FreeBSD : chromium -- multiple vulnerabilities (a9350df8-5157-11e5-b5c1-e8e0b747a45a)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Google Chrome Releases reports :

29 security fixes in this release, including :

- [516377] High CVE-2015-1291: Cross-origin bypass in DOM. Credit to
anonymous.

- [522791] High CVE-2015-1292: Cross-origin bypass in ServiceWorker.
Credit to Mariusz Mlynski.

- [524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit to
Mariusz Mlynski.

- [492263] High CVE-2015-1294: Use-after-free in Skia. Credit to
cloudfuzzer.

- [502562] High CVE-2015-1295: Use-after-free in Printing. Credit to
anonymous.

- [421332] High CVE-2015-1296: Character spoofing in omnibox. Credit
to zcorpan.

- [510802] Medium CVE-2015-1297: Permission scoping error in
Webrequest. Credit to Alexander Kashev.

- [518827] Medium CVE-2015-1298: URL validation error in extensions.
Credit to Rob Wu.

- [416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit to
taro.suzuki.dev.

- [511616] Medium CVE-2015-1300: Information leak in Blink. Credit to
cgvwzq.

- [526825] CVE-2015-1301: Various fixes from internal audits, fuzzing
and other initiatives.

See also :

http://googlechromereleases.blogspot.nl
http://www.nessus.org/u?506a494f

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now