The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Chromium

vulnerability announce CVE-2017-15429

Chrome: Cross Site Scripting of V8

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of V8, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 15/12/2017.
Identifiers: CERTFR-2017-AVI-475, CVE-2017-15429, DSA-4103-1, FEDORA-2017-c2645aa935, FEDORA-2017-ea44f172e3, FEDORA-2018-024afa2d48, FEDORA-2018-44e1c23700, openSUSE-SU-2017:3344-1, openSUSE-SU-2017:3346-1, RHSA-2017:3479-01, VIGILANCE-VUL-24782.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of V8, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-15412

libxml2: use after free via xmlXPathCompOpEvalPositionalPredicate

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via xmlXPathCompOpEvalPositionalPredicate() of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Chrome, libxml, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 13/12/2017.
Identifiers: CVE-2017-15412, DLA-1211-1, DSA-4064-1, DSA-4086-1, FEDORA-2017-c2645aa935, FEDORA-2017-ea44f172e3, FEDORA-2018-faff5f661e, openSUSE-SU-2017:3244-1, openSUSE-SU-2017:3245-1, openSUSE-SU-2018:0418-1, RHSA-2017:3401-01, USN-3513-1, USN-3513-2, VIGILANCE-VUL-24762.

Description of the vulnerability

An attacker can force the usage of a freed memory area via xmlXPathCompOpEvalPositionalPredicate() of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-5130

libxml2: memory corruption

Synthesis of the vulnerability

An attacker can generate a memory corruption of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Chrome, openSUSE Leap, Opera, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/11/2017.
Identifiers: CVE-2017-5130, DLA-1188-1, openSUSE-SU-2017:3245-1, openSUSE-SU-2018:0418-1, VIGILANCE-VUL-24523.

Description of the vulnerability

An attacker can generate a memory corruption of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-15398 CVE-2017-15399

Google Chrome: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 07/11/2017.
Identifiers: CERTFR-2017-AVI-395, CVE-2017-15398, CVE-2017-15399, DSA-4024-1, FEDORA-2017-f2f3fa09e3, openSUSE-SU-2017:2953-1, openSUSE-SU-2017:3245-1, RHSA-2017:3151-01, VIGILANCE-VUL-24361.

Description of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-15396

V8: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of V8, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 27/10/2017.
Identifiers: CERTFR-2017-AVI-382, CVE-2017-15396, DSA-4020-1, FEDORA-2018-faff5f661e, openSUSE-SU-2017:2902-1, openSUSE-SU-2017:3245-1, RHSA-2017:3082-01, VIGILANCE-VUL-24258.

Description of the vulnerability

An attacker can generate a buffer overflow of V8, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-15386 CVE-2017-15387 CVE-2017-15388

Google Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 19.
Creation date: 18/10/2017.
Identifiers: CERTFR-2017-AVI-364, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395, CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5131, CVE-2017-5132, CVE-2017-5133, DSA-4020-1, FEDORA-2017-15b815b9b7, FEDORA-2017-4d90e9fc97, FEDORA-2017-9015553e3d, FEDORA-2017-f2f3fa09e3, FG-VD-17-154, openSUSE-SU-2017:2902-1, openSUSE-SU-2017:3245-1, RHSA-2017:2997-01, VIGILANCE-VUL-24168.

Description of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-5121 CVE-2017-5122

Google Chrome: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/09/2017.
Identifiers: CERTFR-2017-AVI-318, CVE-2017-5121, CVE-2017-5122, DSA-3985-1, FEDORA-2017-efeb59171d, openSUSE-SU-2017:2557-1, openSUSE-SU-2017:2558-1, RHSA-2017:2792-01, VIGILANCE-VUL-23907.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can generate a memory corruption via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-5121]

An attacker can generate a memory corruption via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-5122]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-5111 CVE-2017-5112 CVE-2017-5113

Google Chrome: multiple vulnerabilities of September 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 06/09/2017.
Identifiers: CERTFR-2017-AVI-284, CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120, DSA-3985-1, FEDORA-2017-4f9bb0861b, FEDORA-2017-580f91f6b0, FEDORA-2017-9a7e562fca, FEDORA-2017-efeb59171d, openSUSE-SU-2017:2482-1, openSUSE-SU-2017:2491-1, RHSA-2017:2676-01, VIGILANCE-VUL-23742.

Description of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-7000

SQLite: information disclosure via Pointer Disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Pointer Disclosure of SQLite, in order to obtain sensitive information.
Impacted products: Mac OS X, Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SQLite, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 16/08/2017.
Identifiers: 1475207, CVE-2017-7000, DSA-3926-1, FEDORA-2017-571e659c85, FEDORA-2017-5f2b220c7c, FEDORA-2017-c708c044e3, FEDORA-2017-f79ae2b96f, HT207797, openSUSE-SU-2017:1993-1, openSUSE-SU-2017:1994-1, RHSA-2017:1833-01, VIGILANCE-VUL-23528.

Description of the vulnerability

An attacker can bypass access restrictions to data via Pointer Disclosure of SQLite, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-5091 CVE-2017-5092 CVE-2017-5093

Google Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 20.
Creation date: 26/07/2017.
Identifiers: CERTFR-2017-AVI-236, CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, DSA-3926-1, FEDORA-2017-4f9bb0861b, FEDORA-2017-580f91f6b0, FEDORA-2017-9a7e562fca, FEDORA-2017-c708c044e3, FEDORA-2017-f79ae2b96f, openSUSE-SU-2017:1993-1, openSUSE-SU-2017:1994-1, RHSA-2017:1833-01, VIGILANCE-VUL-23365.

Description of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Chromium: