FreeBSD : chromium -- multiple vulnerabilities (a9d456b4-fe4c-11e4-ad15-00262d5ed8ee)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Google Chrome Releases reports :

37 security fixes in this release, including :

- [474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to

- [464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to

- [444927] High CVE-2015-1254: Cross-origin bypass in Editing. Credit

- [473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit to
Khalil Zhani.

- [478549] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte
Kettunen of OUSPG.

- [481015] High CVE-2015-1251: Use-after-free in Speech. Credit to
SkyLined working with HP's Zero Day Initiative.

- [468519] Medium CVE-2015-1257: Container-overflow in SVG. Credit to

- [450939] Medium CVE-2015-1258: Negative-size parameter in libvpx.
Credit to cloudfuzzer

- [468167] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit
to Atte Kettunen of OUSPG

- [474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to
Khalil Zhani.

- [466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho

- [476647] Medium CVE-2015-1262: Uninitialized value in Blink. Credit
to miaubiz.

- [479162] Low CVE-2015-1263: Insecure download of spellcheck
dictionary. Credit to Mike Ruddy.

- [481015] Low CVE-2015-1264: Cross-site scripting in bookmarks.
Credit to K0r3Ph1L.

- [489518] CVE-2015-1265: Various fixes from internal audits, fuzzing
and other initiatives.

- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now