FreeBSD : chromium -- multiple vulnerabilities (e30e0c99-a1b7-11e4-b85c-00262d5ed8ee)

High Nessus Plugin ID 80898

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Google Chrome Releases reports :

62 security fixes in this release, including :

- [430353] High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.

- [435880] High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.

- [434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer.

- [422824] High CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.

- [444695] High CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.

- [435073] High CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.

- [442806] High CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.

- [442710] High CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.

- [443115] High CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.

- [429666] High CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen of OUSPG.

- [427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit to aohelin.

- [427249] High CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.

- [402957] High CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.

- [428561] High CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.

- [419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen of OUSPG.

- [416323] High CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen of OUSPG.

- [399951] High CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada.

- [433866] Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.

- [428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen of OUSPG and Christoph Diehl.

- [426762] Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.

- [422492] Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.

- [418881] Medium CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer.

- [414310] Medium CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer.

- [414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.

- [430566] Medium CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck.

- [414026] Medium CVE-2014-7948: Caching error in AppCache. Credit to jiayaoqijia.

- [449894] CVE-2015-1205: Various fixes from internal audits, fuzzing and other initiatives.

- Multiple vulnerabilities in V8 fixed at the tip of the 3.30 branch (currently 3.30.33.15).

Solution

Update the affected packages.

See Also

https://chromereleases.googleblog.com/

http://www.nessus.org/u?5dc2ca63

Plugin Details

Severity: High

ID: 80898

File Name: freebsd_pkg_e30e0c99a1b711e4b85c00262d5ed8ee.nasl

Version: 1.10

Type: local

Published: 2015/01/22

Updated: 2019/07/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, p-cpe:/a:freebsd:freebsd:chromium-pulse, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/01/21

Vulnerability Publication Date: 2015/01/21

Reference Information

CVE: CVE-2014-7923, CVE-2014-7924, CVE-2014-7925, CVE-2014-7926, CVE-2014-7927, CVE-2014-7928, CVE-2014-7929, CVE-2014-7930, CVE-2014-7931, CVE-2014-7932, CVE-2014-7933, CVE-2014-7934, CVE-2014-7935, CVE-2014-7936, CVE-2014-7937, CVE-2014-7938, CVE-2014-7939, CVE-2014-7940, CVE-2014-7941, CVE-2014-7942, CVE-2014-7943, CVE-2014-7944, CVE-2014-7945, CVE-2014-7946, CVE-2014-7947, CVE-2014-7948, CVE-2015-1205