FreeBSD : chromium -- multiple vulnerabilities (9dd47fa3-9d53-11e3-b20f-00262d5ed8ee)
High Nessus Plugin ID 72676
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionGoogle Chrome Releases reports :
28 security fixes in this release, including :
-  High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid.
-  High CVE-2013-6653: Use-after-free related to web contents.
Credit to Khalil Zhani.
-  High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.
-  High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.
-  High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.
-  Medium CVE-2013-6657: Information leak in XSS auditor.
Credit to NeexEmil.
-  Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer.
-  Medium CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris.
-  Low CVE-2013-6660: Information leak in drag and drop.
Credit to bishopjeffreys.
-  Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers.
SolutionUpdate the affected package.