FreeBSD : chromium -- multiple vulnerabilities (a9d456b4-fe4c-11e4-ad15-00262d5ed8ee)
High Nessus Plugin ID 83556
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionGoogle Chrome Releases reports :
37 security fixes in this release, including :
-  High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.
-  High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.
-  High CVE-2015-1254: Cross-origin bypass in Editing. Credit to [email protected]
-  High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.
-  High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
-  High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP's Zero Day Initiative.
-  Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.
-  Medium CVE-2015-1258: Negative-size parameter in libvpx.
Credit to cloudfuzzer
-  Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG
-  Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.
-  Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.
-  Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.
-  Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.
-  Low CVE-2015-1264: Cross-site scripting in bookmarks.
Credit to K0r3Ph1L.
-  CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 184.108.40.206).
SolutionUpdate the affected packages.