CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
90.7%
Severity: Critical
Date : 2017-12-07
CVE-ID : CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410
CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415
CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419
CVE-2017-15420 CVE-2017-15422 CVE-2017-15423 CVE-2017-15424
CVE-2017-15425 CVE-2017-15426 CVE-2017-15427
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-544
The package chromium before version 63.0.3239.84-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing,
information disclosure and access restriction bypass.
Upgrade to 63.0.3239.84-1.
The problems have been fixed upstream in version 63.0.3239.84.
None.
An out of bounds write has been found in the QUIC component of the
Chromium browser before 63.0.3239.84.
A heap-based buffer overflow has been found in the PDFium component of
the Chromium browser before 63.0.3239.84.
An out of bounds write has been found in the Skia component of the
Chromium browser before 63.0.3239.84.
A use after free has been found in the PDFium component of the Chromium
browser before 63.0.3239.84.
A use after free has been found in the PDFium component of the Chromium
browser before 63.0.3239.84.
A use after free has been found in the libxml component of the Chromium
browser before 63.0.3239.84.
A type confusion has been found in the WebAssembly component of the
Chromium browser before 63.0.3239.84.
A pointer information disclosure has been found in the IPC call
component of the Chromium browser before 63.0.3239.84.
An out of bounds read has been found in the Blink component of the
Chromium browser before 63.0.3239.84.
A cross-origin information disclosure has been found in the Skia
component of the Chromium browser before 63.0.3239.84.
A use of uninitialized value has been found in the Skia component of
the Chromium browser before 63.0.3239.84.
A cross-origin leak of redirect URL has been found in the Blink
component of the Chromium browser before 63.0.3239.84.
A URL spoofing issue has been found in the Omnibox component of the
Chromium browser before 63.0.3239.84.
An integer overflow has been found in the ICU component of the Chromium
browser before 63.0.3239.84.
An information disclosure issue has been found in the SPAKE
implementation of the BoringSSL component of the Chromium browser
before 63.0.3239.84.
A URL spoofing issue has been found in the Omnibox component of the
Chromium browser before 63.0.3239.84.
A URL spoofing issue has been found in the Omnibox component of the
Chromium browser before 63.0.3239.84.
A URL spoofing issue has been found in the Omnibox component of the
Chromium browser before 63.0.3239.84.
An insufficient blocking of Javascript issue has been found in the
Omnibox component of the Chromium browser before 63.0.3239.84.
A remote attacker can execute arbitrary code on the affected host,
spoof the URL, access sensitive information and bypass security
measures.
https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
https://crbug.com/778505
https://crbug.com/762374
https://crbug.com/763972
https://crbug.com/765921
https://crbug.com/770148
https://crbug.com/727039
https://crbug.com/766666
https://crbug.com/765512
https://crbug.com/779314
https://crbug.com/699028
https://crbug.com/765858
https://crbug.com/780312
https://crbug.com/777419
https://crbug.com/774382
https://github.com/google/boringssl/commit/696c13bd6ab78011adfe7b775519c8b7cc82b604
https://crbug.com/778101
https://crbug.com/756226
https://crbug.com/756456
https://crbug.com/756735
https://crbug.com/768910
https://security.archlinux.org/CVE-2017-15407
https://security.archlinux.org/CVE-2017-15408
https://security.archlinux.org/CVE-2017-15409
https://security.archlinux.org/CVE-2017-15410
https://security.archlinux.org/CVE-2017-15411
https://security.archlinux.org/CVE-2017-15412
https://security.archlinux.org/CVE-2017-15413
https://security.archlinux.org/CVE-2017-15415
https://security.archlinux.org/CVE-2017-15416
https://security.archlinux.org/CVE-2017-15417
https://security.archlinux.org/CVE-2017-15418
https://security.archlinux.org/CVE-2017-15419
https://security.archlinux.org/CVE-2017-15420
https://security.archlinux.org/CVE-2017-15422
https://security.archlinux.org/CVE-2017-15423
https://security.archlinux.org/CVE-2017-15424
https://security.archlinux.org/CVE-2017-15425
https://security.archlinux.org/CVE-2017-15426
https://security.archlinux.org/CVE-2017-15427
chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
crbug.com/699028
crbug.com/727039
crbug.com/756226
crbug.com/756456
crbug.com/756735
crbug.com/762374
crbug.com/763972
crbug.com/765512
crbug.com/765858
crbug.com/765921
crbug.com/766666
crbug.com/768910
crbug.com/770148
crbug.com/774382
crbug.com/777419
crbug.com/778101
crbug.com/778505
crbug.com/779314
crbug.com/780312
github.com/google/boringssl/commit/696c13bd6ab78011adfe7b775519c8b7cc82b604
security.archlinux.org/AVG-544
security.archlinux.org/CVE-2017-15407
security.archlinux.org/CVE-2017-15408
security.archlinux.org/CVE-2017-15409
security.archlinux.org/CVE-2017-15410
security.archlinux.org/CVE-2017-15411
security.archlinux.org/CVE-2017-15412
security.archlinux.org/CVE-2017-15413
security.archlinux.org/CVE-2017-15415
security.archlinux.org/CVE-2017-15416
security.archlinux.org/CVE-2017-15417
security.archlinux.org/CVE-2017-15418
security.archlinux.org/CVE-2017-15419
security.archlinux.org/CVE-2017-15420
security.archlinux.org/CVE-2017-15422
security.archlinux.org/CVE-2017-15423
security.archlinux.org/CVE-2017-15424
security.archlinux.org/CVE-2017-15425
security.archlinux.org/CVE-2017-15426
security.archlinux.org/CVE-2017-15427
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
90.7%