FreeBSD : chromium -- multiple vulnerabilities (674ed047-be0a-11eb-b927-3065ec8fd3ec)

high Nessus Plugin ID 150015


New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote FreeBSD host is missing a security-related update.


Chrome Releases reports :

This release contains 32 security fixes, including :

- [1208721] High CVE-2021-30521: Heap buffer overflow in Autofill.
Reported by ZhanJia Song on 2021-05-13

- [1176218] High CVE-2021-30522: Use after free in WebAudio. Reported by Piotr Bania of Cisco Talos on 2021-02-09

- [1187797] High CVE-2021-30523: Use after free in WebRTC. Reported by Tolyan Korniltsev on 2021-03-13

- [1197146] High CVE-2021-30524: Use after free in TabStrip. Reported by David Erceg on 2021-04-08

- [1197888] High CVE-2021-30525: Use after free in TabGroups. Reported by David Erceg on 2021-04-11

- [1198717] High CVE-2021-30526: Out of bounds write in TabStrip.
Reported by David Erceg on 2021-04-13

- [1199198] High CVE-2021-30527: Use after free in WebUI. Reported by David Erceg on 2021-04-15

- [1206329] High CVE-2021-30528: Use after free in WebAuthentication.
Reported by Man Yue Mo of GitHub Security Lab on 2021-05-06

- [1195278] Medium CVE-2021-30529: Use after free in Bookmarks.
Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-02

- [1201033] Medium CVE-2021-30530: Out of bounds memory access in WebAudio. Reported by kkwon on 2021-04-21

- [1115628] Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-12

- [1117687] Medium CVE-2021-30532: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-18

- [1145553] Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker. Reported by Eliya Stein on 2020-11-04

- [1151507] Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox. Reported by Alesandro Ortiz on 2020-11-20

- [1194899] Medium CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2021-04-01

- [1145024] Medium CVE-2021-21212: Insufficient data validation in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03

- [1194358] Low CVE-2021-30536: Out of bounds read in V8. Reported by Chris Salls (@salls) on 2021-03-31

- [830101] Low CVE-2021-30537: Insufficient policy enforcement in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06

- [1115045] Low CVE-2021-30538: Insufficient policy enforcement in content security policy. Reported by Tianze Ding (@D1iv3) of Tencent Security Xuanwu Lab on 2020-08-11

- [971231] Low CVE-2021-30539: Insufficient policy enforcement in content security policy. Reported by unnamed researcher on 2019-06-05

- [1184147] Low CVE-2021-30540: Incorrect security UI in payments.
Reported by @retsew0x01 on 2021-03-03


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 150015

File Name: freebsd_pkg_674ed047be0a11ebb9273065ec8fd3ec.nasl

Version: 1.6

Type: local

Published: 5/27/2021

Updated: 6/28/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2021-30535


Risk Factor: Medium

Score: 6.7


Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*, p-cpe:2.3:a:freebsd:freebsd:chromium:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 5/26/2021

Vulnerability Publication Date: 5/25/2021

Reference Information

CVE: CVE-2021-21212, CVE-2021-30521, CVE-2021-30522, CVE-2021-30523, CVE-2021-30524, CVE-2021-30525, CVE-2021-30526, CVE-2021-30527, CVE-2021-30528, CVE-2021-30529, CVE-2021-30530, CVE-2021-30531, CVE-2021-30532, CVE-2021-30533, CVE-2021-30534, CVE-2021-30535, CVE-2021-30536, CVE-2021-30537, CVE-2021-30538, CVE-2021-30539, CVE-2021-30540

IAVA: 2021-A-0253-S