CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
98.7%
Severity: Critical
Date : 2017-06-07
CVE-ID : CVE-2017-5070 CVE-2017-5071 CVE-2017-5072 CVE-2017-5073
CVE-2017-5074 CVE-2017-5075 CVE-2017-5076 CVE-2017-5077
CVE-2017-5078 CVE-2017-5079 CVE-2017-5080 CVE-2017-5081
CVE-2017-5082 CVE-2017-5083 CVE-2017-5085 CVE-2017-5086
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-289
The package chromium before version 59.0.3071.86-1 is vulnerable to
multiple issues including arbitrary code execution, arbitrary command
execution, authentication bypass, content spoofing, information
disclosure, cross-site scripting and insufficient validation.
Upgrade to 59.0.3071.86-1.
The problems have been fixed upstream in version 59.0.3071.86.
None.
A type confusion flaw has been found in the V8 component of the
Chromium browser.
An out of bounds read flaw has been found in the V8 component of the
Chromium browser.
An address spoofing flaw has been found in the Omnibox component of the
Chromium browser.
A use-after-free flaw has been found in the print preview component of
the Chromium browser.
A use-after-free flaw has been found in the Apps Bluetooth component of
the Chromium browser.
An information leak flaw has been found in the CSP reporting component
of the Chromium browser.
An address spoofing flaw has been found in the Omnibox component of the
Chromium browser.
A heap buffer overflow flaw was found in the Skia component of the
Chromium browser.
A possible command injection flaw has been found in the mailto handling
component of the Chromium browser.
A UI spoofing flaw has been found in the Blink component of the
Chromium browser.
A use-after-free flaw has been found in the credit card autofill
component of the Chromium browser.
A extension verification bypass has been found in the Chromium browser.
An insufficient hardening flaw has been found in the credit card editor
component of the Chromium browser.
A UI spoofing flaw has been found in the Blink component of the
Chromium browser.
A security issue has been found in the Chromium browser, where
javascript is inappropriately executed on WebUI pages
An address spoofing flaw has been found in the Omnibox component of the
Chromium browser.
A remote attacker can access sensitive information, spoof content,
bypass security measures and execute arbitrary code and commands on the
affected host.
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
https://bugs.chromium.org/p/chromium/issues/detail?id=722756
https://bugs.chromium.org/p/chromium/issues/detail?id=715582
https://bugs.chromium.org/p/chromium/issues/detail?id=709417
https://bugs.chromium.org/p/chromium/issues/detail?id=716474
https://bugs.chromium.org/p/chromium/issues/detail?id=700040
https://bugs.chromium.org/p/chromium/issues/detail?id=678776
https://bugs.chromium.org/p/chromium/issues/detail?id=719199
https://bugs.chromium.org/p/chromium/issues/detail?id=716311
https://bugs.chromium.org/p/chromium/issues/detail?id=711020
https://bugs.chromium.org/p/chromium/issues/detail?id=713686
https://bugs.chromium.org/p/chromium/issues/detail?id=708819
https://bugs.chromium.org/p/chromium/issues/detail?id=672008
https://bugs.chromium.org/p/chromium/issues/detail?id=721579
https://bugs.chromium.org/p/chromium/issues/detail?id=714849
https://bugs.chromium.org/p/chromium/issues/detail?id=692378
https://bugs.chromium.org/p/chromium/issues/detail?id=722639
https://security.archlinux.org/CVE-2017-5070
https://security.archlinux.org/CVE-2017-5071
https://security.archlinux.org/CVE-2017-5072
https://security.archlinux.org/CVE-2017-5073
https://security.archlinux.org/CVE-2017-5074
https://security.archlinux.org/CVE-2017-5075
https://security.archlinux.org/CVE-2017-5076
https://security.archlinux.org/CVE-2017-5077
https://security.archlinux.org/CVE-2017-5078
https://security.archlinux.org/CVE-2017-5079
https://security.archlinux.org/CVE-2017-5080
https://security.archlinux.org/CVE-2017-5081
https://security.archlinux.org/CVE-2017-5082
https://security.archlinux.org/CVE-2017-5083
https://security.archlinux.org/CVE-2017-5085
https://security.archlinux.org/CVE-2017-5086
bugs.chromium.org/p/chromium/issues/detail?id=672008
bugs.chromium.org/p/chromium/issues/detail?id=678776
bugs.chromium.org/p/chromium/issues/detail?id=692378
bugs.chromium.org/p/chromium/issues/detail?id=700040
bugs.chromium.org/p/chromium/issues/detail?id=708819
bugs.chromium.org/p/chromium/issues/detail?id=709417
bugs.chromium.org/p/chromium/issues/detail?id=711020
bugs.chromium.org/p/chromium/issues/detail?id=713686
bugs.chromium.org/p/chromium/issues/detail?id=714849
bugs.chromium.org/p/chromium/issues/detail?id=715582
bugs.chromium.org/p/chromium/issues/detail?id=716311
bugs.chromium.org/p/chromium/issues/detail?id=716474
bugs.chromium.org/p/chromium/issues/detail?id=719199
bugs.chromium.org/p/chromium/issues/detail?id=721579
bugs.chromium.org/p/chromium/issues/detail?id=722639
bugs.chromium.org/p/chromium/issues/detail?id=722756
chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
security.archlinux.org/AVG-289
security.archlinux.org/CVE-2017-5070
security.archlinux.org/CVE-2017-5071
security.archlinux.org/CVE-2017-5072
security.archlinux.org/CVE-2017-5073
security.archlinux.org/CVE-2017-5074
security.archlinux.org/CVE-2017-5075
security.archlinux.org/CVE-2017-5076
security.archlinux.org/CVE-2017-5077
security.archlinux.org/CVE-2017-5078
security.archlinux.org/CVE-2017-5079
security.archlinux.org/CVE-2017-5080
security.archlinux.org/CVE-2017-5081
security.archlinux.org/CVE-2017-5082
security.archlinux.org/CVE-2017-5083
security.archlinux.org/CVE-2017-5085
security.archlinux.org/CVE-2017-5086
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
98.7%