FreeBSD : chromium -- multiple vulnerabilities (219d0bfd-a915-11e1-b519-00262d5ed8ee)

Critical Nessus Plugin ID 59281

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Google Chrome Releases reports :

[117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson).

[118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).

[120912] High CVE-2011-3105: Use-after-free in first-letter handling.
Credit to miaubiz.

[122654] Critical CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan).

[124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan).

[125159] Critical CVE-2011-3108: Use-after-free in browser cache.
Credit to 'efbiaiinzinz'.

[Linux only] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholome.

[126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

[126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler.

[127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

[127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

[128014] High CVE-2011-3114: Buffer overflows with PDF functions.
Credit to Google Chrome Security Team (scarybeasts).

[128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?29fa020e

http://www.nessus.org/u?a001d350

Plugin Details

Severity: Critical

ID: 59281

File Name: freebsd_pkg_219d0bfda91511e1b51900262d5ed8ee.nasl

Version: Revision: 1.2

Type: local

Published: 2012/05/29

Updated: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2012/05/28

Vulnerability Publication Date: 2012/05/23

Reference Information

CVE: CVE-2011-3103, CVE-2011-3104, CVE-2011-3105, CVE-2011-3106, CVE-2011-3107, CVE-2011-3108, CVE-2011-3110, CVE-2011-3111, CVE-2011-3112, CVE-2011-3113, CVE-2011-3114, CVE-2011-3115