FreeBSD : chromium -- multiple vulnerabilities (358133b5-c2b9-11e2-a738-00262d5ed8ee)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Google Chrome Releases reports :

[235638] High CVE-2013-2837: Use-after-free in SVG. Credit to Slawomir
Blazek.

[235311] Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to
Christian Holler.

[230176] High CVE-2013-2839: Bad cast in clipboard handling. Credit to
Jon of MWR InfoSecurity.

[230117] High CVE-2013-2840: Use-after-free in media loader. Credit to
Nils of MWR InfoSecurity.

[227350] High CVE-2013-2841: Use-after-free in Pepper resource
handling. Credit to Chamal de Silva.

[226696] High CVE-2013-2842: Use-after-free in widget handling. Credit
to Cyril Cattiaux.

[222000] High CVE-2013-2843: Use-after-free in speech handling. Credit
to Khalil Zhani.

[196393] High CVE-2013-2844: Use-after-free in style resolution.
Credit to Sachin Shinde (@cons0ul).

[188092] [179522] [222136] [188092] High CVE-2013-2845: Memory safety
issues in Web Audio. Credit to Atte Kettunen of OUSPG.

[177620] High CVE-2013-2846: Use-after-free in media loader. Credit to
Chamal de Silva.

[176692] High CVE-2013-2847: Use-after-free race condition with
workers. Credit to Collin Payne.

[176137] Medium CVE-2013-2848: Possible data extraction with XSS
Auditor. Credit to Egor Homakov.

[171392] Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
Credit to Mario Heiderich.

[241595] High CVE-2013-2836: Various fixes from internal audits,
fuzzing and other initiatives.

See also :

http://www.nessus.org/u?6bd43a3e
http://www.nessus.org/u?151e7dec

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now