Test ID:	1.3.6.1.4.1.25623.1.0.704330
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-4330-1)
Summary:	The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-4330-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'chromium-browser' package(s) announced via the DSA-4330-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in the chromium web browser. CVE-2018-5179 Yannic Boneberger discovered an error in the ServiceWorker implementation. CVE-2018-17462 Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox. CVE-2018-17463 Ned Williamson and Niklas Baumstark discovered a remote code execution issue in the v8 javascript library. CVE-2018-17464 xisigr discovered a URL spoofing issue. CVE-2018-17465 Lin Zuojian discovered a use-after-free issue in the v8 javascript library. CVE-2018-17466 Omair discovered a memory corruption issue in the angle library. CVE-2018-17467 Khalil Zhani discovered a URL spoofing issue. CVE-2018-17468 Jams Lee discovered an information disclosure issue. CVE-2018-17469 Zhen Zhou discovered a buffer overflow issue in the pdfium library. CVE-2018-17470 Zhe Jin discovered a memory corruption issue in the GPU backend implementation. CVE-2018-17471 Lnyas Zhang discovered an issue with the full screen user interface. CVE-2018-17473 Khalil Zhani discovered a URL spoofing issue. CVE-2018-17474 Zhe Jin discovered a use-after-free issue. CVE-2018-17475 Vladimir Metnew discovered a URL spoofing issue. CVE-2018-17476 Khalil Zhani discovered an issue with the full screen user interface. CVE-2018-17477 Aaron Muir Hamilton discovered a user interface spoofing issue in the extensions pane. This update also fixes a buffer overflow in the embedded lcms library included with chromium. For the stable distribution (stretch), these problems have been fixed in version 70.0.3538.67-1~ deb9u1. We recommend that you upgrade your chromium-browser packages. For the detailed security status of chromium-browser please refer to its security tracker page at: [link moved to references] Affected Software/OS: 'chromium-browser' package(s) on Debian 9. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-17462 BugTraq ID: 105666 http://www.securityfocus.com/bid/105666 Debian Security Information: DSA-4330 (Google Search) https://www.debian.org/security/2018/dsa-4330 https://security.gentoo.org/glsa/201811-10 https://crbug.com/888926 RedHat Security Advisories: RHSA-2018:3004 https://access.redhat.com/errata/RHSA-2018:3004 Common Vulnerability Exposure (CVE) ID: CVE-2018-17463 http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html https://crbug.com/888923 Common Vulnerability Exposure (CVE) ID: CVE-2018-17464 https://crbug.com/887273 Common Vulnerability Exposure (CVE) ID: CVE-2018-17465 https://crbug.com/870226 Common Vulnerability Exposure (CVE) ID: CVE-2018-17466 BugTraq ID: 106168 http://www.securityfocus.com/bid/106168 Debian Security Information: DSA-4354 (Google Search) https://www.debian.org/security/2018/dsa-4354 Debian Security Information: DSA-4362 (Google Search) https://www.debian.org/security/2019/dsa-4362 https://crbug.com/880906 https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html RedHat Security Advisories: RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3831 RedHat Security Advisories: RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2018:3833 RedHat Security Advisories: RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0159 RedHat Security Advisories: RHSA-2019:0160 https://access.redhat.com/errata/RHSA-2019:0160 https://usn.ubuntu.com/3844-1/ https://usn.ubuntu.com/3868-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-17467 https://crbug.com/844881 Common Vulnerability Exposure (CVE) ID: CVE-2018-17468 https://crbug.com/876822 Common Vulnerability Exposure (CVE) ID: CVE-2018-17469 https://crbug.com/880675 Common Vulnerability Exposure (CVE) ID: CVE-2018-17470 https://crbug.com/877874 Common Vulnerability Exposure (CVE) ID: CVE-2018-17471 https://crbug.com/873080 Common Vulnerability Exposure (CVE) ID: CVE-2018-17472 https://crbug.com/822518 Common Vulnerability Exposure (CVE) ID: CVE-2018-17473 https://crbug.com/882078 Common Vulnerability Exposure (CVE) ID: CVE-2018-17474 https://crbug.com/843151 Common Vulnerability Exposure (CVE) ID: CVE-2018-17475 https://crbug.com/852634 Common Vulnerability Exposure (CVE) ID: CVE-2018-17476 https://crbug.com/812769 Common Vulnerability Exposure (CVE) ID: CVE-2018-17477 https://crbug.com/863703 Common Vulnerability Exposure (CVE) ID: CVE-2018-20071 https://crbug.com/853937 Common Vulnerability Exposure (CVE) ID: CVE-2018-5179 https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.