Test ID:	1.3.6.1.4.1.25623.1.0.71292
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: chromium
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: chromium CVE-2011-3045 Integer signedness error in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. CVE-2011-3049 Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension. CVE-2011-3050 Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. CVE-2011-3051 Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade function. CVE-2011-3052 The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2011-3053 Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. CVE-2011-3054 The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors. CVE-2011-3055 The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension. CVE-2011-3056 Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a 'magic iframe.' CVE-2011-3057 Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation. This VT has been deprecated and is therefore no longer functional. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3045 Debian Security Information: DSA-2439 (Google Search) http://www.debian.org/security/2012/dsa-2439 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html http://security.gentoo.org/glsa/glsa-201206-15.xml http://www.mandriva.com/security/advisories?name=MDVSA-2012:033 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763 RedHat Security Advisories: RHSA-2012:0407 http://rhn.redhat.com/errata/RHSA-2012-0407.html RedHat Security Advisories: RHSA-2012:0488 http://rhn.redhat.com/errata/RHSA-2012-0488.html http://www.securitytracker.com/id?1026823 http://secunia.com/advisories/48320 http://secunia.com/advisories/48485 http://secunia.com/advisories/48512 http://secunia.com/advisories/48554 http://secunia.com/advisories/49660 SuSE Security Announcement: openSUSE-SU-2012:0432 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html SuSE Security Announcement: openSUSE-SU-2012:0466 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2011-3049 BugTraq ID: 52674 http://www.securityfocus.com/bid/52674 http://security.gentoo.org/glsa/glsa-201203-19.xml http://osvdb.org/80295 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15049 http://www.securitytracker.com/id?1026841 http://secunia.com/advisories/48527 XForce ISS Database: google-chrome-api-sec-bypass(74218) https://exchange.xforce.ibmcloud.com/vulnerabilities/74218 Common Vulnerability Exposure (CVE) ID: CVE-2011-3050 http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/80288 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14414 XForce ISS Database: google-chrome-letter-code-execution(74210) https://exchange.xforce.ibmcloud.com/vulnerabilities/74210 Common Vulnerability Exposure (CVE) ID: CVE-2011-3051 http://osvdb.org/80289 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15016 XForce ISS Database: google-crossfade-code-execution(74211) https://exchange.xforce.ibmcloud.com/vulnerabilities/74211 Common Vulnerability Exposure (CVE) ID: CVE-2011-3052 http://osvdb.org/80290 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14819 XForce ISS Database: google-webgl-canvas-code-exec(74212) https://exchange.xforce.ibmcloud.com/vulnerabilities/74212 Common Vulnerability Exposure (CVE) ID: CVE-2011-3053 http://osvdb.org/80291 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14658 XForce ISS Database: chrome-block-splitting-code-exec(74213) https://exchange.xforce.ibmcloud.com/vulnerabilities/74213 Common Vulnerability Exposure (CVE) ID: CVE-2011-3054 http://osvdb.org/80292 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15028 XForce ISS Database: google-webui-weak-security(74214) https://exchange.xforce.ibmcloud.com/vulnerabilities/74214 Common Vulnerability Exposure (CVE) ID: CVE-2011-3055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15033 XForce ISS Database: google-nativeui-weak-security(74215) https://exchange.xforce.ibmcloud.com/vulnerabilities/74215 Common Vulnerability Exposure (CVE) ID: CVE-2011-3056 http://lists.apple.com/archives/security-announce/2012/May/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00002.html http://osvdb.org/80294 http://osvdb.org/81794 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14962 http://secunia.com/advisories/47292 XForce ISS Database: google-magic-iframe-sec-bypass(74216) https://exchange.xforce.ibmcloud.com/vulnerabilities/74216 Common Vulnerability Exposure (CVE) ID: CVE-2011-3057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14385 http://www.securitytracker.com/id?1026877 http://secunia.com/advisories/48618 http://secunia.com/advisories/48691 http://secunia.com/advisories/48763 XForce ISS Database: google-chrome-v8-ce(74217) https://exchange.xforce.ibmcloud.com/vulnerabilities/74217
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.