FreeBSD : chromium -- multiple vulnerabilities (9dd47fa3-9d53-11e3-b20f-00262d5ed8ee)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Google Chrome Releases reports :

28 security fixes in this release, including :

- [334897] High CVE-2013-6652: Issue with relative paths in Windows
sandbox named pipe policy. Credit to tyranid.

- [331790] High CVE-2013-6653: Use-after-free related to web contents.
Credit to Khalil Zhani.

- [333176] High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.

- [293534] High CVE-2013-6655: Use-after-free in layout. Credit to
cloudfuzzer.

- [331725] High CVE-2013-6656: Information leak in XSS auditor. Credit
to NeexEmil.

- [331060] Medium CVE-2013-6657: Information leak in XSS auditor.
Credit to NeexEmil.

- [322891] Medium CVE-2013-6658: Use-after-free in layout. Credit to
cloudfuzzer.

- [306959] Medium CVE-2013-6659: Issue with certificates validation in
TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan
Bhargavan from Prosecco, Inria Paris.

- [332579] Low CVE-2013-6660: Information leak in drag and drop.
Credit to bishopjeffreys.

- [344876] Low-High CVE-2013-6661: Various fixes from internal audits,
fuzzing and other initiatives. Of these, seven are fixes for issues
that could have allowed for sandbox escapes from compromised
renderers.

See also :

http://googlechromereleases.blogspot.nl/
http://www.nessus.org/u?65ed3ecf

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 72676 ()

Bugtraq ID:

CVE ID: CVE-2013-6652
CVE-2013-6653
CVE-2013-6654
CVE-2013-6655
CVE-2013-6656
CVE-2013-6657
CVE-2013-6658
CVE-2013-6659
CVE-2013-6660
CVE-2013-6661

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now