The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Chrome: multiple vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this bulletin: 3/4.
Number of vulnerabilities in this bulletin: 28.
Creation date: 02/12/2016.
Revisions dates: 01/02/2017, 15/06/2017.
Références of this threat: 1000, 994, CERTFR-2016-AVI-394, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652, DSA-3731-1, FEDORA-2016-a815b7bf5d, FEDORA-2016-e0e1cb2b2b, FEDORA-2017-98bed96d12, FEDORA-2017-ae1fde5fb8, openSUSE-SU-2016:3108-1, openSUSE-SU-2017:0434-1, openSUSE-SU-2017:0563-1, openSUSE-SU-2017:0565-1, RHSA-2016:2919-01, USN-3153-1, VIGILANCE-VUL-21255.

Description of the vulnerability 

Several vulnerabilities were announced in Chrome.

An attacker can bypass security features via V8, in order to obtain sensitive information. [severity:3/4; CVE-2016-9651]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5208]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5207]

An attacker can bypass the origin check via PDFium, in order to access to victim's data. [severity:3/4; CVE-2016-5206]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5205]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5204]

An attacker can generate a buffer overflow via Blink, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5209]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5203]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5210]

An attacker can bypass security features via DevTools, in order to obtain sensitive information. [severity:3/4; CVE-2016-5212]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5211]

An attacker can force the usage of a freed memory area via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5213]

An attacker can bypass security features via File Download, in order to obtain sensitive information. [severity:2/4; CVE-2016-5214]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5216]

An attacker can force the usage of a freed memory area via Webaudio, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5215]

An attacker can generate a memory corruption via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5217]

An attacker can alter displayed information via Omnibox, in order to deceive the victim. [severity:2/4; CVE-2016-5218]

An attacker can force the usage of a freed memory area via V8, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-21621). [severity:2/4; CVE-2016-5219]

An attacker can generate an integer overflow via ANGLE, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5221]

An attacker can bypass file access restrictions via PDFium, in order to obtain sensitive information. [severity:2/4; CVE-2016-5220]

An attacker can alter displayed information via Omnibox, in order to deceive the victim. [severity:2/4; CVE-2016-5222]

An attacker can bypass security features via CSP Referrer, in order to obtain sensitive information. [severity:1/4; CVE-2016-9650]

An attacker can generate an integer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2016-5223]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:1/4; CVE-2016-5226]

An attacker can bypass security features via Blink, in order to obtain sensitive information. [severity:1/4; CVE-2016-5225]

An attacker can bypass the origin check via SVG, in order to access to victim's data. [severity:1/4; CVE-2016-5224]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9652]

An unknown vulnerability was announced via HTMLKeygenElement::shadowSelect(). [severity:2/4; 994]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness alert impacts software or systems such as Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this weakness note is important.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 28 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this weakness bulletin.

Solutions for this threat 

Chrome: version 55.0.2883.75.
The version 55.0.2883.75 is fixed:
  https://www.google.com/chrome/

Debian 8: new chromium-browser packages.
New packages are available:
  Debian 8: chromium-browser 55.0.2883.75-1~deb8u1

Fedora: new chromium packages.
New packages are available:
  Fedora 25: chromium 55.0.2883.87-1.fc25
  Fedora 24: chromium 55.0.2883.87-1.fc24

Fedora: new qt5-qtwebengine packages.
New packages are available:
  Fedora 24: qt5-qtwebengine 5.6.3-0.1.20170712gitee719ad313e564.fc24
  Fedora 25: qt5-qtwebengine 5.8.0-8.fc25

openSUSE Leap: new opera packages.
New packages are available:
  openSUSE Leap 42.1: opera 43.0.2442.806-58.1
  openSUSE Leap 42.2: opera 43.0.2442.806-21.1

openSUSE: new chromium packages.
New packages are available:
  openSUSE Leap 42.2: chromium 55.0.2883.75-99.2
  openSUSE Leap 42.1: chromium 55.0.2883.75-99.2
  openSUSE 13.2: chromium 55.0.2883.75-148.1

Opera: version 42.
The version 42 is fixed:
  http://www.opera.com/computer/thanks?ni=stable&os=windows

Opera: version 43.
The version 43 is fixed:
  https://www.opera.com/

RHEL 6: new chromium-browser packages.
New packages are available:
  RHEL 6: chromium-browser 55.0.2883.75-1.el6

SUSE LE 12: new chromium packages.
New packages are available:
  SUSE LE 12 RTM-SP2: chrome 56.0.2924.87-5.1

Ubuntu: new liboxideqtcore0 packages.
New packages are available:
  Ubuntu 16.10: liboxideqtcore0 1.19.4-0ubuntu0.16.10.1
  Ubuntu 16.04 LTS: liboxideqtcore0 1.19.4-0ubuntu0.16.04.1
  Ubuntu 14.04 LTS: liboxideqtcore0 1.19.4-0ubuntu0.14.04.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a networks vulnerabilities announce. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.