FreeBSD : chromium -- multiple vulnerabilities (e1100e63-92f7-11e7-bd95-e8e0b747a45a)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Google Chrome releases reports :

22 security fixes in this release, including :

- [737023] High CVE-2017-5111: Use after free in PDFium. Reported by
Luat Nguyen on KeenLab, Tencent on 2017-06-27

- [740603] High CVE-2017-5112: Heap buffer overflow in WebGL. Reported
by Tobias Klein on 2017-07-10

- [747043] High CVE-2017-5113: Heap buffer overflow in Skia. Reported
by Anonymous on 2017-07-20

- [752829] High CVE-2017-5114: Memory life cycle issue in PDFium.
Reported by Ke Liu of Tencent's Xuanwu LAB on 2017-08-07

- [744584] High CVE-2017-5115: Type confusion in V8. Reported by Marco
Giovannini on 2017-07-17

- [759624] High CVE-2017-5116: Type confusion in V8. Reported by
Anonymous on 2017-08-28

- [739190] Medium CVE-2017-5117: Use of uninitialized value in Skia.
Reported by Tobias Klein on 2017-07-04

- [747847] Medium CVE-2017-5118: Bypass of Content Security Policy in
Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-07-24

- [725127] Medium CVE-2017-5119: Use of uninitialized value in Skia.
Reported by Anonymous on 2017-05-22

- [718676] Low CVE-2017-5120: Potential HTTPS downgrade during
redirect navigation. Reported by Xiaoyin Liu on 2017-05-05

- [762099] Various fixes from internal audits, fuzzing and other
initiatives

See also :

http://www.nessus.org/u?67b28931
http://www.nessus.org/u?8721d89b

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 102988 ()

Bugtraq ID:

CVE ID: CVE-2017-5111
CVE-2017-5112
CVE-2017-5113
CVE-2017-5114
CVE-2017-5115
CVE-2017-5116
CVE-2017-5117
CVE-2017-5118
CVE-2017-5119
CVE-2017-5120

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now