FreeBSD : chromium -- multiple vulnerabilities (ff922811-c096-11e1-b0f4-00262d5ed8ee)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Google Chrome Releases reports :

[118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie
Bursztein of Google.

[120222] High CVE-2012-2817: Use-after-free in table section handling.
Credit to miaubiz.

[120944] High CVE-2012-2818: Use-after-free in counter layout. Credit
to miaubiz.

[120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken
'gets' Russell of the Chromium development community.

[121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter
handling. Credit to Atte Kettunen of OUSPG.

[122925] Medium CVE-2012-2821: Autofill display problem. Credit to
'simonbrown60'.

[various] Medium CVE-2012-2822: Misc. lower severity OOB read issues
in PDF. Credit to awesome ASAN and various Googlers (Kostya
Serebryany, Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind).

[124356] High CVE-2012-2823: Use-after-free in SVG resource handling.
Credit to miaubiz.

[125374] High CVE-2012-2824: Use-after-free in SVG painting. Credit to
miaubiz.

[128688] Medium CVE-2012-2826: Out-of-bounds read in texture
conversion. Credit to Google Chrome Security Team (Inferno).

[Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI.
Credit to the Chromium development community (Dharani Govindan).

[129857] High CVE-2012-2828: Integer overflows in PDF. Credit to
Mateusz Jurczyk of Google Security Team and Google Chrome Security
Team (Chris Evans).

[129947] High CVE-2012-2829: Use-after-free in first-letter handling.
Credit to miaubiz.

[129951] High CVE-2012-2830: Wild pointer in array value setting.
Credit to miaubiz.

[130356] High CVE-2012-2831: Use-after-free in SVG reference handling.
Credit to miaubiz.

[131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec.
Credit to Mateusz Jurczyk of Google Security Team.

[132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to
Mateusz Jurczyk of Google Security Team.

[132779] High CVE-2012-2834: Integer overflow in Matroska container.
Credit to Juri Aedla.

See also :

http://www.nessus.org/u?29fa020e
http://www.nessus.org/u?09fae784

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now