FreeBSD : chromium -- multiple vulnerabilities (e30e0c99-a1b7-11e4-b85c-00262d5ed8ee)

high Nessus Plugin ID 80898
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Google Chrome Releases reports :

62 security fixes in this release, including :

- [430353] High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.

- [435880] High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.

- [434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer.

- [422824] High CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.

- [444695] High CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.

- [435073] High CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.

- [442806] High CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.

- [442710] High CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.

- [443115] High CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.

- [429666] High CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen of OUSPG.

- [427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit to aohelin.

- [427249] High CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.

- [402957] High CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.

- [428561] High CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.

- [419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen of OUSPG.

- [416323] High CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen of OUSPG.

- [399951] High CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada.

- [433866] Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.

- [428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen of OUSPG and Christoph Diehl.

- [426762] Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.

- [422492] Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.

- [418881] Medium CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer.

- [414310] Medium CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer.

- [414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.

- [430566] Medium CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck.

- [414026] Medium CVE-2014-7948: Caching error in AppCache. Credit to jiayaoqijia.

- [449894] CVE-2015-1205: Various fixes from internal audits, fuzzing and other initiatives.

- Multiple vulnerabilities in V8 fixed at the tip of the 3.30 branch (currently 3.30.33.15).

Solution

Update the affected packages.

See Also

https://chromereleases.googleblog.com/

http://www.nessus.org/u?5dc2ca63

Plugin Details

Severity: High

ID: 80898

File Name: freebsd_pkg_e30e0c99a1b711e4b85c00262d5ed8ee.nasl

Version: 1.12

Type: local

Published: 1/22/2015

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, p-cpe:/a:freebsd:freebsd:chromium-pulse, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/21/2015

Vulnerability Publication Date: 1/21/2015

Reference Information

CVE: CVE-2014-7923, CVE-2014-7924, CVE-2014-7925, CVE-2014-7926, CVE-2014-7927, CVE-2014-7928, CVE-2014-7929, CVE-2014-7930, CVE-2014-7931, CVE-2014-7932, CVE-2014-7933, CVE-2014-7934, CVE-2014-7935, CVE-2014-7936, CVE-2014-7937, CVE-2014-7938, CVE-2014-7939, CVE-2014-7940, CVE-2014-7941, CVE-2014-7942, CVE-2014-7943, CVE-2014-7944, CVE-2014-7945, CVE-2014-7946, CVE-2014-7947, CVE-2014-7948, CVE-2015-1205