Test ID:	1.3.6.1.4.1.25623.1.0.703660
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-3660-1)
Summary:	The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-3660-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-3660-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5147 A cross-site scripting issue was discovered. CVE-2016-5148 Another cross-site scripting issue was discovered. CVE-2016-5149 Max Justicz discovered a script injection issue in extension handling. CVE-2016-5150 A use-after-free issue was discovered in Blink/Webkit. CVE-2016-5151 A use-after-free issue was discovered in the pdfium library. CVE-2016-5152 GiWan Go discovered a heap overflow issue in the pdfium library. CVE-2016-5153 Atte Kettunen discovered a use-after-destruction issue. CVE-2016-5154 A heap overflow issue was discovered in the pdfium library. CVE-2016-5155 An address bar spoofing issue was discovered. CVE-2016-5156 jinmo123 discovered a use-after-free issue. CVE-2016-5157 A heap overflow issue was discovered in the pdfium library. CVE-2016-5158 GiWan Go discovered a heap overflow issue in the pdfium library. CVE-2016-5159 GiWan Go discovered another heap overflow issue in the pdfium library. CVE-2016-5160 @l33terally discovered an extensions resource bypass. CVE-2016-5161 A type confusion issue was discovered. CVE-2016-5162 Nicolas Golubovic discovered an extensions resource bypass. CVE-2016-5163 Rafay Baloch discovered an address bar spoofing issue. CVE-2016-5164 A cross-site scripting issue was discovered in the developer tools. CVE-2016-5165 Gregory Panakkal discovered a script injection issue in the developer tools. CVE-2016-5166 Gregory Panakkal discovered an issue with the Save Page As feature. CVE-2016-5167 The chrome development team found and fixed various issues during internal auditing. For the stable distribution (jessie), these problems have been fixed in version 53.0.2785.89-1~ deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 53.0.2785.89-1. We recommend that you upgrade your chromium-browser packages. Affected Software/OS: 'chromium-browser' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5147 BugTraq ID: 92717 http://www.securityfocus.com/bid/92717 Debian Security Information: DSA-3660 (Google Search) http://www.debian.org/security/2016/dsa-3660 https://security.gentoo.org/glsa/201610-09 RedHat Security Advisories: RHSA-2016:1854 http://rhn.redhat.com/errata/RHSA-2016-1854.html http://www.securitytracker.com/id/1036729 SuSE Security Announcement: SUSE-SU-2016:2251 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html SuSE Security Announcement: openSUSE-SU-2016:2250 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html SuSE Security Announcement: openSUSE-SU-2016:2296 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html SuSE Security Announcement: openSUSE-SU-2016:2349 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5148 Common Vulnerability Exposure (CVE) ID: CVE-2016-5149 Common Vulnerability Exposure (CVE) ID: CVE-2016-5150 Common Vulnerability Exposure (CVE) ID: CVE-2016-5151 Common Vulnerability Exposure (CVE) ID: CVE-2016-5152 Debian Security Information: DSA-4013 (Google Search) http://www.debian.org/security/2017/dsa-4013 Common Vulnerability Exposure (CVE) ID: CVE-2016-5153 Common Vulnerability Exposure (CVE) ID: CVE-2016-5154 Common Vulnerability Exposure (CVE) ID: CVE-2016-5155 Common Vulnerability Exposure (CVE) ID: CVE-2016-5156 Common Vulnerability Exposure (CVE) ID: CVE-2016-5157 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/ http://www.openwall.com/lists/oss-security/2016/09/08/5 Common Vulnerability Exposure (CVE) ID: CVE-2016-5158 RedHat Security Advisories: RHSA-2017:0559 http://rhn.redhat.com/errata/RHSA-2017-0559.html RedHat Security Advisories: RHSA-2017:0838 http://rhn.redhat.com/errata/RHSA-2017-0838.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5159 Debian Security Information: DSA-3768 (Google Search) http://www.debian.org/security/2017/dsa-3768 Common Vulnerability Exposure (CVE) ID: CVE-2016-5160 Common Vulnerability Exposure (CVE) ID: CVE-2016-5161 http://zerodayinitiative.com/advisories/ZDI-16-501/ Common Vulnerability Exposure (CVE) ID: CVE-2016-5162 Common Vulnerability Exposure (CVE) ID: CVE-2016-5163 https://crbug.com/495933 Common Vulnerability Exposure (CVE) ID: CVE-2016-5164 Common Vulnerability Exposure (CVE) ID: CVE-2016-5165 Common Vulnerability Exposure (CVE) ID: CVE-2016-5166 Common Vulnerability Exposure (CVE) ID: CVE-2016-5167
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.