Detections
Analytics

FreeBSD : chromium -- multiple vulnerabilities (3cac007f-b27e-11eb-97a0-e09467587c17)

high Nessus Plugin ID 149425

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Chrome Releases reports :

This release contains 19 security fixes, including :

- [1180126] High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19

- [1178202] High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-14

- [1195340] High CVE-2021-30508: Heap buffer overflow in Media Feeds.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-02

- [1196309] High CVE-2021-30509: Out of bounds write in Tab Strip.
Reported by David Erceg on 2021-04-06

- [1197436] High CVE-2021-30510: Race in Aura. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-04-09

- [1197875] High CVE-2021-30511: Out of bounds read in Tab Groups.
Reported by David Erceg on 2021-04-10

- [1200019] High CVE-2021-30512: Use after free in Notifications.
Reported by ZhanJia Song on 2021-04-17

- [1200490] High CVE-2021-30513: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2021-04-19

- [1200766] High CVE-2021-30514: Use after free in Autofill. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-20

- [1201073] High CVE-2021-30515: Use after free in File API. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-04-21

- [1201446] High CVE-2021-30516: Heap buffer overflow in History.
Reported by ZhanJia Song on 2021-04-22

- [1203122] High CVE-2021-30517: Type Confusion in V8. Reported by laural on 2021-04-27

- [1203590] High CVE-2021-30518: Heap buffer overflow in Reader Mode.
Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-04-28

- [1194058] Medium CVE-2021-30519: Use after free in Payments.
Reported by asnine on 2021-03-30

- [1193362] Medium CVE-2021-30520: Use after free in Tab Strip.
Reported by Khalil Zhani on 2021-04-03

Solution

Update the affected package.

See Also

http://www.nessus.org/u?6e7dcca1

http://www.nessus.org/u?24c1bb62

Plugin Details

Severity: High

ID: 149425

File Name: freebsd_pkg_3cac007fb27e11eb97a0e09467587c17.nasl

Version: 1.4

Type: local

Published: 5/12/2021

Updated: 1/2/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-30520

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/11/2021

Vulnerability Publication Date: 5/10/2021

Reference Information

CVE: CVE-2021-30506, CVE-2021-30507, CVE-2021-30508, CVE-2021-30509, CVE-2021-30510, CVE-2021-30511, CVE-2021-30512, CVE-2021-30513, CVE-2021-30514, CVE-2021-30515, CVE-2021-30516, CVE-2021-30517, CVE-2021-30518, CVE-2021-30519, CVE-2021-30520