FreeBSD : chromium -- multiple vulnerabilities (95a74a48-2691-11e7-9e2d-e8e0b747a45a)

Medium Nessus Plugin ID 99616


The remote FreeBSD host is missing one or more security-related updates.


Google Chrome Releases reports :

29 security fixes in this release, including :

- [695826] High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360

- [694382] High CVE-2017-5058: Heap use after free in Print Preview.
Credit to Khalil Zhani

- [684684] High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative

- [683314] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng

- [672847] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)

- [702896] Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous

- [700836] Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip

- [693974] Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar

- [704560] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani

- [690821] Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D candidate Chu Chen (ICTT, Xidian University)

- [648117] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani

- [691726] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman

- [713205] Various fixes from internal audits, fuzzing and other initiatives


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 99616

File Name: freebsd_pkg_95a74a48269111e79e2de8e0b747a45a.nasl

Version: $Revision: 3.7 $

Type: local

Published: 2017/04/24

Modified: 2018/02/01

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P


Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, p-cpe:/a:freebsd:freebsd:chromium-pulse, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2017/04/21

Vulnerability Publication Date: 2017/04/19

Reference Information

CVE: CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069