FreeBSD : chromium -- multiple vulnerabilities (548f74bd-993c-11e5-956b-00262d5ed8ee)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Google Chrome Releases reports :

41 security fixes in this release, including :

- [558589] Critical CVE-2015-6765: Use-after-free in AppCache. Credit
to anonymous.

- [551044] High CVE-2015-6766: Use-after-free in AppCache. Credit to
anonymous.

- [554908] High CVE-2015-6767: Use-after-free in AppCache. Credit to
anonymous.

- [556724] High CVE-2015-6768: Cross-origin bypass in DOM. Credit to
Mariusz Mlynski.

- [534923] High CVE-2015-6769: Cross-origin bypass in core. Credit to
Mariusz Mlynski.

- [541206] High CVE-2015-6770: Cross-origin bypass in DOM. Credit to
Mariusz Mlynski.

- [544991] High CVE-2015-6771: Out of bounds access in v8. Credit to
anonymous.

- [546545] High CVE-2015-6772: Cross-origin bypass in DOM. Credit to
Mariusz Mlynski.

- [554946] High CVE-2015-6764: Out of bounds access in v8. Credit to
Guang Gong of Qihoo 360 via pwn2own.

- [491660] High CVE-2015-6773: Out of bounds access in Skia. Credit to
cloudfuzzer.

- [549251] High CVE-2015-6774: Use-after-free in Extensions. Credit to
anonymous.

- [529012] High CVE-2015-6775: Type confusion in PDFium. Credit to
Atte Kettunen of OUSPG.

- [457480] High CVE-2015-6776: Out of bounds access in PDFium. Credit
to Hanno Bock.

- [544020] High CVE-2015-6777: Use-after-free in DOM. Credit to Long
Liu of Qihoo 360Vulcan Team.

- [514891] Medium CVE-2015-6778: Out of bounds access in PDFium.
Credit to Karl Skomski.

- [528505] Medium CVE-2015-6779: Scheme bypass in PDFium. Credit to
Til Jasper Ullrich.

- [490492] Medium CVE-2015-6780: Use-after-free in Infobars. Credit to
Khalil Zhani.

- [497302] Medium CVE-2015-6781: Integer overflow in Sfntly. Credit to
miaubiz.

- [536652] Medium CVE-2015-6782: Content spoofing in Omnibox. Credit
to Luan Herrera.

- [537205] Medium CVE-2015-6783: Signature validation issue in Android
Crazy Linker. Credit to Michal Bednarski.

- [503217] Low CVE-2015-6784: Escaping issue in saved pages. Credit to
Inti De Ceukelaire.

- [534542] Low CVE-2015-6785: Wildcard matching issue in CSP. Credit
to Michael Ficarra / Shape Security.

- [534570] Low CVE-2015-6786: Scheme bypass in CSP. Credit to Michael
Ficarra / Shape Security.

- [563930] CVE-2015-6787: Various fixes from internal audits, fuzzing
and other initiatives.

- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch
(currently 4.7.80.23).

See also :

http://www.nessus.org/u?dc8c7b02
http://www.nessus.org/u?eeb4ee45

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)