FreeBSD : chromium -- multiple vulnerabilities (76487640-ea29-11eb-a686-3065ec8fd3ec)

critical Nessus Plugin ID 151972

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Chrome Releases reports :

This release contains 35 security fixes, including :

- ][1210985] High CVE-2021-30565: Out of bounds write in Tab Groups.
Reported by David Erceg on 2021-05-19

- [1202661] High CVE-2021-30566: Stack buffer overflow in Printing.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26

- [1211326] High CVE-2021-30567: Use after free in DevTools. Reported by DDV_UA on 2021-05-20

- [1219886] High CVE-2021-30568: Heap buffer overflow in WebGL.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15

- [1218707] High CVE-2021-30569: Use after free in sqlite. Reported by Chris Salls (@salls) of Makai Security on 2021-06-11

- [1101897] High CVE-2021-30571: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-07-03

- [1214234] High CVE-2021-30572: Use after free in Autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-28

- [1216822] High CVE-2021-30573: Use after free in GPU. Reported by Security For Everyone Team - https://securityforeveryone.com on 2021-06-06

- [1227315] High CVE-2021-30574: Use after free in protocol handling.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-08

- [1213313] Medium CVE-2021-30575: Out of bounds read in Autofill.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-05-26

- [1194896] Medium CVE-2021-30576: Use after free in DevTools.
Reported by David Erceg on 2021-04-01

- [1204811] Medium CVE-2021-30577: Insufficient policy enforcement in Installer. Reported by Jan van der Put (REQON B.V) on 2021-05-01

- [1201074] Medium CVE-2021-30578: Uninitialized Use in Media.
Reported by Chaoyuan Peng on 2021-04-21

- [1207277] Medium CVE-2021-30579: Use after free in UI framework.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-10

- [1189092] Medium CVE-2021-30580: Insufficient policy enforcement in Android intents. Reported by @retsew0x01 on 2021-03-17

- [1194431] Medium CVE-2021-30581: Use after free in DevTools.
Reported by David Erceg on 2021-03-31

- [1205981] Medium CVE-2021-30582: Inappropriate implementation in Animation. Reported by George Liu on 2021-05-05

- [1179290] Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows. Reported by Muneaki Nishimura (nishimunea) on 2021-02-17

- [1213350] Medium CVE-2021-30584: Incorrect security UI in Downloads.
Reported by @retsew0x01 on 2021-05-26

- [1023503] Medium CVE-2021-30585: Use after free in sensor handling.
Reported by niarci on 2019-11-11

- [1201032] Medium CVE-2021-30586: Use after free in dialog box handling on Windows. Reported by kkomdal with kkwon and neodal on 2021-04-21

- [1204347] Medium CVE-2021-30587: Inappropriate implementation in Compositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30

- [1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04

- [1180510] Low CVE-2021-30589: Insufficient validation of untrusted input in Sharing. Reported by Kirtikumar Anandrao Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on 2021-02-20

Solution

Update the affected package.

See Also

http://www.nessus.org/u?b961beb2

http://www.nessus.org/u?072c2990

Plugin Details

Severity: Critical

ID: 151972

File Name: freebsd_pkg_76487640ea2911eba6863065ec8fd3ec.nasl

Version: 1.8

Type: local

Published: 7/22/2021

Updated: 12/7/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-30588

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-30571

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/21/2021

Vulnerability Publication Date: 7/20/2021

Reference Information

CVE: CVE-2021-30565, CVE-2021-30566, CVE-2021-30567, CVE-2021-30568, CVE-2021-30569, CVE-2021-30571, CVE-2021-30572, CVE-2021-30573, CVE-2021-30574, CVE-2021-30575, CVE-2021-30576, CVE-2021-30577, CVE-2021-30578, CVE-2021-30579, CVE-2021-30580, CVE-2021-30581, CVE-2021-30582, CVE-2021-30583, CVE-2021-30584, CVE-2021-30585, CVE-2021-30586, CVE-2021-30587, CVE-2021-30588, CVE-2021-30589

IAVA: 2021-A-0346-S