New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.7
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionGoogle Chrome Releases reports :
35 security fixes in this release, including :
-  High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
-  High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
-  High CVE-2017-5126: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-08-30
-  High CVE-2017-5127: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-09-14
-  High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
-  High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
-  High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan of Adobe Systems India Pvt. Ltd.
-  High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde on 2017-05-14
-  Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
-  Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
-  Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
-  Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu on 2017-08-16
-  Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
-  Medium CVE-2017-15389: URL spoofing in Omnibox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
-  Medium CVE-2017-15390: URL spoofing in Omnibox. Reported by Haosheng Wang on 2017-07-28
-  Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by Joao Lucas Melo Brasio on 2016-03-28
-  Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu on 2017-04-22
-  Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
-  Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam on 2017-07-18
-  Low CVE-2017-15395: NULL pointer dereference in ImageCapture. Reported by Johannes Bergman on 2017-08-28
-  Various fixes from internal audits, fuzzing and other initiatives
SolutionUpdate the affected package.