FreeBSD : chromium -- multiple vulnerabilities (2f5ff968-5829-11e1-8288-00262d5ed8ee)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Google Chrome Releases reports :

[105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit
to Google Chrome Security Team (scarybeasts).

[106336] Medium CVE-2011-3016: Read-after-free with counter nodes.
Credit to miaubiz.

[108695] High CVE-2011-3017: Possible use-after-free in database
handling. Credit to miaubiz.

[110172] High CVE-2011-3018: Heap overflow in path rendering. Credit
to Aki Helin of OUSPG.

[110849] High CVE-2011-3019: Heap buffer overflow in MKV handling.
Credit to Google Chrome Security Team (scarybeasts) and Mateusz
Jurczyk of the Google Security Team.

[111575] Medium CVE-2011-3020: Native client validator error. Credit
to Nick Bray of the Chromium development community.

[111779] High CVE-2011-3021: Use-after-free in subframe loading.
Credit to Arthur Gerkis.

[112236] Medium CVE-2011-3022: Inappropriate use of http for
translation script. Credit to Google Chrome Security Team (Jorge
Obes).

[112259] Medium CVE-2011-3023: Use-after-free with drag and drop.
Credit to pa_kt.

[112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
Credit to chrometot.

[112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing.
Credit to Slawomir Blazek.

[112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
Credit to Juri Aedla.

[112847] Medium CVE-2011-3027: Bad cast in column handling. Credit to
miaubiz.

See also :

http://www.nessus.org/u?29fa020e
http://www.nessus.org/u?758fd594

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now