FreeBSD : chromium -- multiple vulnerabilities (e5414d0c-2ade-11e3-821d-00262d5ed8ee)

High Nessus Plugin ID 70265

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Google Chrome Releases reports :

50 security fixes in this release, including :

- [223962][270758][271161][284785][284786] Medium CVE-2013-2906 :
Races in Web Audio. Credit to Atte Kettunen of OUSPG.

- [260667] Medium CVE-2013-2907: Out of bounds read in Window.prototype object. Credit to Boris Zbarsky.

- [265221] Medium CVE-2013-2908: Address bar spoofing related to the '204 No Content' status code. Credit to Chamal de Silva.

- [265838][279277] High CVE-2013-2909: Use after free in inline-block rendering. Credit to Atte Kettunen of OUSPG.

- [269753] Medium CVE-2013-2910: Use-after-free in Web Audio. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).

- [271939] High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte Kettunen of OUSPG.

- [276368] High CVE-2013-2912: Use-after-free in PPAPI. Credit to Chamal de Silva and 41.w4r10r(at)garage4hackers.com.

- [278908] High CVE-2013-2913: Use-after-free in XML document parsing.
Credit to cloudfuzzer.

- [279263] High CVE-2013-2914: Use after free in the Windows color chooser dialog. Credit to Khalil Zhani.

- [280512] Low CVE-2013-2915: Address bar spoofing via a malformed scheme. Credit to Wander Groeneveld.

- [281256] High CVE-2013-2916: Address bar spoofing related to the '204 No Content' status code. Credit to Masato Kinugawa.

- [281480] Medium CVE-2013-2917: Out of bounds read in Web Audio.
Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC).

- [282088] High CVE-2013-2918: Use-after-free in DOM. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC).

- [282736] High CVE-2013-2919: Memory corruption in V8. Credit to Adam Haile of Concrete Data.

- [285742] Medium CVE-2013-2920: Out of bounds read in URL parsing.
Credit to Atte Kettunen of OUSPG.

- [286414] High CVE-2013-2921: Use-after-free in resource loader.
Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC).

- [286975] High CVE-2013-2922: Use-after-free in template element.
Credit to Jon Butler.

- [299016] CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives (Chrome 30).

- [275803] Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug here.

Solution

Update the affected package.

See Also

http://googlechromereleases.blogspot.nl/

http://www.nessus.org/u?ace320ee

Plugin Details

Severity: High

ID: 70265

File Name: freebsd_pkg_e5414d0c2ade11e3821d00262d5ed8ee.nasl

Version: 1.9

Type: local

Published: 2013/10/02

Updated: 2018/10/29

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/10/01

Vulnerability Publication Date: 2013/10/01

Reference Information

CVE: CVE-2013-2906, CVE-2013-2907, CVE-2013-2908, CVE-2013-2909, CVE-2013-2910, CVE-2013-2911, CVE-2013-2912, CVE-2013-2913, CVE-2013-2914, CVE-2013-2915, CVE-2013-2916, CVE-2013-2917, CVE-2013-2918, CVE-2013-2919, CVE-2013-2920, CVE-2013-2921, CVE-2013-2922, CVE-2013-2923, CVE-2013-2924