FreeBSD : chromium -- multiple vulnerabilities (d2bbcc01-4ec3-11e4-ab3f-00262d5ed8ee)

Critical Nessus Plugin ID 78104


The remote FreeBSD host is missing one or more security-related updates.


Google Chrome Releases reports :

159 security fixes in this release, including 113 found using MemorySanitizer :

- [416449] Critical CVE-2014-3188: A special thanks to Juri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox.

- [398384] High CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer.

- [400476] High CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer.

- [402407] High CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer.

- [403276] High CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer.

- [399655] High CVE-2014-3193: Type confusion in Session Management.
Credit to miaubiz.

- [401115] High CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne.

- [403409] Medium CVE-2014-3195: Information Leak in V8. Credit to Juri Aedla.

- [338538] Medium CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw.

- [396544] Medium CVE-2014-3197: Information Leak in XSS Auditor.
Credit to Takeshi Terada.

- [415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen of OUSPG.

- [395411] Low CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne.

- [420899] CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38).

- Multiple vulnerabilities in V8 fixed at the tip of the 3.28 branch (currently


Update the affected packages.

See Also

Plugin Details

Severity: Critical

ID: 78104

File Name: freebsd_pkg_d2bbcc014ec311e4ab3f00262d5ed8ee.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2014/10/09

Modified: 2016/05/26

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, p-cpe:/a:freebsd:freebsd:chromium-pulse, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2014/10/08

Vulnerability Publication Date: 2014/10/07

Reference Information

CVE: CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3193, CVE-2014-3194, CVE-2014-3195, CVE-2014-3196, CVE-2014-3197, CVE-2014-3198, CVE-2014-3199, CVE-2014-3200