FreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Google Chrome Releases reports :

42 security fixes in this release, including :

- [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli
Grey.

- [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to
Atte Kettunen from OUSPG.

- [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to
cloudfuzzer.

- [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to
cloudfuzzer.

- [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to
cloudfuzzer.

- [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte
Kettunen from OUSPG.

- [421817] High CVE-2014-7905: Flaw allowing navigation to intents
that do not have the BROWSABLE category. Credit to WangTao(neobyte) of
Baidu X-Team.

- [423030] High CVE-2014-7906: Use-after-free in pepper plugins.
Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.

- [423703] High CVE-2014-0574: Double-free in Flash. Credit to
biloulehibou.

- [424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen
Zhang (demi6od) of the NSFOCUS Security Team.

- [425980] High CVE-2014-7908: Integer overflow in media. Credit to
Christoph Diehl.

- [391001] Medium CVE-2014-7909: Uninitialized memory read in Skia.
Credit to miaubiz.

- CVE-2014-7910: Various fixes from internal audits, fuzzing and other
initiatives.

See also :

http://www.nessus.org/u?f4b30c17
http://www.nessus.org/u?c2afe019

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now