6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.816 High
EPSS
Percentile
98.4%
Severity: Critical
Date : 2017-03-11
CVE-ID : CVE-2017-5029 CVE-2017-5030 CVE-2017-5031 CVE-2017-5032
CVE-2017-5033 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036
CVE-2017-5037 CVE-2017-5038 CVE-2017-5039 CVE-2017-5040
CVE-2017-5042 CVE-2017-5043 CVE-2017-5044 CVE-2017-5045
CVE-2017-5046
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-197
The package chromium before version 57.0.2987.98-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing,
access restriction bypass and information disclosure.
Upgrade to 57.0.2987.98-1.
The problems have been fixed upstream in version 57.0.2987.98.
None.
An integer overflow issue has been found in libxslt, leading to an out
of bounds write on 64-bit systems.
A memory corruption flaw was found in the V8 component of the Chromium
browser.
A use-after-free flaw has been found in the ANGLE component of the
Chromium browser.
An out of bounds write flaw has been found in the PDFium component of
the Chromium browser.
A flaw allowing to bypass the content security policy has been found in
the Blink component of the Chromium browser.
A use after free flaw has been found in the PDFium component of the
Chromium browser.
An incorrect security ui flaw was found in the Omnibox component of the
Chromium browser.
A use after free flaw has been found in the PDFium component of the
Chromium browser.
Multiple out of bounds writes have been found in the ChunkDemuxer
component of the Chromium browser.
A use after free flaw has been found in the GuestView component of the
Chromium browser.
A use after free flaw has been found in the PDFium component of the
Chromium browser.
An information disclosure flaw has been found in the V8 component of
the Chromium browser.
An issue resulting from incorrect handling of cookies has been found in
the Cast component of the Chromium browser.
A use after free flaw has been found in the GuestView component of the
Chromium browser.
A heap overflow flaw has been found in the Skia component of the
Chromium browser.
An information disclosure flaw has been found in the XSS Auditor
component of the Chromium browser.
An information disclosure flaw has been found in the Blink component of
the Chromium browser.
A remote attacker can spoof an address in omnibox, bypass the content
security policy, access sensitive information and execute arbitrary
code on the affected host.
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
https://crbug.com/676623
https://crbug.com/682194
https://crbug.com/682020
https://crbug.com/668724
https://crbug.com/669086
https://crbug.com/678461
https://crbug.com/688425
https://crbug.com/691371
https://crbug.com/679640
https://crbug.com/695476
https://crbug.com/679649
https://crbug.com/691323
https://crbug.com/671932
https://crbug.com/683523
https://crbug.com/688987
https://crbug.com/667079
https://crbug.com/680409
https://security.archlinux.org/CVE-2017-5029
https://security.archlinux.org/CVE-2017-5030
https://security.archlinux.org/CVE-2017-5031
https://security.archlinux.org/CVE-2017-5032
https://security.archlinux.org/CVE-2017-5033
https://security.archlinux.org/CVE-2017-5034
https://security.archlinux.org/CVE-2017-5035
https://security.archlinux.org/CVE-2017-5036
https://security.archlinux.org/CVE-2017-5037
https://security.archlinux.org/CVE-2017-5038
https://security.archlinux.org/CVE-2017-5039
https://security.archlinux.org/CVE-2017-5040
https://security.archlinux.org/CVE-2017-5042
https://security.archlinux.org/CVE-2017-5043
https://security.archlinux.org/CVE-2017-5044
https://security.archlinux.org/CVE-2017-5045
https://security.archlinux.org/CVE-2017-5046
chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
crbug.com/667079
crbug.com/668724
crbug.com/669086
crbug.com/671932
crbug.com/676623
crbug.com/678461
crbug.com/679640
crbug.com/679649
crbug.com/680409
crbug.com/682020
crbug.com/682194
crbug.com/683523
crbug.com/688425
crbug.com/688987
crbug.com/691323
crbug.com/691371
crbug.com/695476
git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
security.archlinux.org/AVG-197
security.archlinux.org/CVE-2017-5029
security.archlinux.org/CVE-2017-5030
security.archlinux.org/CVE-2017-5031
security.archlinux.org/CVE-2017-5032
security.archlinux.org/CVE-2017-5033
security.archlinux.org/CVE-2017-5034
security.archlinux.org/CVE-2017-5035
security.archlinux.org/CVE-2017-5036
security.archlinux.org/CVE-2017-5037
security.archlinux.org/CVE-2017-5038
security.archlinux.org/CVE-2017-5039
security.archlinux.org/CVE-2017-5040
security.archlinux.org/CVE-2017-5042
security.archlinux.org/CVE-2017-5043
security.archlinux.org/CVE-2017-5044
security.archlinux.org/CVE-2017-5045
security.archlinux.org/CVE-2017-5046
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.816 High
EPSS
Percentile
98.4%