FreeBSD : chromium -- multiple vulnerabilities (1449af37-9eba-11e1-b9c1-00262d5ed8ee)

critical Nessus Plugin ID 59103
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Google Chrome Releases reports :

[112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG.

[113496] Low CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community.

[118374] Medium CVE-2011-3085: UI corruption with long autofilled values. Credit to 'psaldorn'.

[118642] High CVE-2011-3086: Use-after-free with style element. Credit to Arthur Gerkis.

[118664] Low CVE-2011-3087: Incorrect window navigation. Credit to Charlie Reis of the Chromium development community.

[120648] Medium CVE-2011-3088: Out-of-bounds read in hairline drawing.
Credit to Aki Helin of OUSPG.

[120711] High CVE-2011-3089: Use-after-free in table handling. Credit to miaubiz.

[121223] Medium CVE-2011-3090: Race condition with workers. Credit to Arthur Gerkis.

[121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to Google Chrome Security Team (Inferno).

[122337] High CVE-2011-3092: Invalid write in v8 regex. Credit to Christian Holler.

[122585] Medium CVE-2011-3093: Out-of-bounds read in glyph handling.
Credit to miaubiz.

[122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling.
Credit to miaubiz.

[123481] High CVE-2011-3095: Out-of-bounds write in OGG container.
Credit to Hannu Heikkinen.

[Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox handling. Credit to Arthur Gerkis.

[123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy Stepanov of Google.

[124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font encoding name. Credit to Mateusz Jurczyk of Google Security Team and Gynvael Coldwind of Google Security Team.

[124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths.
Credit to Google Chrome Security Team (Inferno).

Solution

Update the affected package.

See Also

http://www.nessus.org/u?29fa020e

http://www.nessus.org/u?52ef9bf4

Plugin Details

Severity: Critical

ID: 59103

File Name: freebsd_pkg_1449af379eba11e1b9c100262d5ed8ee.nasl

Version: 1.5

Type: local

Published: 5/16/2012

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/15/2012

Vulnerability Publication Date: 5/15/2012

Reference Information

CVE: CVE-2011-3083, CVE-2011-3084, CVE-2011-3085, CVE-2011-3086, CVE-2011-3087, CVE-2011-3088, CVE-2011-3089, CVE-2011-3090, CVE-2011-3091, CVE-2011-3092, CVE-2011-3093, CVE-2011-3094, CVE-2011-3095, CVE-2011-3096, CVE-2011-3097, CVE-2011-3099, CVE-2011-3100