely Nagy discovered a heap overflow issue in the v8 javascript library. CVE-2017-5013 Haosheng Wang discovered a URL spoofing issue. CVE-2017-5014 sweetchip discovered a heap overflow issue in the skia library. CVE-2017-5015 Armin Razmdjou discovered a URL spoofing issue. CVE-2017-5016 Haosheng Wang discovered another URL spoofing issue. CVE-2017-5017 danberm discovered an uninitialized memory issue in support for webm video files. CVE-2017-5018 Rob Wu discovered a cross-site scripting issue. CVE-2017-5019 Wadih Matar discovered a use-after-free issue. CVE-2017-5020 Rob Wu discovered another cross-site scripting issue. CVE-2017-5021 Rob Wu discovered a use-after-free issue in extensions. CVE-2017-5022 PKAV Team discovered a way to bypass the Content Security Policy. CVE-2017-5023 UK's National Cyber Security Centre (NCSC) discovered a type confusion issue. CVE-2017-5024 Paul Mehta discovered a heap overflow issue in the ffmpeg library. CVE-2017-5025 Paul Mehta discovered another heap overflow issue in the ffmpeg library. CVE-2017-5026 Ronni Skansing discovered a user interface spoofing issue.
Affected Software
Affected Software
chromium-browser on Debian Linux
Detection Method
Detection Method
This check tests the installed software version using the apt package manager.
Solution
Solution
For the stable distribution (jessie), these problems have been fixed in version 56.0.2924.76-1~deb8u1. For the testing (stretch) and unstable (sid) distributions, these problems will be fixed soon. We recommend that you upgrade your chromium-browser packages.