FreeBSD : chromium -- multiple vulnerabilities (548f74bd-993c-11e5-956b-00262d5ed8ee)

critical Nessus Plugin ID 87177

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Google Chrome Releases reports :

41 security fixes in this release, including :

- [558589] Critical CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous.

- [551044] High CVE-2015-6766: Use-after-free in AppCache. Credit to anonymous.

- [554908] High CVE-2015-6767: Use-after-free in AppCache. Credit to anonymous.

- [556724] High CVE-2015-6768: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.

- [534923] High CVE-2015-6769: Cross-origin bypass in core. Credit to Mariusz Mlynski.

- [541206] High CVE-2015-6770: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.

- [544991] High CVE-2015-6771: Out of bounds access in v8. Credit to anonymous.

- [546545] High CVE-2015-6772: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.

- [554946] High CVE-2015-6764: Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own.

- [491660] High CVE-2015-6773: Out of bounds access in Skia. Credit to cloudfuzzer.

- [549251] High CVE-2015-6774: Use-after-free in Extensions. Credit to anonymous.

- [529012] High CVE-2015-6775: Type confusion in PDFium. Credit to Atte Kettunen of OUSPG.

- [457480] High CVE-2015-6776: Out of bounds access in PDFium. Credit to Hanno Bock.

- [544020] High CVE-2015-6777: Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team.

- [514891] Medium CVE-2015-6778: Out of bounds access in PDFium.
Credit to Karl Skomski.

- [528505] Medium CVE-2015-6779: Scheme bypass in PDFium. Credit to Til Jasper Ullrich.

- [490492] Medium CVE-2015-6780: Use-after-free in Infobars. Credit to Khalil Zhani.

- [497302] Medium CVE-2015-6781: Integer overflow in Sfntly. Credit to miaubiz.

- [536652] Medium CVE-2015-6782: Content spoofing in Omnibox. Credit to Luan Herrera.

- [537205] Medium CVE-2015-6783: Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski.

- [503217] Low CVE-2015-6784: Escaping issue in saved pages. Credit to Inti De Ceukelaire.

- [534542] Low CVE-2015-6785: Wildcard matching issue in CSP. Credit to Michael Ficarra / Shape Security.

- [534570] Low CVE-2015-6786: Scheme bypass in CSP. Credit to Michael Ficarra / Shape Security.

- [563930] CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives.

- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23).

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?dc8c7b02

http://www.nessus.org/u?9ec69327

Plugin Details

Severity: Critical

ID: 87177

File Name: freebsd_pkg_548f74bd993c11e5956b00262d5ed8ee.nasl

Version: 2.12

Type: local

Published: 12/3/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, p-cpe:/a:freebsd:freebsd:chromium-npapi, p-cpe:/a:freebsd:freebsd:chromium-pulse, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/2/2015

Vulnerability Publication Date: 12/1/2015

Reference Information

CVE: CVE-2015-6765, CVE-2015-6766, CVE-2015-6767, CVE-2015-6768, CVE-2015-6769, CVE-2015-6770, CVE-2015-6771, CVE-2015-6772, CVE-2015-6773, CVE-2015-6774, CVE-2015-6775, CVE-2015-6776, CVE-2015-6777, CVE-2015-6778, CVE-2015-6779, CVE-2015-6780, CVE-2015-6781, CVE-2015-6782, CVE-2015-6783, CVE-2015-6784, CVE-2015-6785, CVE-2015-6786, CVE-2015-6787