FreeBSD : chromium -- multiple vulnerabilities (47b571f2-157b-11ec-ae98-704d7b472482)

critical Nessus Plugin ID 153396

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Chrome Releases reports :

This release includes 11 security fixes, including :

- [1237533] High CVE-2021-30625: Use after free in Selection API.
Reported by Marcin Towalski of Cisco Talos on 2021-08-06

- [1241036] High CVE-2021-30626: Out of bounds memory access in ANGLE.
Reported by Jeonghoon Shin of Theori on 2021-08-18

- [1245786] High CVE-2021-30627: Type Confusion in Blink layout.
Reported by Aki Helin of OUSPG on 2021-09-01

- [1241123] High CVE-2021-30628: Stack buffer overflow in ANGLE.
Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18

- [1243646] High CVE-2021-30629: Use after free in Permissions.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-08-26

- [1244568] High CVE-2021-30630: Inappropriate implementation in Blink. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-30

- [1247763] High CVE-2021-30632: Out of bounds write in V8. Reported by Anonymous on 2021-09-08

- [1247766] High CVE-2021-30633: Use after free in Indexed DB API.
Reported by Anonymous on 2021-09-08

Google is aware that exploits for CVE-2021-30632 and CVE-2021-30633 exist in the wild.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?dc94c497

http://www.nessus.org/u?ea5a067c

Plugin Details

Severity: Critical

ID: 153396

File Name: freebsd_pkg_47b571f2157b11ecae98704d7b472482.nasl

Version: 1.9

Type: local

Published: 9/15/2021

Updated: 1/16/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-30633

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 9.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/14/2021

Vulnerability Publication Date: 9/13/2021

CISA Known Exploited Vulnerability Due Dates: 11/17/2021

Reference Information

CVE: CVE-2021-30625, CVE-2021-30626, CVE-2021-30627, CVE-2021-30628, CVE-2021-30629, CVE-2021-30630, CVE-2021-30632, CVE-2021-30633

IAVA: 2021-A-0411-S