SB2017121813 - Fedora 26 update for chromium 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017121813

SB2017121813 - Fedora 26 update for chromium

Published: December 18, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017121813
Severity
High
Patch available
YES
Number of vulnerabilities 42
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 43% Low 57%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 42 secuirty vulnerabilities.


1) Use-after-free error (CVE-ID: CVE-2017-15412)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in libXML. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

2) Integer overflow (CVE-ID: CVE-2017-15422)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to integer overflow in ICU. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

3) Out-of-bounds write (CVE-ID: CVE-2017-15407)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write in QUIC. A remote attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

4) Heap-based buffer overflow (CVE-ID: CVE-2017-15408)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

5) Out-of-bounds write (CVE-ID: CVE-2017-15409)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write in Skia. A remote attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

6) Use-after-free error (CVE-ID: CVE-2017-15410)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

7) Use-after-free error (CVE-ID: CVE-2017-15411)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

8) Type confusion (CVE-ID: CVE-2017-15413)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion in WebAssembly. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

9) Information disclosure (CVE-ID: CVE-2017-15415)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to pointer information disclosure in IPC call. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary data from system memory.

Successful exploitation of the vulnerability results in information disclosure.

10) Out-of-bounds read (CVE-ID: CVE-2017-15416)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to out-of-bounds read in Blink. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary data from system memory.

Successful exploitation of the vulnerability results in information disclosure.

11) Information disclosure (CVE-ID: CVE-2017-15417)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to cross origin information disclosure in Skia. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary data from system memory.

Successful exploitation of the vulnerability results in information disclosure.

12) Information disclosure (CVE-ID: CVE-2017-15418)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to use of uninitialized value in Skia. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary data from system memory.

Successful exploitation of the vulnerability results in information disclosure.

13) Memory leak (CVE-ID: CVE-2017-15419)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to cross origin leak of redirect URL in Blink. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary data from system memory.

Successful exploitation of the vulnerability results in information disclosure.

14) Spoofing attack (CVE-ID: CVE-2017-15420)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.

Successful exploitation of the vulnerability results in address spoofing.


15) Security restrictions bypass (CVE-ID: CVE-2017-15423)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an issue with SPAKE implementation in BoringSSL. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions.

16) Spoofing attack (CVE-ID: CVE-2017-15424)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.

Successful exploitation of the vulnerability results in address spoofing.


17) Spoofing attack (CVE-ID: CVE-2017-15425)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.

Successful exploitation of the vulnerability results in address spoofing.


18) Spoofing attack (CVE-ID: CVE-2017-15426)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.

Successful exploitation of the vulnerability results in address spoofing.


19) Security restrictions bypass (CVE-ID: CVE-2017-15427)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to insufficient blocking of JavaScript in Omnibox. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions.

20) Universal cross-site scripting (CVE-ID: CVE-2017-15429)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in V8 due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


21) Stack-based buffer overflow (CVE-ID: CVE-2017-15398)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow in QUIC. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

22) Use-after-free error (CVE-ID: CVE-2017-15399)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

23) Spoofing attack (CVE-ID: CVE-2017-15386)

The disclosed vulnerability allows a remote attacker to conduct spoofing attacks.

The vulnerability exists due to an error in Blink. A remote attacker can trick the victim into visiting a specially crafted website and spoof the UI.


24) Spoofing attack (CVE-ID: CVE-2017-15387)

The disclosed vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to an error in Blink. A remote attacker can trick the victim into visiting a specially crafted website and bypass content security restrictions.


25) Out-of-bounds read (CVE-ID: CVE-2017-15388)

The disclosed vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to out-of-bounds read in Skia. A remote attacker can trick the victim into visiting a specially crafted website and gain access to arbitrary data.


26) Spoofing attack (CVE-ID: CVE-2017-15389)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.

Successful exploitation of the vulnerability results in address spoofing.


27) Spoofing attack (CVE-ID: CVE-2017-15390)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to URL spoofing in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.

Successful exploitation of the vulnerability results in address spoofing.


28) Security restrictions bypass (CVE-ID: CVE-2017-15391)

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to an error in Extensions. A remote attacker can trick the victim into visiting a specially crafted website and bypass extension limitation.


29) Security restrictions bypass (CVE-ID: CVE-2017-15392)

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to incorrect registry key handling in PlatformIntegration. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions.


30) Memory leak (CVE-ID: CVE-2017-15393)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to referrer leak in Devtools. A remote attacker can trick the victim into visiting a specially crafted website and read arbitrary files on the target system.


31) Spoofing attack (CVE-ID: CVE-2017-15394)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to URL spoofing in extensions UI. A remote attacker can trick the victim into visiting a specially crafted website and conduct domain spoofing attacks.


32) Null pointer dereference (CVE-ID: CVE-2017-15395)

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to null pointer dereference in ImageCapture. A remote attacker can trick the victim into visiting a specially crafted website, trigger null pointer dereference and cause the application to crash.


33) Universal XSS (CVE-ID: CVE-2017-5124)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the link modal due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary MHTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


34) Heap-based buffer overflow (CVE-ID: CVE-2017-5125)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in Skia. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

35) Use-after-free error (CVE-ID: CVE-2017-5126)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

36) Use-after-free error (CVE-ID: CVE-2017-5127)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in PDFium. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

37) Out-of-bounds write (CVE-ID: CVE-2017-5133)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write in Skia. A remote attacker can trick the victim into visiting a specially crafted website trigger out-of-bounds error and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

38) Out-of-bounds write (CVE-ID: CVE-2017-5131)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds write in Skia. A remote attacker can trick the victim into visiting a specially crafted website trigger out-of-bounds error and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

39) Heap-based buffer overflow (CVE-ID: CVE-2017-5130)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in libxml2. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

40) Memory corruption (CVE-ID: CVE-2017-5132)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to incorrect stack manipulation in WebAssembly. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

41) Use-after-free error (CVE-ID: CVE-2017-5129)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in WebAudio. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

42) Heap-based buffer overflow (CVE-ID: CVE-2017-5128)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in WebGLk. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References