FreeBSD : chromium -- multiple vulnerabilities (3bfc7016-4bcc-11e3-b0cf-00262d5ed8ee)
Critical Nessus Plugin ID 70865
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionGoogle Chrome Releases reports :
25 security fixes in this release, including :
-  Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani.
-  High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer.
-  High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz.
-  High CVE-2013-6624: Use after free related to 'id' attribute strings. Credit to Jon Butler.
-  High CVE-2013-6625: Use after free in DOM ranges. Credit to cloudfuzzer.
-  Low CVE-2013-6626: Address bar spoofing related to interstitial warnings. Credit to Chamal de Silva.
-  High CVE-2013-6627: Out of bounds read in HTTP parsing.
Credit to skylined.
-  Medium CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco of INRIA Paris.
-  Medium-Critical CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.
-  Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. Credit to Michal Zalewski of Google.
-  Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. Credit to Michal Zalewski of Google.
-  High CVE-2013-6631: Use after free in libjingle. Credit to Patrik Hoglund of the Chromium project.
SolutionUpdate the affected package.