Detections
Analytics

FreeBSD : chromium -- multiple vulnerabilities (95a74a48-2691-11e7-9e2d-e8e0b747a45a)

high Nessus Plugin ID 99616

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Google Chrome Releases reports :

29 security fixes in this release, including :

- [695826] High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360

- [694382] High CVE-2017-5058: Heap use after free in Print Preview.
Credit to Khalil Zhani

- [684684] High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative

- [683314] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng

- [672847] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)

- [702896] Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous

- [700836] Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip

- [693974] Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar

- [704560] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani

- [690821] Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D candidate Chu Chen (ICTT, Xidian University)

- [648117] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani

- [691726] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman

- [713205] Various fixes from internal audits, fuzzing and other initiatives

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?d9ef6b47

http://www.nessus.org/u?8e9e10a7

Plugin Details

Severity: High

ID: 99616

File Name: freebsd_pkg_95a74a48269111e79e2de8e0b747a45a.nasl

Version: 3.9

Type: local

Published: 4/24/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:chromium, p-cpe:/a:freebsd:freebsd:chromium-pulse, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/21/2017

Vulnerability Publication Date: 4/19/2017

Reference Information

CVE: CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE-2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5069