Debian DSA-4500-1 : chromium - security update - Nessus

High   Plugin ID: 127868

This page contains detailed information about the Debian DSA-4500-1 : chromium - security update Nessus plugin including available exploits and PoCs found on GitHub, in Metasploit or Exploit-DB for verifying of this vulnerability.

Table Of Contents
hide

Plugin Overview

ID: 127868
Name: Debian DSA-4500-1 : chromium - security update
Filename: debian_DSA-4500.nasl
Vulnerability Published: 2019-06-27
This Plugin Published: 2019-08-14
Last Modification Time: 2020-03-09
Plugin Version: 1.6
Plugin Type: local
Plugin Family: Debian Local Security Checks
Dependencies: ssh_get_info.nasl
Required KB Items [?]: Host/Debian/dpkg-l, Host/Debian/release, Host/local_checks_enabled

Vulnerability Information

Severity: High
Vulnerability Published: 2019-06-27
Patch Published: 2019-08-12
CVE [?]: CVE-2019-5805, CVE-2019-5806, CVE-2019-5807, CVE-2019-5808, CVE-2019-5809, CVE-2019-5810, CVE-2019-5811, CVE-2019-5813, CVE-2019-5814, CVE-2019-5815, CVE-2019-5818, CVE-2019-5819, CVE-2019-5820, CVE-2019-5821, CVE-2019-5822, CVE-2019-5823, CVE-2019-5824, CVE-2019-5825, CVE-2019-5826, CVE-2019-5827, CVE-2019-5828, CVE-2019-5829, CVE-2019-5830, CVE-2019-5831, CVE-2019-5832, CVE-2019-5833, CVE-2019-5834, CVE-2019-5836, CVE-2019-5837, CVE-2019-5838, CVE-2019-5839, CVE-2019-5840, CVE-2019-5842, CVE-2019-5847, CVE-2019-5848, CVE-2019-5849, CVE-2019-5850, CVE-2019-5851, CVE-2019-5852, CVE-2019-5853, CVE-2019-5854, CVE-2019-5855, CVE-2019-5856, CVE-2019-5857, CVE-2019-5858, CVE-2019-5859, CVE-2019-5860, CVE-2019-5861, CVE-2019-5862, CVE-2019-5864, CVE-2019-5865, CVE-2019-5867, CVE-2019-5868
CPE [?]: cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:chromium

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the chromium web browser.

- CVE-2019-5805 A use-after-free issue was discovered in the pdfium library.

- CVE-2019-5806 Wen Xu discovered an integer overflow issue in the Angle library.

- CVE-2019-5807 TimGMichaud discovered a memory corruption issue in the v8 JavaScript library.

- CVE-2019-5808 cloudfuzzer discovered a use-after-free issue in Blink/Webkit.

- CVE-2019-5809 Mark Brand discovered a use-after-free issue in Blink/Webkit.

- CVE-2019-5810 Mark Amery discovered an information disclosure issue.

- CVE-2019-5811 Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing feature.

- CVE-2019-5813 Aleksandar Nikolic discovered an out-of-bounds read issue in the v8 JavaScript library.

- CVE-2019-5814 @AaylaSecura1138 discovered a way to bypass the Cross-Origin Resource Sharing feature.

- CVE-2019-5815 Nicolas Gregoire discovered a buffer overflow issue in Blink/Webkit.

- CVE-2019-5818 Adrian Tolbaru discovered an uninitialized value issue.

- CVE-2019-5819 Svyat Mitin discovered an error in the developer tools.

- CVE-2019-5820 pdknsk discovered an integer overflow issue in the pdfium library.

- CVE-2019-5821 pdknsk discovered another integer overflow issue in the pdfium library.

- CVE-2019-5822 Jun Kokatsu discovered a way to bypass the Cross-Origin Resource Sharing feature.

- CVE-2019-5823 David Erceg discovered a navigation error.

- CVE-2019-5824 leecraso and Guang Gong discovered an error in the media player.

- CVE-2019-5825 Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered an out-of-bounds write issue in the v8 JavaScript library.

- CVE-2019-5826 Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu discovered a use-after-free issue.

- CVE-2019-5827 mlfbrown discovered an out-of-bounds read issue in the sqlite library.

- CVE-2019-5828 leecraso and Guang Gong discovered a use-after-free issue.

- CVE-2019-5829 Lucas Pinheiro discovered a use-after-free issue.

- CVE-2019-5830 Andrew Krashichkov discovered a credential error in the Cross-Origin Resource Sharing feature.

- CVE-2019-5831 yngwei discovered a map error in the v8 JavaScript library.

- CVE-2019-5832 Sergey Shekyan discovered an error in the Cross-Origin Resource Sharing feature.

- CVE-2019-5833 Khalil Zhani discovered a user interface error.

- CVE-2019-5834 Khalil Zhani discovered a URL spoofing issue.

- CVE-2019-5836 Omair discovered a buffer overflow issue in the Angle library.

- CVE-2019-5837 Adam Iawniuk discovered an information disclosure issue.

- CVE-2019-5838 David Erceg discovered an error in extension permissions.

- CVE-2019-5839 Masato Kinugawa discovered implementation errors in Blink/Webkit.

- CVE-2019-5840 Eliya Stein and Jerome Dangu discovered a way to bypass the popup blocker.

- CVE-2019-5842 BUGFENSE discovered a use-after-free issue in Blink/Webkit.

- CVE-2019-5847 m3plex discovered an error in the v8 JavaScript library.

- CVE-2019-5848 Mark Amery discovered an information disclosure issue.

- CVE-2019-5849 Zhen Zhou discovered an out-of-bounds read in the Skia library.

- CVE-2019-5850 Brendon Tiszka discovered a use-after-free issue in the offline page fetcher.

- CVE-2019-5851 Zhe Jin discovered a use-after-poison issue.

- CVE-2019-5852 David Erceg discovered an information disclosure issue.

- CVE-2019-5853 Yngwei and sakura discovered a memory corruption issue.

- CVE-2019-5854 Zhen Zhou discovered an integer overflow issue in the pdfium library.

- CVE-2019-5855 Zhen Zhou discovered an integer overflow issue in the pdfium library.

- CVE-2019-5856 Yongke Wang discovered an error related to filesystem: URI permissions.

- CVE-2019-5857 cloudfuzzer discovered a way to crash chromium.

- CVE-2019-5858 evil1m0 discovered an information disclosure issue.

- CVE-2019-5859 James Lee discovered a way to launch alternative browsers.

- CVE-2019-5860 A use-after-free issue was discovered in the v8 JavaScript library.

- CVE-2019-5861 Robin Linus discovered an error determining click location.

- CVE-2019-5862 Jun Kokatsu discovered an error in the AppCache implementation.

- CVE-2019-5864 Devin Grindle discovered an error in the Cross-Origin Resourse Sharing feature for extensions.

- CVE-2019-5865 Ivan Fratric discovered a way to bypass the site isolation feature.

- CVE-2019-5867 Lucas Pinheiro discovered an out-of-bounds read issue in the v8 JavaScript library.

- CVE-2019-5868 banananapenguin discovered a use-after-free issue in the v8 JavaScript library.

Solution

Upgrade the chromium packages.

For the stable distribution (buster), these problems have been fixed in version 76.0.3809.100-1~deb10u1.

Public Exploits

Target Network Port(s): N/A
Target Asset(s): N/A
Exploit Available: True (Metasploit Framework, Exploit-DB, GitHub)
Exploit Ease: Exploits are available

Here's the list of publicly known exploits and PoCs for verifying the Debian DSA-4500-1 : chromium - security update vulnerability:

  1. Metasploit: exploit/multi/browser/chrome_array_map
    [Google Chrome 72 and 73 Array.map exploit]
  2. Exploit-DB: exploits/multiple/remote/48183.rb
    [EDB-48183: Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)]
  3. GitHub: https://github.com/sslab-gatech/freedom
    [CVE-2019-5806]
  4. GitHub: https://github.com/ZihanYe/web-browser-vulnerabilities
    [CVE-2019-5808]
  5. GitHub: https://github.com/allpaca/chrome-sbx-db
    [CVE-2019-5809]
  6. GitHub: https://github.com/Silence-Rain/14-828_Exploitation_of_CVE-2019-5822
    [CVE-2019-5822]
  7. GitHub: https://github.com/fs0c-sh/exploits
    [CVE-2019-5825]
  8. GitHub: https://github.com/timwr/CVE-2019-5825
    [CVE-2019-5825]
  9. GitHub: https://github.com/Kiprey/Skr_Learning
    [CVE-2019-5826]
  10. GitHub: https://github.com/SexyBeast233/SecBooks
    [CVE-2019-5826]
  11. GitHub: https://github.com/allpaca/chrome-sbx-db
    [CVE-2019-5826]
  12. GitHub: https://github.com/farif/cve_2019-5827
    [CVE-2019-5827: Heap Corruption]
  13. GitHub: https://github.com/googleprojectzero/fuzzilli
    [CVE-2019-5831]
  14. GitHub: https://github.com/googleprojectzero/fuzzilli
    [CVE-2019-5847]
  15. GitHub: https://github.com/allpaca/chrome-sbx-db
    [CVE-2019-5850]
  16. GitHub: https://github.com/googleprojectzero/fuzzilli
    [CVE-2019-5853]
  17. GitHub: https://github.com/allpaca/chrome-sbx-db
    [CVE-2019-5859]

Before running any exploit against any system, make sure you are authorized by the owner of the target system(s) to perform such activity. In any other case, this would be considered as an illegal activity.

WARNING: Beware of using unverified exploits from sources such as GitHub or Exploit-DB. These exploits and PoCs could contain malware. For more information, see how to use exploits safely.

Risk Information

CVSS Score Source [?]: CVE-2019-5859
CVSS V2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C
CVSS Base Score:6.8 (Medium)
Impact Subscore:6.4
Exploitability Subscore:8.6
CVSS Temporal Score:5.6 (Medium)
CVSS Environmental Score:NA (None)
Modified Impact Subscore:NA
Overall CVSS Score:5.6 (Medium)
CVSS V3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
CVSS Base Score:8.8 (High)
Impact Subscore:5.9
Exploitability Subscore:2.8
CVSS Temporal Score:8.2 (High)
CVSS Environmental Score:NA (None)
Modified Impact Subscore:NA
Overall CVSS Score:8.2 (High)

Go back to menu.

Plugin Source

This is the debian_DSA-4500.nasl nessus plugin source code. This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. 

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-4500. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(127868);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09");

  script_cve_id("CVE-2019-5805", "CVE-2019-5806", "CVE-2019-5807", "CVE-2019-5808", "CVE-2019-5809", "CVE-2019-5810", "CVE-2019-5811", "CVE-2019-5813", "CVE-2019-5814", "CVE-2019-5815", "CVE-2019-5818", "CVE-2019-5819", "CVE-2019-5820", "CVE-2019-5821", "CVE-2019-5822", "CVE-2019-5823", "CVE-2019-5824", "CVE-2019-5825", "CVE-2019-5826", "CVE-2019-5827", "CVE-2019-5828", "CVE-2019-5829", "CVE-2019-5830", "CVE-2019-5831", "CVE-2019-5832", "CVE-2019-5833", "CVE-2019-5834", "CVE-2019-5836", "CVE-2019-5837", "CVE-2019-5838", "CVE-2019-5839", "CVE-2019-5840", "CVE-2019-5842", "CVE-2019-5847", "CVE-2019-5848", "CVE-2019-5849", "CVE-2019-5850", "CVE-2019-5851", "CVE-2019-5852", "CVE-2019-5853", "CVE-2019-5854", "CVE-2019-5855", "CVE-2019-5856", "CVE-2019-5857", "CVE-2019-5858", "CVE-2019-5859", "CVE-2019-5860", "CVE-2019-5861", "CVE-2019-5862", "CVE-2019-5864", "CVE-2019-5865", "CVE-2019-5867", "CVE-2019-5868");
  script_xref(name:"DSA", value:"4500");

  script_name(english:"Debian DSA-4500-1 : chromium - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in the chromium web
browser.

  - CVE-2019-5805
    A use-after-free issue was discovered in the pdfium
    library.

  - CVE-2019-5806
    Wen Xu discovered an integer overflow issue in the Angle
    library.

  - CVE-2019-5807
    TimGMichaud discovered a memory corruption issue in the
    v8 JavaScript library.

  - CVE-2019-5808
    cloudfuzzer discovered a use-after-free issue in
    Blink/Webkit.

  - CVE-2019-5809
    Mark Brand discovered a use-after-free issue in
    Blink/Webkit.

  - CVE-2019-5810
    Mark Amery discovered an information disclosure issue.

  - CVE-2019-5811
    Jun Kokatsu discovered a way to bypass the Cross-Origin
    Resource Sharing feature.

  - CVE-2019-5813
    Aleksandar Nikolic discovered an out-of-bounds read
    issue in the v8 JavaScript library.

  - CVE-2019-5814
    @AaylaSecura1138 discovered a way to bypass the
    Cross-Origin Resource Sharing feature.

  - CVE-2019-5815
    Nicolas Gregoire discovered a buffer overflow issue in
    Blink/Webkit.

  - CVE-2019-5818
    Adrian Tolbaru discovered an uninitialized value issue.

  - CVE-2019-5819
    Svyat Mitin discovered an error in the developer tools.

  - CVE-2019-5820
    pdknsk discovered an integer overflow issue in the
    pdfium library.

  - CVE-2019-5821
    pdknsk discovered another integer overflow issue in the
    pdfium library.

  - CVE-2019-5822
    Jun Kokatsu discovered a way to bypass the Cross-Origin
    Resource Sharing feature.

  - CVE-2019-5823
    David Erceg discovered a navigation error.

  - CVE-2019-5824
    leecraso and Guang Gong discovered an error in the media
    player.

  - CVE-2019-5825
    Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu
    discovered an out-of-bounds write issue in the v8
    JavaScript library.

  - CVE-2019-5826
    Genming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu
    discovered a use-after-free issue.

  - CVE-2019-5827
    mlfbrown discovered an out-of-bounds read issue in the
    sqlite library.

  - CVE-2019-5828
    leecraso and Guang Gong discovered a use-after-free
    issue.

  - CVE-2019-5829
    Lucas Pinheiro discovered a use-after-free issue.

  - CVE-2019-5830
    Andrew Krashichkov discovered a credential error in the
    Cross-Origin Resource Sharing feature.

  - CVE-2019-5831
    yngwei discovered a map error in the v8 JavaScript
    library.

  - CVE-2019-5832
    Sergey Shekyan discovered an error in the Cross-Origin
    Resource Sharing feature.

  - CVE-2019-5833
    Khalil Zhani discovered a user interface error.

  - CVE-2019-5834
    Khalil Zhani discovered a URL spoofing issue.

  - CVE-2019-5836
    Omair discovered a buffer overflow issue in the Angle
    library.

  - CVE-2019-5837
    Adam Iawniuk discovered an information disclosure issue.

  - CVE-2019-5838
    David Erceg discovered an error in extension
    permissions.

  - CVE-2019-5839
    Masato Kinugawa discovered implementation errors in
    Blink/Webkit.

  - CVE-2019-5840
    Eliya Stein and Jerome Dangu discovered a way to bypass
    the popup blocker.

  - CVE-2019-5842
    BUGFENSE discovered a use-after-free issue in
    Blink/Webkit.

  - CVE-2019-5847
    m3plex discovered an error in the v8 JavaScript library.

  - CVE-2019-5848
    Mark Amery discovered an information disclosure issue.

  - CVE-2019-5849
    Zhen Zhou discovered an out-of-bounds read in the Skia
    library.

  - CVE-2019-5850
    Brendon Tiszka discovered a use-after-free issue in the
    offline page fetcher.

  - CVE-2019-5851
    Zhe Jin discovered a use-after-poison issue.

  - CVE-2019-5852
    David Erceg discovered an information disclosure issue.

  - CVE-2019-5853
    Yngwei and sakura discovered a memory corruption issue.

  - CVE-2019-5854
    Zhen Zhou discovered an integer overflow issue in the
    pdfium library.

  - CVE-2019-5855
    Zhen Zhou discovered an integer overflow issue in the
    pdfium library.

  - CVE-2019-5856
    Yongke Wang discovered an error related to filesystem:
    URI permissions.

  - CVE-2019-5857
    cloudfuzzer discovered a way to crash chromium.

  - CVE-2019-5858
    evil1m0 discovered an information disclosure issue.

  - CVE-2019-5859
    James Lee discovered a way to launch alternative
    browsers.

  - CVE-2019-5860
    A use-after-free issue was discovered in the v8
    JavaScript library.

  - CVE-2019-5861
    Robin Linus discovered an error determining click
    location.

  - CVE-2019-5862
    Jun Kokatsu discovered an error in the AppCache
    implementation.

  - CVE-2019-5864
    Devin Grindle discovered an error in the Cross-Origin
    Resourse Sharing feature for extensions.

  - CVE-2019-5865
    Ivan Fratric discovered a way to bypass the site
    isolation feature.

  - CVE-2019-5867
    Lucas Pinheiro discovered an out-of-bounds read issue in
    the v8 JavaScript library.

  - CVE-2019-5868
    banananapenguin discovered a use-after-free issue in the
    v8 JavaScript library."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5805"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5806"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5807"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5808"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5809"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5810"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5811"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5814"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5815"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5818"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5819"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5820"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5821"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5822"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5823"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5824"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5825"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5826"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5827"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5828"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5829"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5830"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5831"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5832"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5833"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5834"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5836"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5837"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5838"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5840"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5842"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5847"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5849"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5850"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5851"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5852"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5853"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5854"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5855"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5856"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5857"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5858"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5859"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5860"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5861"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5862"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5864"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5865"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5867"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5868"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/source-package/chromium"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/buster/chromium"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2019/dsa-4500"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the chromium packages.

For the stable distribution (buster), these problems have been fixed
in version 76.0.3809.100-1~deb10u1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5859");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Google Chrome 72 and 73 Array.map exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:chromium");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/08/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"10.0", prefix:"chromium", reference:"76.0.3809.100-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-common", reference:"76.0.3809.100-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-driver", reference:"76.0.3809.100-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-l10n", reference:"76.0.3809.100-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-sandbox", reference:"76.0.3809.100-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"chromium-shell", reference:"76.0.3809.100-1~deb10u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

The latest version of this script can be found in these locations depending on your platform:

  • Linux / Unix:
    /opt/nessus/lib/nessus/plugins/debian_DSA-4500.nasl
  • Windows:
    C:\ProgramData\Tenable\Nessus\nessus\plugins\debian_DSA-4500.nasl
  • Mac OS X:
    /Library/Nessus/run/lib/nessus/plugins/debian_DSA-4500.nasl

Go back to menu.

How to Run

Here is how to run the Debian DSA-4500-1 : chromium - security update as a standalone plugin via the Nessus web user interface (https://localhost:8834/):

  1. Click to start a New Scan.
  2. Select Advanced Scan.
  3. Navigate to the Plugins tab.
  4. On the top right corner click to Disable All plugins.
  5. On the left side table select Debian Local Security Checks plugin family.
  6. On the right side table select Debian DSA-4500-1 : chromium - security update plugin ID 127868.
  7. Specify the target on the Settings tab and click to Save the scan.
  8. Run the scan.

Here are a few examples of how to run the plugin in the command line. Note that the examples below demonstrate the usage on the Linux / Unix platform.

Basic usage:

/opt/nessus/bin/nasl debian_DSA-4500.nasl -t <IP/HOST>

Run the plugin with audit trail message on the console:

/opt/nessus/bin/nasl -a debian_DSA-4500.nasl -t <IP/HOST>

Run the plugin with trace script execution written to the console (useful for debugging):

/opt/nessus/bin/nasl -T - debian_DSA-4500.nasl -t <IP/HOST>

Run the plugin with using a state file for the target and updating it (useful for running multiple plugins on the target):

/opt/nessus/bin/nasl -K /tmp/state debian_DSA-4500.nasl -t <IP/HOST>

Go back to menu.

References

DSA | Debian Security Advisory: See also: Similar and related Nessus plugins:
  • 125729 - Google Chrome < 75.0.3770.80 Multiple Vulnerabilities
  • 125940 - RHEL 6 : chromium-browser (RHSA-2019:1477)
  • 125941 - openSUSE Security Update : chromium (openSUSE-2019-1557)
  • 125942 - openSUSE Security Update : chromium (openSUSE-2019-1558)
  • 125943 - openSUSE Security Update : chromium (openSUSE-2019-1559)
  • 126359 - Fedora 30 : chromium (2019-8fb8240d14)
  • 126368 - openSUSE Security Update : chromium (openSUSE-2019-1666)
  • 126752 - Google Chrome < 75.0.3770.142 Multiple Vulnerabilities
  • 126753 - Google Chrome < 75.0.3770.142 Multiple Vulnerabilities
  • 126995 - Fedora 29 : chromium (2019-a1af621faf)
  • 127119 - Google Chrome < 76.0.3809.87 Multiple Vulnerabilities
  • 127120 - Google Chrome < 76.0.3809.87 Multiple Vulnerabilities
  • 127628 - RHEL 6 : chromium-browser (RHSA-2019:1930)
  • 127735 - openSUSE Security Update : chromium (openSUSE-2019-1815)
  • 127828 - RHEL 6 : chromium-browser (RHSA-2019:2427)
  • 127836 - openSUSE Security Update : chromium (openSUSE-2019-1848)
  • 127837 - openSUSE Security Update : chromium (openSUSE-2019-1849)
  • 127967 - GLSA-201908-18 : Chromium, Google Chrome: Multiple vulnerabilities
  • 128623 - Fedora 30 : chromium (2019-5d2420030c)
  • 129857 - Fedora 29 : qt5-qtwebengine (2019-e5ff5d0ffd)
  • 131561 - Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : sqlite3 vulnerabilities (USN-4205-1)
  • 134593 - GLSA-202003-16 : SQLite: Multiple vulnerabilities
  • 139986 - EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1883)
  • 140981 - EulerOS Virtualization for ARM 64 3.0.6.0 : sqlite (EulerOS-SA-2020-2033)
  • 142254 - EulerOS 2.0 SP2 : sqlite (EulerOS-SA-2020-2398)
  • 155196 - CentOS 8 : sqlite (CESA-2021:4396)
  • 155211 - RHEL 8 : sqlite (RHSA-2021:4396)
  • 155418 - Oracle Linux 8 : sqlite (ELSA-2021-4396)
  • 157628 - AlmaLinux 8 : sqlite (ALSA-2021:4396)

Version

This page has been produced using Nessus Professional 10.1.2 (#68) LINUX, Plugin set 202205072148.
Plugin file debian_DSA-4500.nasl version 1.6. For more plugins, visit the Nessus Plugin Library.

Go back to menu.