FreeBSD : chromium -- multiple vulnerabilities (b57f690e-ecc9-11e4-876c-00262d5ed8ee)
High Nessus Plugin ID 83095
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionGoogle Chrome Releases reports :
45 new security fixes, including :
-  High CVE-2015-1235: Cross-origin-bypass in HTML parser.
Credit to anonymous.
-  Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo.
-  High CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani.
-  High CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer.
-  Medium CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil.
-  Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston of Sandfield Information Systems.
-  High CVE-2015-1242: Type confusion in V8. Credit to [email protected]
-  Medium CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy.
-  Medium CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani.
-  Medium CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen of OUSPG.
-  Medium CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn.
-  Medium CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta (VittGam).
-  CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives. Multiple vulnerabilities in V8 fixed at the tip of the 4.2 branch (currently 18.104.22.168).
SolutionUpdate the affected packages.