Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 3926-1 (chromium-browser - security update)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5087 Ned Williamson discovered a way to escape the sandbox. CVE-2017-5088 Xiling Gong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2017-5089 Michal Bentkowski discovered a spoofing issue. CVE-2017-5091 Ned Williamson discovered a use-after-free issue in IndexedDB. CVE-2017-5092 Yu Zhou discovered a use-after-free issue in PPAPI. CVE-2017-5093 Luan Herrera discovered a user interface spoofing issue. CVE-2017-5094 A type confusion issue was discovered in extensions. CVE-2017-5095 An out-of-bounds write issue was discovered in the pdfium library. CVE-2017-5097 An out-of-bounds read issue was discovered in the skia library. CVE-2017-5098 Jihoon Kim discover a use-after-free issue in the v8 javascript library. CVE-2017-5099 Yuan Deng discovered an out-of-bounds write issue in PPAPI. CVE-2017-5100 A use-after-free issue was discovered in Chrome Apps. CVE-2017-5101 Luan Herrera discovered a URL spoofing issue. CVE-2017-5102 An uninitialized variable was discovered in the skia library. CVE-2017-5103 Another uninitialized variable was discovered in the skia library. CVE-2017-5104 Khalil Zhani discovered a user interface spoofing issue. CVE-2017-5105 Rayyan Bijoora discovered a URL spoofing issue. CVE-2017-5106 Jack Zac discovered a URL spoofing issue. CVE-2017-5107 David Kohlbrenner discovered an information leak in SVG file handling. CVE-2017-5108 Guang Gong discovered a type confusion issue in the pdfium library. CVE-2017-5109 Jose Maria Acuna Morgado discovered a user interface spoofing issue. CVE-2017-5110 xisigr discovered a way to spoof the payments dialog. CVE-2017-7000 Chaitin Security Research Lab discovered an information disclosure issue in the sqlite library.
Affected Software
Affected Software
chromium-browser on Debian Linux
Detection Method
Detection Method
This check tests the installed software version using the apt package manager.
Solution
Solution
For the stable distribution (stretch), these problems have been fixed in version 60.0.3112.78-1~deb9u1. For the unstable distribution (sid), these problems have been fixed in version 60.0.3112.78-1 or earlier versions. We recommend that you upgrade your chromium-browser packages.
Common Vulnerabilities and Exposures (CVE)
- CVE-2017-5087
- CVE-2017-5088
- CVE-2017-5089
- CVE-2017-5091
- CVE-2017-5092
- CVE-2017-5093
- CVE-2017-5094
- CVE-2017-5095
- CVE-2017-5097
- CVE-2017-5098
- CVE-2017-5099
- CVE-2017-5100
- CVE-2017-5101
- CVE-2017-5102
- CVE-2017-5103
- CVE-2017-5104
- CVE-2017-5105
- CVE-2017-5106
- CVE-2017-5107
- CVE-2017-5108
- CVE-2017-5109
- CVE-2017-5110
- CVE-2017-7000