FreeBSD : chromium -- multiple vulnerabilities (d2bbcc01-4ec3-11e4-ab3f-00262d5ed8ee)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Google Chrome Releases reports :

159 security fixes in this release, including 113 found using
MemorySanitizer :

- [416449] Critical CVE-2014-3188: A special thanks to Juri Aedla for
a combination of V8 and IPC bugs that can lead to remote code
execution outside of the sandbox.

- [398384] High CVE-2014-3189: Out-of-bounds read in PDFium. Credit to
cloudfuzzer.

- [400476] High CVE-2014-3190: Use-after-free in Events. Credit to
cloudfuzzer.

- [402407] High CVE-2014-3191: Use-after-free in Rendering. Credit to
cloudfuzzer.

- [403276] High CVE-2014-3192: Use-after-free in DOM. Credit to
cloudfuzzer.

- [399655] High CVE-2014-3193: Type confusion in Session Management.
Credit to miaubiz.

- [401115] High CVE-2014-3194: Use-after-free in Web Workers. Credit
to Collin Payne.

- [403409] Medium CVE-2014-3195: Information Leak in V8. Credit to
Juri Aedla.

- [338538] Medium CVE-2014-3196: Permissions bypass in Windows
Sandbox. Credit to James Forshaw.

- [396544] Medium CVE-2014-3197: Information Leak in XSS Auditor.
Credit to Takeshi Terada.

- [415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. Credit
to Atte Kettunen of OUSPG.

- [395411] Low CVE-2014-3199: Release Assert in V8 bindings. Credit to
Collin Payne.

- [420899] CVE-2014-3200: Various fixes from internal audits, fuzzing
and other initiatives (Chrome 38).

- Multiple vulnerabilities in V8 fixed at the tip of the 3.28 branch
(currently 3.28.71.15).

See also :

http://www.nessus.org/u?fab8e882
http://www.nessus.org/u?25293c88

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now