Detections
Analytics
FreeBSD : chromium -- multiple vulnerabilities (8e986b2b-1baa-11e8-a944-54ee754af08e)
high Nessus Plugin ID 107044
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
Google Chrome Releases reports :Several security fixes in this release, including :
- [780450] High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01
- [787103] High CVE-2018-6032: Same origin bypass in Shared Worker.
Reported by Jun Kokatsu (@shhnjk) on 2017-11-20
- [793620] High CVE-2018-6033: Race when opening downloaded files.
Reported by Juho Nurminen on 2017-12-09
- [784183] Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein (www.trapkit.de) on 2017-11-12
- [797500] Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
- [797500] Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
- [753645] Medium CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone of Context Information Security on 2017-08-09
- [774174] Medium CVE-2018-6038: Heap buffer overflow in WebGL.
Reported by cloudfuzzer on 2017-10-12
- [775527] Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on 2017-10-17
- [778658] Medium CVE-2018-6040: Content security policy bypass.
Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-26
- [760342] Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on 2017-08-29
- [773930] Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on 2017-10-12
- [785809] Medium CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL on 2017-11-16
- [797497] Medium CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
- [798163] Medium CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-31
- [799847] Medium CVE-2018-6047: Cross origin URL leak in WebGL.
Reported by Masato Kinugawa on 2018-01-08
- [763194] Low CVE-2018-6048: Referrer policy bypass in Blink.
Reported by Jun Kokatsu (@shhnjk) on 2017-09-08
- [771848] Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall (@_aaspring_) on 2017-10-05
- [774438] Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-13
- [774842] Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on 2017-10-15
- [441275] Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso (@asanso) on 2014-12-11
- [615608] Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek on 2016-05-28
- [758169] Low CVE-2018-6053: Leak of page thumbnails in New Tab Page.
Reported by Asset Kabdenov on 2017-08-23
- [797511] Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on 2017-12-24
Solution
Update the affected package.See Also
Plugin Details
Severity: High
ID: 107044
File Name: freebsd_pkg_8e986b2b1baa11e8a94454ee754af08e.nasl
Version: 3.6
Type: local
Family: FreeBSD Local Security Checks
Published: 2/28/2018
Updated: 7/10/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 2/27/2018
Vulnerability Publication Date: 8/9/2017
Reference Information
CVE: CVE-2017-15420, CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035, CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050, CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054