FreeBSD : chromium -- multiple vulnerabilities (fe1976c2-5317-11e1-9e99-00262d5ed8ee)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Google Chrome Releases reports :

[73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste
event. Credit to Daniel Cheng of the Chromium development community.

[92550] Low CVE-2011-3954: Crash with excessive database usage. Credit
to Collin Payne.

[93106] High CVE-2011-3955: Crash aborting an IndexDB transaction.
Credit to David Grogan of the Chromium development community.

[103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins
inside extensions. Credit to Devdatta Akhawe, UC Berkeley.

[104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
Credit to Aki Helin of OUSPG.

[105459] High CVE-2011-3958: Bad casts with column spans. Credit to
miaubiz.

[106441] High CVE-2011-3959: Buffer overflow in locale handling.
Credit to Aki Helin of OUSPG.

[108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
Credit to Aki Helin of OUSPG.

[108871] Critical CVE-2011-3961: Race condition after crash of utility
process. Credit to Shawn Goertzen.

[108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping.
Credit to Aki Helin of OUSPG.

[109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
handling. Credit to Atte Kettunen of OUSPG.

[109245] Low CVE-2011-3964: URL bar confusion after drag + drop.
Credit to Code Audit Labs of VulnHunt.com.

[109664] Low CVE-2011-3965: Crash in signature check. Credit to
Slawomir Blazek.

[109716] High CVE-2011-3966: Use-after-free in stylesheet error
handling. Credit to Aki Helin of OUSPG.

[109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to
Ben Carrillo.

[109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to
Arthur Gerkis.

[110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to
Arthur Gerkis.

[110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit
to Aki Helin of OUSPG.

[110374] High CVE-2011-3971: Use-after-free with mousemove events.
Credit to Arthur Gerkis.

[110559] Medium CVE-2011-3972: Out-of-bounds read in shader
translator. Credit to Google Chrome Security Team (Inferno).

See also :

http://www.nessus.org/u?29fa020e
http://www.nessus.org/u?b46898fd

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now