FreeBSD : chromium -- multiple vulnerabilities (c039a761-2c29-11e6-8912-3065ec8fd3ec)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Google Chrome Releases reports :

15 security fixes in this release, including :

- 601073] High CVE-2016-1696: Cross-origin bypass in Extension
bindings. Credit to anonymous.

- [613266] High CVE-2016-1697: Cross-origin bypass in Blink. Credit to
Mariusz Mlynski.

- [603725] Medium CVE-2016-1698: Information leak in Extension
bindings. Credit to Rob Wu.

- [607939] Medium CVE-2016-1699: Parameter sanitization failure in
DevTools. Credit to Gregory Panakkal.

- [608104] Medium CVE-2016-1700: Use-after-free in Extensions. Credit
to Rob Wu.

- [608101] Medium CVE-2016-1701: Use-after-free in Autofill. Credit to
Rob Wu.

- [609260] Medium CVE-2016-1702: Out-of-bounds read in Skia. Credit to
cloudfuzzer.

- [616539] CVE-2016-1703: Various fixes from internal audits, fuzzing
and other initiatives.

See also :

http://www.nessus.org/u?31396e56
http://www.nessus.org/u?ae244af0

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 91491 ()

Bugtraq ID:

CVE ID: CVE-2016-1695
CVE-2016-1696
CVE-2016-1697
CVE-2016-1698
CVE-2016-1699
CVE-2016-1700
CVE-2016-1701
CVE-2016-1702
CVE-2016-1703

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now