Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: sys-kernel/chromeos-kernel-4_4
Package Version: [cpe:/o:linux:linux_kernel:4.4.79]

Advisory: CVE-2015-0312
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-0312
  CVSS severity score: 10/10.0
  Confidence: high
  Description:

Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.
Advisory: CVE-2015-1209
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-1209
  CVSS severity score: 7.5/10.0
  Confidence: high
  Description:

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor.
Advisory: CVE-2015-1210
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-1210
  CVSS severity score: 5/10.0
  Confidence: high
  Description:

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Advisory: CVE-2015-1211
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-1211
  CVSS severity score: 7.5/10.0
  Confidence: high
  Description:

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.
Advisory: CVE-2015-1212
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-1212
  CVSS severity score: 7.5/10.0
  Confidence: high
  Description:

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.