FreeBSD : chromium -- multiple vulnerabilities (3bfc7016-4bcc-11e3-b0cf-00262d5ed8ee)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Google Chrome Releases reports :

25 security fixes in this release, including :

- [268565] Medium CVE-2013-6621: Use after free related to speech
input elements. Credit to Khalil Zhani.

- [272786] High CVE-2013-6622: Use after free related to media
elements. Credit to cloudfuzzer.

- [282925] High CVE-2013-6623: Out of bounds read in SVG. Credit to
miaubiz.

- [290566] High CVE-2013-6624: Use after free related to 'id'
attribute strings. Credit to Jon Butler.

- [295010] High CVE-2013-6625: Use after free in DOM ranges. Credit to
cloudfuzzer.

- [295695] Low CVE-2013-6626: Address bar spoofing related to
interstitial warnings. Credit to Chamal de Silva.

- [299892] High CVE-2013-6627: Out of bounds read in HTTP parsing.
Credit to skylined.

- [306959] Medium CVE-2013-6628: Issue with certificates not being
checked during TLS renegotiation. Credit to Antoine Delignat-Lavaud
and Karthikeyan Bhargavan from Prosecco of INRIA Paris.

- [315823] Medium-Critical CVE-2013-2931: Various fixes from internal
audits, fuzzing and other initiatives.

- [258723] Medium CVE-2013-6629: Read of uninitialized memory in
libjpeg and libjpeg-turbo. Credit to Michal Zalewski of Google.

- [299835] Medium CVE-2013-6630: Read of uninitialized memory in
libjpeg-turbo. Credit to Michal Zalewski of Google.

- [296804] High CVE-2013-6631: Use after free in libjingle. Credit to
Patrik Hoglund of the Chromium project.

See also :

http://googlechromereleases.blogspot.nl/
http://www.nessus.org/u?79f2f276

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now