FreeBSD : chromium -- multiple vulnerabilities (6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Google Chrome Releases reports :

48 security fixes in this release, including :

- [610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to
Pinkie Pie xisigr of Tencent's Xuanwu Lab

- [613949] High CVE-2016-1708: Use-after-free in Extensions. Credit to
Adam Varsan

- [614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit
to ChenQin of Topsec Security Team

- [616907] High CVE-2016-1710: Same-origin bypass in Blink. Credit to
Mariusz Mlynski

- [617495] High CVE-2016-1711: Same-origin bypass in Blink. Credit to
Mariusz Mlynski

- [618237] High CVE-2016-5127: Use-after-free in Blink. Credit to
cloudfuzzer

- [619166] High CVE-2016-5128: Same-origin bypass in V8. Credit to
Anonymous

- [620553] High CVE-2016-5129: Memory corruption in V8. Credit to
Jeonghoon Shin

- [623319] High CVE-2016-5130: URL spoofing. Credit to Wadih Matar

- [623378] High CVE-2016-5131: Use-after-free in libxml. Credit to
Nick Wellnhofer

- [607543] Medium CVE-2016-5132: Limited same-origin bypass in Service
Workers. Credit to Ben Kelly

- [613626] Medium CVE-2016-5133: Origin confusion in proxy
authentication. Credit to Patch Eudor

- [593759] Medium CVE-2016-5134: URL leakage via PAC script. Credit to
Paul Stone

- [605451] Medium CVE-2016-5135: Content-Security-Policy bypass.
Credit to kingxwy

- [625393] Medium CVE-2016-5136: Use after free in extensions. Credit
to Rob Wu

- [625945] Medium CVE-2016-5137: History sniffing with HSTS and CSP.
Credit to Xiaoyin Liu

- [629852] CVE-2016-1705: Various fixes from internal audits, fuzzing
and other initiatives.

See also :

http://www.nessus.org/u?3f4bd83a
http://www.nessus.org/u?e6d339fd

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now