FreeBSD : chromium -- multiple vulnerabilities (e30e0c99-a1b7-11e4-b85c-00262d5ed8ee)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Google Chrome Releases reports :

62 security fixes in this release, including :

- [430353] High CVE-2014-7923: Memory corruption in ICU. Credit to
yangdingning.

- [435880] High CVE-2014-7924: Use-after-free in IndexedDB. Credit to
Collin Payne.

- [434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit to
mark.buer.

- [422824] High CVE-2014-7926: Memory corruption in ICU. Credit to
yangdingning.

- [444695] High CVE-2014-7927: Memory corruption in V8. Credit to
Christian Holler.

- [435073] High CVE-2014-7928: Memory corruption in V8. Credit to
Christian Holler.

- [442806] High CVE-2014-7930: Use-after-free in DOM. Credit to
cloudfuzzer.

- [442710] High CVE-2014-7931: Memory corruption in V8. Credit to
cloudfuzzer.

- [443115] High CVE-2014-7929: Use-after-free in DOM. Credit to
cloudfuzzer.

- [429666] High CVE-2014-7932: Use-after-free in DOM. Credit to Atte
Kettunen of OUSPG.

- [427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit to
aohelin.

- [427249] High CVE-2014-7934: Use-after-free in DOM. Credit to
cloudfuzzer.

- [402957] High CVE-2014-7935: Use-after-free in Speech. Credit to
Khalil Zhani.

- [428561] High CVE-2014-7936: Use-after-free in Views. Credit to
Christoph Diehl.

- [419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit to
Atte Kettunen of OUSPG.

- [416323] High CVE-2014-7938: Memory corruption in Fonts. Credit to
Atte Kettunen of OUSPG.

- [399951] High CVE-2014-7939: Same-origin-bypass in V8. Credit to
Takeshi Terada.

- [433866] Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to
miaubiz.

- [428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to
Atte Kettunen of OUSPG and Christoph Diehl.

- [426762] Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit
to miaubiz.

- [422492] Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to
Atte Kettunen of OUSPG.

- [418881] Medium CVE-2014-7944: Out-of-bounds read in PDFium. Credit
to cloudfuzzer.

- [414310] Medium CVE-2014-7945: Out-of-bounds read in PDFium. Credit
to cloudfuzzer.

- [414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit
to miaubiz.

- [430566] Medium CVE-2014-7947: Out-of-bounds read in PDFium. Credit
to fuzztercluck.

- [414026] Medium CVE-2014-7948: Caching error in AppCache. Credit to
jiayaoqijia.

- [449894] CVE-2015-1205: Various fixes from internal audits, fuzzing
and other initiatives.

- Multiple vulnerabilities in V8 fixed at the tip of the 3.30 branch
(currently 3.30.33.15).

See also :

http://googlechromereleases.blogspot.nl
http://www.nessus.org/u?99e1a51c

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)