FreeBSD : chromium -- multiple vulnerabilities (1ba21ff1-e672-11eb-a686-3065ec8fd3ec)

high Nessus Plugin ID 151809

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Chrome Releases reports :

This release contains 8 security fixes, including :

- [1219082] High CVE-2021-30559: Out of bounds write in ANGLE.
Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11

- [1214842] High CVE-2021-30541: Use after free in V8. Reported by Richard Wheeldon on 2021-05-31

- [1219209] High CVE-2021-30560: Use after free in Blink XSLT.
Reported by Nick Wellnhofer on 2021-06-12

- [1219630] High CVE-2021-30561: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-14

- [1220078] High CVE-2021-30562: Use after free in WebSerial. Reported by Anonymous on 2021-06-15

- [1228407] High CVE-2021-30563: Type Confusion in V8. Reported by Anonymous on 2021-07-12

- [1221309] Medium CVE-2021-30564: Heap buffer overflow in WebXR.
Reported by Ali Merchant, iQ3Connect VR Platform on 2021-06-17

Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?f55982c9

http://www.nessus.org/u?3c9ce4ad

Plugin Details

Severity: High

ID: 151809

File Name: freebsd_pkg_1ba21ff1e67211eba6863065ec8fd3ec.nasl

Version: 1.4

Type: local

Published: 7/19/2021

Updated: 8/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2021-30564

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/16/2021

Vulnerability Publication Date: 7/15/2021

Reference Information

CVE: CVE-2021-30541, CVE-2021-30559, CVE-2021-30560, CVE-2021-30561, CVE-2021-30562, CVE-2021-30563, CVE-2021-30564