ID de Prueba:	1.3.6.1.4.1.25623.1.0.71292
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: chromium
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: chromium CVE-2011-3045 Integer signedness error in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. CVE-2011-3049 Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension. CVE-2011-3050 Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. CVE-2011-3051 Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade function. CVE-2011-3052 The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2011-3053 Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. CVE-2011-3054 The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors. CVE-2011-3055 The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension. CVE-2011-3056 Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a 'magic iframe.' CVE-2011-3057 Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation. This VT has been deprecated and is therefore no longer functional. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3045 Debian Security Information: DSA-2439 (Google Search) http://www.debian.org/security/2012/dsa-2439 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html http://security.gentoo.org/glsa/glsa-201206-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2012:033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763 RedHat Security Advisories: RHSA-2012:0407 http://rhn.redhat.com/errata/RHSA-2012-0407.html RedHat Security Advisories: RHSA-2012:0488 http://rhn.redhat.com/errata/RHSA-2012-0488.html http://www.securitytracker.com/id?1026823 http://secunia.com/advisories/48320 http://secunia.com/advisories/48485 http://secunia.com/advisories/48512 http://secunia.com/advisories/48554 http://secunia.com/advisories/49660 SuSE Security Announcement: openSUSE-SU-2012:0432 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html SuSE Security Announcement: openSUSE-SU-2012:0466 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2011-3049 BugTraq ID: 52674 http://www.securityfocus.com/bid/52674 http://security.gentoo.org/glsa/glsa-201203-19.xml http://osvdb.org/80295 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15049 http://www.securitytracker.com/id?1026841 http://secunia.com/advisories/48527 XForce ISS Database: google-chrome-api-sec-bypass(74218) https://exchange.xforce.ibmcloud.com/vulnerabilities/74218 Common Vulnerability Exposure (CVE) ID: CVE-2011-3050 http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/80288 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14414 XForce ISS Database: google-chrome-letter-code-execution(74210) https://exchange.xforce.ibmcloud.com/vulnerabilities/74210 Common Vulnerability Exposure (CVE) ID: CVE-2011-3051 http://osvdb.org/80289 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15016 XForce ISS Database: google-crossfade-code-execution(74211) https://exchange.xforce.ibmcloud.com/vulnerabilities/74211 Common Vulnerability Exposure (CVE) ID: CVE-2011-3052 http://osvdb.org/80290 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14819 XForce ISS Database: google-webgl-canvas-code-exec(74212) https://exchange.xforce.ibmcloud.com/vulnerabilities/74212 Common Vulnerability Exposure (CVE) ID: CVE-2011-3053 http://osvdb.org/80291 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14658 XForce ISS Database: chrome-block-splitting-code-exec(74213) https://exchange.xforce.ibmcloud.com/vulnerabilities/74213 Common Vulnerability Exposure (CVE) ID: CVE-2011-3054 http://osvdb.org/80292 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15028 XForce ISS Database: google-webui-weak-security(74214) https://exchange.xforce.ibmcloud.com/vulnerabilities/74214 Common Vulnerability Exposure (CVE) ID: CVE-2011-3055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15033 XForce ISS Database: google-nativeui-weak-security(74215) https://exchange.xforce.ibmcloud.com/vulnerabilities/74215 Common Vulnerability Exposure (CVE) ID: CVE-2011-3056 http://lists.apple.com/archives/security-announce/2012/May/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00002.html http://osvdb.org/80294 http://osvdb.org/81794 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14962 http://secunia.com/advisories/47292 XForce ISS Database: google-magic-iframe-sec-bypass(74216) https://exchange.xforce.ibmcloud.com/vulnerabilities/74216 Common Vulnerability Exposure (CVE) ID: CVE-2011-3057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14385 http://www.securitytracker.com/id?1026877 http://secunia.com/advisories/48618 http://secunia.com/advisories/48691 http://secunia.com/advisories/48763 XForce ISS Database: google-chrome-v8-ce(74217) https://exchange.xforce.ibmcloud.com/vulnerabilities/74217
Copyright	Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.