FreeBSD : chromium -- multiple vulnerabilities (1449af37-9eba-11e1-b9c1-00262d5ed8ee)

Critical Nessus Plugin ID 59103

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Google Chrome Releases reports :

[112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG.

[113496] Low CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community.

[118374] Medium CVE-2011-3085: UI corruption with long autofilled values. Credit to 'psaldorn'.

[118642] High CVE-2011-3086: Use-after-free with style element. Credit to Arthur Gerkis.

[118664] Low CVE-2011-3087: Incorrect window navigation. Credit to Charlie Reis of the Chromium development community.

[120648] Medium CVE-2011-3088: Out-of-bounds read in hairline drawing.
Credit to Aki Helin of OUSPG.

[120711] High CVE-2011-3089: Use-after-free in table handling. Credit to miaubiz.

[121223] Medium CVE-2011-3090: Race condition with workers. Credit to Arthur Gerkis.

[121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to Google Chrome Security Team (Inferno).

[122337] High CVE-2011-3092: Invalid write in v8 regex. Credit to Christian Holler.

[122585] Medium CVE-2011-3093: Out-of-bounds read in glyph handling.
Credit to miaubiz.

[122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling.
Credit to miaubiz.

[123481] High CVE-2011-3095: Out-of-bounds write in OGG container.
Credit to Hannu Heikkinen.

[Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox handling. Credit to Arthur Gerkis.

[123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy Stepanov of Google.

[124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font encoding name. Credit to Mateusz Jurczyk of Google Security Team and Gynvael Coldwind of Google Security Team.

[124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths.
Credit to Google Chrome Security Team (Inferno).

Solution

Update the affected package.

See Also

http://www.nessus.org/u?29fa020e

http://www.nessus.org/u?52ef9bf4

Plugin Details

Severity: Critical

ID: 59103

File Name: freebsd_pkg_1449af379eba11e1b9c100262d5ed8ee.nasl

Version: 1.4

Type: local

Published: 2012/05/16

Updated: 2020/09/23

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 6.7

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2012/05/15

Vulnerability Publication Date: 2012/05/15

Reference Information

CVE: CVE-2011-3083, CVE-2011-3084, CVE-2011-3085, CVE-2011-3086, CVE-2011-3087, CVE-2011-3088, CVE-2011-3089, CVE-2011-3090, CVE-2011-3091, CVE-2011-3092, CVE-2011-3093, CVE-2011-3094, CVE-2011-3095, CVE-2011-3096, CVE-2011-3097, CVE-2011-3099, CVE-2011-3100