Test ID:	1.3.6.1.4.1.25623.1.0.71288
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: chromium
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: chromium CVE-2011-3057 Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation. CVE-2011-3058 Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. CVE-2011-3059 Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3060 Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2011-3061 Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. CVE-2011-3062 Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file. CVE-2011-3063 Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors. CVE-2011-3064 Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping. CVE-2011-3065 Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. This VT has been deprecated and is therefore no longer functional. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3057 BugTraq ID: 52674 http://www.securityfocus.com/bid/52674 http://security.gentoo.org/glsa/glsa-201203-19.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14385 http://www.securitytracker.com/id?1026877 http://secunia.com/advisories/48512 http://secunia.com/advisories/48527 http://secunia.com/advisories/48618 http://secunia.com/advisories/48691 http://secunia.com/advisories/48763 XForce ISS Database: google-chrome-v8-ce(74217) https://exchange.xforce.ibmcloud.com/vulnerabilities/74217 Common Vulnerability Exposure (CVE) ID: CVE-2011-3058 http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html BugTraq ID: 52762 http://www.securityfocus.com/bid/52762 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15492 XForce ISS Database: google-chrome-interaction-xss(74408) https://exchange.xforce.ibmcloud.com/vulnerabilities/74408 Common Vulnerability Exposure (CVE) ID: CVE-2011-3059 http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15200 XForce ISS Database: chrome-svg-text-code-execution(74409) https://exchange.xforce.ibmcloud.com/vulnerabilities/74409 Common Vulnerability Exposure (CVE) ID: CVE-2011-3060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15364 XForce ISS Database: chrome-text-fragment-code-exec(74410) https://exchange.xforce.ibmcloud.com/vulnerabilities/74410 Common Vulnerability Exposure (CVE) ID: CVE-2011-3061 http://osvdb.org/80739 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14849 XForce ISS Database: chrome-spdy-sec-bypass(74411) https://exchange.xforce.ibmcloud.com/vulnerabilities/74411 Common Vulnerability Exposure (CVE) ID: CVE-2011-3062 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://osvdb.org/80740 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15488 http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 XForce ISS Database: chrome-sanitizer-code-exec(74412) https://exchange.xforce.ibmcloud.com/vulnerabilities/74412 Common Vulnerability Exposure (CVE) ID: CVE-2011-3063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15226 XForce ISS Database: chrome-renderer-sec-bypass(74413) https://exchange.xforce.ibmcloud.com/vulnerabilities/74413 Common Vulnerability Exposure (CVE) ID: CVE-2011-3064 http://osvdb.org/80742 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14755 Common Vulnerability Exposure (CVE) ID: CVE-2011-3065 http://osvdb.org/80743 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15415 XForce ISS Database: google-skia-code-execution(74415) https://exchange.xforce.ibmcloud.com/vulnerabilities/74415
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.