openSUSE Security Update : chromium (openSUSE-SU-2014:0783-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

chromium was updated to version 35.0.1916.114 to fix various security
issues. Security fixes :

- CVE-2014-1743: Use-after-free in styles

- CVE-2014-1744: Integer overflow in audio

- CVE-2014-1745: Use-after-free in SVG

- CVE-2014-1746: Out-of-bounds read in media filters

- CVE-2014-1747: UXSS with local MHTML file

- CVE-2014-1748: UI spoofing with scrollbar

- CVE-2014-1749: Various fixes from internal audits,
fuzzing and other initiatives

- CVE-2014-3152: Integer underflow in V8 fixed

- CVE-2014-1740: Use-after-free in WebSockets

- CVE-2014-1741: Integer overflow in DOM range

- CVE-2014-1742: Use-after-free in editing and 17 more for
which no detailed information is given.

See also :

http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html

Solution :

Update the affected chromium packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now