Detections
Analytics

FreeBSD : chromium -- multiple vulnerabilities (4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec)

critical Nessus Plugin ID 145316

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Chrome Releases reports :

This release contains 36 security fixes, including :

- [1137179] Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10

- [1161357] High CVE-2021-21118: Insufficient data validation in V8.
Reported by Tyler Nighswander (@tylerni7) of Theori on 2020-12-23

- [1160534] High CVE-2021-21119: Use after free in Media. Reported by Anonymous on 2020-12-20

- [1160602] High CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2020-12-21

- [1161143] High CVE-2021-21121: Use after free in Omnibox. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-22

- [1162131] High CVE-2021-21122: Use after free in Blink. Reported by Renata Hodovan on 2020-12-28

- [1137247] High CVE-2021-21123: Insufficient data validation in File System API. Reported by Maciej Pulikowski on 2020-10-11

- [1131346] High CVE-2021-21124: Potential user after free in Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-09-23

- [1152327] High CVE-2021-21125: Insufficient policy enforcement in File System API. Reported by Ron Masas (Imperva) on 2020-11-24

- [1163228] High CVE-2020-16044: Use after free in WebRTC. Reported by Ned Williamson of Project Zero on 2021-01-05

- [1108126] Medium CVE-2021-21126: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-07-22

- [1115590] Medium CVE-2021-21127: Insufficient policy enforcement in extensions. Reported by Jasminder Pal Singh, Web Services Point WSP, Kotkapura on 2020-08-12

- [1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink.
Reported by Liang Dong on 2020-10-15

- [1140403] Medium CVE-2021-21129: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20

- [1140410] Medium CVE-2021-21130: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20

- [1140417] Medium CVE-2021-21131: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20

- [1128206] Medium CVE-2021-21132: Inappropriate implementation in DevTools. Reported by David Erceg on 2020-09-15

- [1157743] Medium CVE-2021-21133: Insufficient policy enforcement in Downloads. Reported by wester0x01 (https://twitter.com/wester0x01) on 2020-12-11

- [1157800] Medium CVE-2021-21134: Incorrect security UI in Page Info.
Reported by wester0x01 (https://twitter.com/wester0x01) on 2020-12-11

- [1157818] Medium CVE-2021-21135: Inappropriate implementation in Performance API. Reported by ndevtk on 2020-12-11

- [1038002] Low CVE-2021-21136: Insufficient policy enforcement in WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed on 2019-12-27

- [1093791] Low CVE-2021-21137: Inappropriate implementation in DevTools. Reported by bobblybear on 2020-06-11

- [1122487] Low CVE-2021-21138: Use after free in DevTools. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-08-27

- [1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported by David Manouchehri on 2020-10-08

- [1140435] Low CVE-2021-21141: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20

Solution

Update the affected package.

See Also

http://www.nessus.org/u?e7ec68ce

http://www.nessus.org/u?7ab2f89a

Plugin Details

Severity: Critical

ID: 145316

File Name: freebsd_pkg_4ed0e43c5cef11ebbafd3065ec8fd3ec.nasl

Version: 1.5

Type: local

Published: 1/25/2021

Updated: 1/26/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-21117

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-21132

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/22/2021

Vulnerability Publication Date: 1/19/2021

Reference Information

CVE: CVE-2020-16044, CVE-2021-21117, CVE-2021-21118, CVE-2021-21119, CVE-2021-21120, CVE-2021-21121, CVE-2021-21122, CVE-2021-21123, CVE-2021-21124, CVE-2021-21125, CVE-2021-21126, CVE-2021-21127, CVE-2021-21128, CVE-2021-21129, CVE-2021-21130, CVE-2021-21131, CVE-2021-21132, CVE-2021-21133, CVE-2021-21134, CVE-2021-21135, CVE-2021-21136, CVE-2021-21137, CVE-2021-21138, CVE-2021-21139, CVE-2021-21140, CVE-2021-21141