FreeBSD : chromium -- multiple vulnerabilities (6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec)
High Nessus Plugin ID 92537
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionGoogle Chrome Releases reports :
48 security fixes in this release, including :
-  High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie xisigr of Tencent's Xuanwu Lab
-  High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan
-  High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team
-  High CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski
-  High CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski
-  High CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer
-  High CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous
-  High CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin
-  High CVE-2016-5130: URL spoofing. Credit to Wadih Matar
-  High CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer
-  Medium CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly
-  Medium CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor
-  Medium CVE-2016-5134: URL leakage via PAC script. Credit to Paul Stone
-  Medium CVE-2016-5135: Content-Security-Policy bypass.
Credit to kingxwy
-  Medium CVE-2016-5136: Use after free in extensions. Credit to Rob Wu
-  Medium CVE-2016-5137: History sniffing with HSTS and CSP.
Credit to Xiaoyin Liu
-  CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives.
SolutionUpdate the affected packages.