FreeBSD : chromium -- multiple vulnerabilities (bdd48858-9656-11e2-a9a8-00262d5ed8ee)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Google Chrome Releases reports :

[172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit to
Atte Kettunen of OUSPG.

[180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit
to Google Chrome Security Team (Cris Neckar).

[180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and
drop. Credit to Vsevolod Vlasov of the Chromium development community.

[Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up
windows in extensions. Credit to Google Chrome Security Team (Mustafa
Emre Acer).

[177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks
API. Credit to Google Chrome Security Team (Mustafa Emre Acer).

[174943] High CVE-2013-0921: Ensure isolated web sites run in their
own processes.

[174129] Low CVE-2013-0922: Avoid HTTP basic auth brute-force
attempts. Credit to 't3553r'.

[169981] [169972] [169765] Medium CVE-2013-0923: Memory safety issues
in the USB Apps API. Credit to Google Chrome Security Team (Mustafa
Emre Acer).

[169632] Low CVE-2013-0924: Check an extension's permissions API usage
again file permissions. Credit to Benjamin Kalman of the Chromium
development community.

[168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without
the tabs permissions. Credit to Michael Vrable of Google.

[112325] Medium CVE-2013-0926: Avoid pasting active tags in certain
situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c
(xysec.com).

See also :

http://www.nessus.org/u?6bd43a3e
http://www.nessus.org/u?3a5ef16f

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now