FreeBSD : chromium -- multiple vulnerabilities (40d5ab37-85f2-11e2-b528-00262d5ed8ee)

High Nessus Plugin ID 65067


The remote FreeBSD host is missing a security-related update.


Google Chrome Releases reports :

[176882] High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva.

[176252] High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to 'chromium.khalil'.

[172926] [172331] High CVE-2013-0904: Memory corruption in Web Audio.
Credit to Atte Kettunen of OUSPG.

[168982] High CVE-2013-0905: Use-after-free with SVG animations.
Credit to Atte Kettunen of OUSPG.

[174895] High CVE-2013-0906: Memory corruption in Indexed DB. Credit to Google Chrome Security Team (Juri Aedla).

[174150] Medium CVE-2013-0907: Race condition in media thread handling. Credit to Andrew Scherkus of the Chromium development community.

[174059] Medium CVE-2013-0908: Incorrect handling of bindings for extension processes.

[173906] Low CVE-2013-0909: Referer leakage with XSS Auditor. Credit to Egor Homakov.

[172573] Medium CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. Credit to Google Chrome Security Team (Chris Evans).

[172264] High CVE-2013-0911: Possible path traversal in database handling. Credit to Google Chrome Security Team (Juri Aedla).


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 65067

File Name: freebsd_pkg_40d5ab3785f211e2b52800262d5ed8ee.nasl

Version: Revision: 1.5

Type: local

Published: 2013/03/07

Updated: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2013/03/06

Vulnerability Publication Date: 2013/03/04

Reference Information

CVE: CVE-2013-0902, CVE-2013-0903, CVE-2013-0904, CVE-2013-0905, CVE-2013-0906, CVE-2013-0907, CVE-2013-0908, CVE-2013-0909, CVE-2013-0910, CVE-2013-0911