FreeBSD : chromium -- multiple vulnerabilities (4dfafa16-24ba-11e6-bd31-3065ec8fd3ec)

high Nessus Plugin ID 91371

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Google Chrome Releases reports :

5 security fixes in this release, including :

- [605766] High CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski.

- [605910] High CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski.

- [606115] High CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.

- [578882] Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.

- [586657] Medium CVE-2016-1671: Directory traversal using the file scheme on Android. Credit to Jann Horn.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?ab15f074

http://www.nessus.org/u?ae98bb1d

Plugin Details

Severity: High

ID: 91371

File Name: freebsd_pkg_4dfafa1624ba11e6bd313065ec8fd3ec.nasl

Version: 2.6

Type: local

Published: 5/31/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, p-cpe:/a:freebsd:freebsd:chromium-pulse, cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:chromium-npapi

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/28/2016

Vulnerability Publication Date: 5/11/2016

Reference Information

CVE: CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1671