FreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee)

critical Nessus Plugin ID 79320

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Google Chrome Releases reports :

42 security fixes in this release, including :

- [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey.

- [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG.

- [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer.

- [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer.

- [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer.

- [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG.

- [421817] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team.

- [423030] High CVE-2014-7906: Use-after-free in pepper plugins.
Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.

- [423703] High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou.

- [424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.

- [425980] High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl.

- [391001] Medium CVE-2014-7909: Uninitialized memory read in Skia.
Credit to miaubiz.

- CVE-2014-7910: Various fixes from internal audits, fuzzing and other initiatives.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?f4b30c17

http://www.nessus.org/u?a894c63a

Plugin Details

Severity: Critical

ID: 79320

File Name: freebsd_pkg_d395e44f6f4f11e4a44400262d5ed8ee.nasl

Version: 1.8

Type: local

Published: 11/19/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, p-cpe:/a:freebsd:freebsd:chromium-pulse, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/18/2014

Vulnerability Publication Date: 11/18/2014

Reference Information

CVE: CVE-2014-0574, CVE-2014-7899, CVE-2014-7900, CVE-2014-7901, CVE-2014-7902, CVE-2014-7903, CVE-2014-7904, CVE-2014-7905, CVE-2014-7906, CVE-2014-7907, CVE-2014-7908, CVE-2014-7909, CVE-2014-7910