FreeBSD : chromium -- multiple vulnerabilities (6d8505f0-0614-11e6-b39c-00262d5ed8ee)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Google Chrome Releases reports :

20 security fixes in this release, including :

- [590275] High CVE-2016-1652: Universal XSS in extension bindings.
Credit to anonymous.

- [589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit to
Choongwoo Han.

- [591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000
decoding. Credit to kdot working with HP's Zero Day Initiative.

- [589512] Medium CVE-2016-1654: Uninitialized memory read in media.
Credit to Atte Kettunen of OUSPG.

- [582008] Medium CVE-2016-1655: Use-after-free related to extensions.
Credit to Rob Wu.

- [570750] Medium CVE-2016-1656: Android downloaded file path
restriction bypass. Credit to Dzmitry Lukyanenko.

- [567445] Medium CVE-2016-1657: Address bar spoofing. Credit to Luan
Herrera.

- [573317] Low CVE-2016-1658: Potential leak of sensitive information
to malicious extensions. Credit to Antonio Sanso (@asanso) of Adobe.

- [602697] CVE-2016-1659: Various fixes from internal audits, fuzzing
and other initiatives.

See also :

http://www.nessus.org/u?0e0db6fd
http://www.nessus.org/u?a0aa1617

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 90592 ()

Bugtraq ID:

CVE ID: CVE-2016-1651
CVE-2016-1652
CVE-2016-1653
CVE-2016-1654
CVE-2016-1655
CVE-2016-1656
CVE-2016-1657
CVE-2016-1658
CVE-2016-1659

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now