FreeBSD : chromium -- multiple vulnerabilities (b57f690e-ecc9-11e4-876c-00262d5ed8ee)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Google Chrome Releases reports :

45 new security fixes, including :

- [456518] High CVE-2015-1235: Cross-origin-bypass in HTML parser.
Credit to anonymous.

- [313939] Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit
to Amitay Dobo.

- [461191] High CVE-2015-1237: Use-after-free in IPC. Credit to Khalil
Zhani.

- [445808] High CVE-2015-1238: Out-of-bounds write in Skia. Credit to
cloudfuzzer.

- [463599] Medium CVE-2015-1240: Out-of-bounds read in WebGL. Credit
to w3bd3vil.

- [418402] Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon
and Matt Weston of Sandfield Information Systems.

- [460917] High CVE-2015-1242: Type confusion in V8. Credit to
[email protected]

- [455215] Medium CVE-2015-1244: HSTS bypass in WebSockets. Credit to
Mike Ruddy.

- [444957] Medium CVE-2015-1245: Use-after-free in PDFium. Credit to
Khalil Zhani.

- [437399] Medium CVE-2015-1246: Out-of-bounds read in Blink. Credit
to Atte Kettunen of OUSPG.

- [429838] Medium CVE-2015-1247: Scheme issues in OpenSearch. Credit
to Jann Horn.

- [380663] Medium CVE-2015-1248: SafeBrowsing bypass. Credit to
Vittorio Gambaletta (VittGam).

- [476786] CVE-2015-1249: Various fixes from internal audits, fuzzing
and other initiatives. Multiple vulnerabilities in V8 fixed at the tip
of the 4.2 branch (currently 4.2.77.14).

See also :

http://www.nessus.org/u?2a57bf0f
http://www.nessus.org/u?d68a0ca4

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now