FreeBSD : chromium -- multiple vulnerabilities (358133b5-c2b9-11e2-a738-00262d5ed8ee)

High Nessus Plugin ID 66549

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Google Chrome Releases reports :

[235638] High CVE-2013-2837: Use-after-free in SVG. Credit to Slawomir Blazek.

[235311] Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler.

[230176] High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity.

[230117] High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity.

[227350] High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva.

[226696] High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux.

[222000] High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani.

[196393] High CVE-2013-2844: Use-after-free in style resolution.
Credit to Sachin Shinde (@cons0ul).

[188092] [179522] [222136] [188092] High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG.

[177620] High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva.

[176692] High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne.

[176137] Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov.

[171392] Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
Credit to Mario Heiderich.

[241595] High CVE-2013-2836: Various fixes from internal audits, fuzzing and other initiatives.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?6bd43a3e

http://www.nessus.org/u?151e7dec

Plugin Details

Severity: High

ID: 66549

File Name: freebsd_pkg_358133b5c2b911e2a73800262d5ed8ee.nasl

Version: 1.5

Type: local

Published: 2013/05/23

Updated: 2020/09/23

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2013/05/22

Vulnerability Publication Date: 2013/05/21

Reference Information

CVE: CVE-2013-2836, CVE-2013-2837, CVE-2013-2838, CVE-2013-2839, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2845, CVE-2013-2846, CVE-2013-2847, CVE-2013-2848, CVE-2013-2849