FreeBSD : chromium -- multiple vulnerabilities (f3d86439-9def-11eb-97a0-e09467587c17)

critical Nessus Plugin ID 148704

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Chrome Releases reports :

This release contains 37 security fixes, including :

- [1025683] High CVE-2021-21201: Use after free in permissions.
Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on 2019-11-18

- [1188889] High CVE-2021-21202: Use after free in extensions.
Reported by David Erceg on 2021-03-16

- [1192054] High CVE-2021-21203: Use after free in Blink. Reported by asnine on 2021-03-24

- [1189926] High CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw on 2021-03-19

- [1165654] High CVE-2021-21205: Insufficient policy enforcement in navigation. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-01-12

- [1195333] High CVE-2021-21221: Insufficient validation of untrusted input in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02

- [1185732] Medium CVE-2021-21207: Use after free in IndexedDB.
Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-03-08

- [1039539] Medium CVE-2021-21208: Insufficient data validation in QR scanner. Reported by Ahmed Elsobky (@0xsobky) on 2020-01-07

- [1143526] Medium CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem (@tomvangoethem) on 2020-10-29

- [1184562] Medium CVE-2021-21210: Inappropriate implementation in Network. Reported by @bananabr on 2021-03-04

- [1103119] Medium CVE-2021-21211: Inappropriate implementation in Navigation. Reported by Akash Labade (m0ns7er) on 2020-07-08

- [1145024] Medium CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03

- [1161806] Medium CVE-2021-21213: Use after free in WebMIDI. Reported by raven (@raid_akame) on 2020-12-25

- [1170148] Medium CVE-2021-21214: Use after free in Network API.
Reported by Anonymous on 2021-01-24

- [1172533] Medium CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-01-30

- [1173297] Medium CVE-2021-21216: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-02

- [1166462] Low CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14

- [1166478] Low CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14

- [1166972] Low CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-15

Solution

Update the affected package.

See Also

http://www.nessus.org/u?ec023c8b

http://www.nessus.org/u?b2e18135

Plugin Details

Severity: Critical

ID: 148704

File Name: freebsd_pkg_f3d864399def11eb97a0e09467587c17.nasl

Version: 1.4

Type: local

Published: 4/16/2021

Updated: 5/10/2022

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2021-21214

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

CVSS Score Source: CVE-2021-21201

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 4/15/2021

Vulnerability Publication Date: 4/14/2021

Reference Information

CVE: CVE-2021-21201, CVE-2021-21202, CVE-2021-21203, CVE-2021-21204, CVE-2021-21205, CVE-2021-21207, CVE-2021-21208, CVE-2021-21209, CVE-2021-21210, CVE-2021-21211, CVE-2021-21212, CVE-2021-21213, CVE-2021-21214, CVE-2021-21215, CVE-2021-21216, CVE-2021-21217, CVE-2021-21218, CVE-2021-21219, CVE-2021-21221