Vulnerability & Exploit Database

Back to search

FreeBSD: VID-1D951E85-FFDB-11E7-8B91-E8E0B747A45A (CVE-2017-15411): chromium -- multiple vulnerabilities

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) December 06, 2017 January 24, 2018 January 24, 2018

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-1D951E85-FFDB-11E7-8B91-E8E0B747A45A:

Google Chrome Releases reports:

37 security fixes in this release, including:

[778505] Critical CVE-2017-15407: Out of bounds write in QUIC. Reported by

Ned Williamson on 2017-10-26

[762374] High CVE-2017-15408: Heap buffer overflow in PDFium. Reported by

Ke Liu of Tencent's Xuanwu LAB on 2017-09-06

[763972] High CVE-2017-15409: Out of bounds write in Skia. Reported by

Anonymous on 2017-09-11

[765921] High CVE-2017-15410: Use after free in PDFium. Reported by

Luat Nguyen of KeenLab, Tencent on 2017-09-16

[770148] High CVE-2017-15411: Use after free in PDFium. Reported by

Luat Nguyen of KeenLab, Tencent on 2017-09-29

[727039] High CVE-2017-15412: Use after free in libXML. Reported by

Nick Wellnhofer on 2017-05-27

[766666] High CVE-2017-15413: Type confusion in WebAssembly. Reported by

Gaurav Dewan of Adobe Systems India Pvt. Ltd. on 2017-09-19

[765512] Medium CVE-2017-15415: Pointer information disclosure in IPC call.

Reported by Viktor Brange of Microsoft Offensive Security Research Team on 2017-09-15

[779314] Medium CVE-2017-15416: Out of bounds read in Blink. Reported by

Ned Williamson on 2017-10-28

[699028] Medium CVE-2017-15417: Cross origin information disclosure in Skia.

Reported by Max May on 2017-03-07

[765858] Medium CVE-2017-15418: Use of uninitialized value in Skia. Reported by

Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-09-15

[780312] Medium CVE-2017-15419: Cross origin leak of redirect URL in Blink.

Reported by Jun Kokatsu on 2017-10-31

[777419] Medium CVE-2017-15420: URL spoofing in Omnibox. Reported by

WenXu Wu of Tencent's Xuanwu Lab on 2017-10-23

[774382] Medium CVE-2017-15422: Integer overflow in ICU. Reported by

Yuan Deng of Ant-financial Light-Year Security Lab on 2017-10-13

[780484] Medium CVE-2017-15430: Unsafe navigation in Chromecast Plugin.

Reported by jinmo123 on 2017-01-11

[778101] Low CVE-2017-15423: Issue with SPAKE implementation in BoringSSL.

Reported by Greg Hudson on 2017-10-25

[756226] Low CVE-2017-15424: URL Spoof in Omnibox. Reported by

Khalil Zhani on 2017-08-16

[756456] Low CVE-2017-15425: URL Spoof in Omnibox. Reported by

xisigr of Tencent's Xuanwu Lab on 2017-08-17

[757735] Low CVE-2017-15426: URL Spoof in Omnibox. Reported by

WenXu Wu of Tencent's Xuanwu Lab on 2017-08-18

[768910] Low CVE-2017-15427: Insufficient blocking of Javascript in Omnibox.

Reported by Junaid Farhan on 2017-09-26

[792099] Various fixes from internal audits, fuzzing and other initiatives

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution Reference

Adobe Security Update

Solution

freebsd-upgrade-package-chromium