FreeBSD : chromium -- multiple vulnerabilities (ff922811-c096-11e1-b0f4-00262d5ed8ee)

High Nessus Plugin ID 59750

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Google Chrome Releases reports :

[118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google.

[120222] High CVE-2012-2817: Use-after-free in table section handling.
Credit to miaubiz.

[120944] High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz.

[120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken 'gets' Russell of the Chromium development community.

[121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling. Credit to Atte Kettunen of OUSPG.

[122925] Medium CVE-2012-2821: Autofill display problem. Credit to 'simonbrown60'.

[various] Medium CVE-2012-2822: Misc. lower severity OOB read issues in PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany, Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind).

[124356] High CVE-2012-2823: Use-after-free in SVG resource handling.
Credit to miaubiz.

[125374] High CVE-2012-2824: Use-after-free in SVG painting. Credit to miaubiz.

[128688] Medium CVE-2012-2826: Out-of-bounds read in texture conversion. Credit to Google Chrome Security Team (Inferno).

[Mac only] [129826] Low CVE-2012-2827: Use-after-free in Mac UI.
Credit to the Chromium development community (Dharani Govindan).

[129857] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz Jurczyk of Google Security Team and Google Chrome Security Team (Chris Evans).

[129947] High CVE-2012-2829: Use-after-free in first-letter handling.
Credit to miaubiz.

[129951] High CVE-2012-2830: Wild pointer in array value setting.
Credit to miaubiz.

[130356] High CVE-2012-2831: Use-after-free in SVG reference handling.
Credit to miaubiz.

[131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec.
Credit to Mateusz Jurczyk of Google Security Team.

[132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to Mateusz Jurczyk of Google Security Team.

[132779] High CVE-2012-2834: Integer overflow in Matroska container.
Credit to Juri Aedla.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?29fa020e

http://www.nessus.org/u?09fae784

Plugin Details

Severity: High

ID: 59750

File Name: freebsd_pkg_ff922811c09611e1b0f400262d5ed8ee.nasl

Version: 1.4

Type: local

Published: 2012/06/28

Updated: 2021/01/06

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2012/06/27

Vulnerability Publication Date: 2012/06/26

Reference Information

CVE: CVE-2012-2815, CVE-2012-2817, CVE-2012-2818, CVE-2012-2819, CVE-2012-2820, CVE-2012-2821, CVE-2012-2822, CVE-2012-2823, CVE-2012-2824, CVE-2012-2826, CVE-2012-2827, CVE-2012-2828, CVE-2012-2829, CVE-2012-2830, CVE-2012-2831, CVE-2012-2832, CVE-2012-2833, CVE-2012-2834