FreeBSD : chromium -- multiple vulnerabilities (40d5ab37-85f2-11e2-b528-00262d5ed8ee)

high Nessus Plugin ID 65067

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Google Chrome Releases reports :

[176882] High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva.

[176252] High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to 'chromium.khalil'.

[172926] [172331] High CVE-2013-0904: Memory corruption in Web Audio.
Credit to Atte Kettunen of OUSPG.

[168982] High CVE-2013-0905: Use-after-free with SVG animations.
Credit to Atte Kettunen of OUSPG.

[174895] High CVE-2013-0906: Memory corruption in Indexed DB. Credit to Google Chrome Security Team (Juri Aedla).

[174150] Medium CVE-2013-0907: Race condition in media thread handling. Credit to Andrew Scherkus of the Chromium development community.

[174059] Medium CVE-2013-0908: Incorrect handling of bindings for extension processes.

[173906] Low CVE-2013-0909: Referer leakage with XSS Auditor. Credit to Egor Homakov.

[172573] Medium CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. Credit to Google Chrome Security Team (Chris Evans).

[172264] High CVE-2013-0911: Possible path traversal in database handling. Credit to Google Chrome Security Team (Juri Aedla).

Solution

Update the affected package.

See Also

http://www.nessus.org/u?6bd43a3e

http://www.nessus.org/u?0720a2b6

Plugin Details

Severity: High

ID: 65067

File Name: freebsd_pkg_40d5ab3785f211e2b52800262d5ed8ee.nasl

Version: 1.7

Type: local

Published: 3/7/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 3/6/2013

Vulnerability Publication Date: 3/4/2013

Reference Information

CVE: CVE-2013-0902, CVE-2013-0903, CVE-2013-0904, CVE-2013-0905, CVE-2013-0906, CVE-2013-0907, CVE-2013-0908, CVE-2013-0909, CVE-2013-0910, CVE-2013-0911