FreeBSD : chromium -- multiple vulnerabilities (4865d189-cd62-11e2-ae11-00262d5ed8ee)

Critical Nessus Plugin ID 66799


The remote FreeBSD host is missing a security-related update.


Google Chrome Releases reports :

[242322] Medium CVE-2013-2855: Memory corruption in dev tools API.
Credit to 'daniel.zulla'.

[242224] High CVE-2013-2856: Use-after-free in input handling. Credit to miaubiz.

[240124] High CVE-2013-2857: Use-after-free in image handling. Credit to miaubiz.

[239897] High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit to 'cdel921'.

[237022] High CVE-2013-2859: Cross-origin namespace pollution. to 'bobbyholley'.

[225546] High CVE-2013-2860: Use-after-free with workers accessing database APIs. Credit to Collin Payne.

[209604] High CVE-2013-2861: Use-after-free with SVG. Credit to miaubiz.

[161077] High CVE-2013-2862: Memory corruption in Skia GPU handling.
Credit to Atte Kettunen of OUSPG.

[232633] Critical CVE-2013-2863: Memory corruption in SSL socket handling. Credit to Sebastian Marchand of the Chromium development community.

[239134] High CVE-2013-2864: Bad free in PDF viewer. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team.

[246389] High CVE-2013-2865: Various fixes from internal audits, fuzzing and other initiatives.


Update the affected package.

See Also

Plugin Details

Severity: Critical

ID: 66799

File Name: freebsd_pkg_4865d189cd6211e2ae1100262d5ed8ee.nasl

Version: $Revision: 1.6 $

Type: local

Published: 2013/06/05

Modified: 2013/06/29

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2013/06/04

Vulnerability Publication Date: 2013/06/04

Reference Information

CVE: CVE-2013-2855, CVE-2013-2856, CVE-2013-2857, CVE-2013-2858, CVE-2013-2859, CVE-2013-2860, CVE-2013-2861, CVE-2013-2862, CVE-2013-2863, CVE-2013-2864, CVE-2013-2865