Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.
{"debiancve": [{"lastseen": "2023-05-27T15:12:16", "description": "Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-26T17:15:00", "type": "debiancve", "title": "CVE-2021-21212", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212"], "modified": "2021-04-26T17:15:00", "id": "DEBIANCVE:CVE-2021-21212", "href": "https://security-tracker.debian.org/tracker/CVE-2021-21212", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "veracode": [{"lastseen": "2022-07-26T16:45:04", "description": "Google Chrome is vulnerable to arbitrary code execution. A vulnerability exists in the \u2018Network Config UI\u2019 component due to certain improper \u2018security UI\u2019. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-21T17:43:04", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212"], "modified": "2021-06-01T21:14:08", "id": "VERACODE:30074", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30074/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "prion": [{"lastseen": "2023-08-16T01:09:22", "description": "Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-26T17:15:00", "type": "prion", "title": "CVE-2021-21212", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212"], "modified": "2021-06-01T18:43:00", "id": "PRION:CVE-2021-21212", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-21212", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2023-05-27T14:19:41", "description": "Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-26T17:15:00", "type": "cve", "title": "CVE-2021-21212", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212"], "modified": "2021-06-01T18:43:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34", "cpe:/o:fedoraproject:fedora:32"], "id": "CVE-2021-21212", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21212", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}], "mscve": [{"lastseen": "2023-06-14T15:25:55", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-15T18:40:06", "type": "mscve", "title": " Chromium: CVE-2021-21212 Incorrect security UI in Network Config UI", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212"], "modified": "2021-04-15T18:40:06", "id": "MS:CVE-2021-21212", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21212", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2023-06-29T13:56:10", "description": "Incorrect security UI in Network Config UI in Google Chrome on ChromeOS\nprior to 90.0.4430.72 allowed a remote attacker to potentially compromise\nWiFi connection security via a malicious WAP.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-26T00:00:00", "type": "ubuntucve", "title": "CVE-2021-21212", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212"], "modified": "2021-04-26T00:00:00", "id": "UB:CVE-2021-21212", "href": "https://ubuntu.com/security/CVE-2021-21212", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2023-06-18T15:03:43", "description": "Chrome Releases reports :\n\nThis release contains 37 security fixes, including :\n\n- [1025683] High CVE-2021-21201: Use after free in permissions.\nReported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on 2019-11-18\n\n- [1188889] High CVE-2021-21202: Use after free in extensions.\nReported by David Erceg on 2021-03-16\n\n- [1192054] High CVE-2021-21203: Use after free in Blink. Reported by asnine on 2021-03-24\n\n- [1189926] High CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw on 2021-03-19\n\n- [1165654] High CVE-2021-21205: Insufficient policy enforcement in navigation. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-01-12\n\n- [1195333] High CVE-2021-21221: Insufficient validation of untrusted input in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02\n\n- [1185732] Medium CVE-2021-21207: Use after free in IndexedDB.\nReported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-03-08\n\n- [1039539] Medium CVE-2021-21208: Insufficient data validation in QR scanner. Reported by Ahmed Elsobky (@0xsobky) on 2020-01-07\n\n- [1143526] Medium CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem (@tomvangoethem) on 2020-10-29\n\n- [1184562] Medium CVE-2021-21210: Inappropriate implementation in Network. Reported by @bananabr on 2021-03-04\n\n- [1103119] Medium CVE-2021-21211: Inappropriate implementation in Navigation. Reported by Akash Labade (m0ns7er) on 2020-07-08\n\n- [1145024] Medium CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03\n\n- [1161806] Medium CVE-2021-21213: Use after free in WebMIDI. Reported by raven (@raid_akame) on 2020-12-25\n\n- [1170148] Medium CVE-2021-21214: Use after free in Network API.\nReported by Anonymous on 2021-01-24\n\n- [1172533] Medium CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-01-30\n\n- [1173297] Medium CVE-2021-21216: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-02\n\n- [1166462] Low CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14\n\n- [1166478] Low CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14\n\n- [1166972] Low CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-15", "cvss3": {}, "published": "2021-04-16T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (f3d86439-9def-11eb-97a0-e09467587c17)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F3D864399DEF11EB97A0E09467587C17.NASL", "href": "https://www.tenable.com/plugins/nessus/148704", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148704);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21201\",\n \"CVE-2021-21202\",\n \"CVE-2021-21203\",\n \"CVE-2021-21204\",\n \"CVE-2021-21205\",\n \"CVE-2021-21207\",\n \"CVE-2021-21208\",\n \"CVE-2021-21209\",\n \"CVE-2021-21210\",\n \"CVE-2021-21211\",\n \"CVE-2021-21212\",\n \"CVE-2021-21213\",\n \"CVE-2021-21214\",\n \"CVE-2021-21215\",\n \"CVE-2021-21216\",\n \"CVE-2021-21217\",\n \"CVE-2021-21218\",\n \"CVE-2021-21219\",\n \"CVE-2021-21221\"\n );\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (f3d86439-9def-11eb-97a0-e09467587c17)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release contains 37 security fixes, including :\n\n- [1025683] High CVE-2021-21201: Use after free in permissions.\nReported by Gengming Liu, Jianyu Chen at Tencent Keen Security Lab on\n2019-11-18\n\n- [1188889] High CVE-2021-21202: Use after free in extensions.\nReported by David Erceg on 2021-03-16\n\n- [1192054] High CVE-2021-21203: Use after free in Blink. Reported by\nasnine on 2021-03-24\n\n- [1189926] High CVE-2021-21204: Use after free in Blink. Reported by\nChelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw on\n2021-03-19\n\n- [1165654] High CVE-2021-21205: Insufficient policy enforcement in\nnavigation. Reported by Alison Huffman, Microsoft Browser\nVulnerability Research on 2021-01-12\n\n- [1195333] High CVE-2021-21221: Insufficient validation of untrusted\ninput in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on\n2021-04-02\n\n- [1185732] Medium CVE-2021-21207: Use after free in IndexedDB.\nReported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360\nAlpha Lab on 2021-03-08\n\n- [1039539] Medium CVE-2021-21208: Insufficient data validation in QR\nscanner. Reported by Ahmed Elsobky (@0xsobky) on 2020-01-07\n\n- [1143526] Medium CVE-2021-21209: Inappropriate implementation in\nstorage. Reported by Tom Van Goethem (@tomvangoethem) on 2020-10-29\n\n- [1184562] Medium CVE-2021-21210: Inappropriate implementation in\nNetwork. Reported by @bananabr on 2021-03-04\n\n- [1103119] Medium CVE-2021-21211: Inappropriate implementation in\nNavigation. Reported by Akash Labade (m0ns7er) on 2020-07-08\n\n- [1145024] Medium CVE-2021-21212: Incorrect security UI in Network\nConfig UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese\nUniversity of Hong Kong on 2020-11-03\n\n- [1161806] Medium CVE-2021-21213: Use after free in WebMIDI. Reported\nby raven (@raid_akame) on 2020-12-25\n\n- [1170148] Medium CVE-2021-21214: Use after free in Network API.\nReported by Anonymous on 2021-01-24\n\n- [1172533] Medium CVE-2021-21215: Inappropriate implementation in\nAutofill. Reported by Abdulrahman Alqabandi, Microsoft Browser\nVulnerability Research on 2021-01-30\n\n- [1173297] Medium CVE-2021-21216: Inappropriate implementation in\nAutofill. Reported by Abdulrahman Alqabandi, Microsoft Browser\nVulnerability Research on 2021-02-02\n\n- [1166462] Low CVE-2021-21217: Uninitialized Use in PDFium. Reported\nby Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14\n\n- [1166478] Low CVE-2021-21218: Uninitialized Use in PDFium. Reported\nby Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14\n\n- [1166972] Low CVE-2021-21219: Uninitialized Use in PDFium. Reported\nby Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-15\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ec023c8b\");\n # https://vuxml.freebsd.org/freebsd/f3d86439-9def-11eb-97a0-e09467587c17.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2e18135\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21214\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21201\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<90.0.4430.72\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-17T14:51:09", "description": "The version of Google Chrome installed on the remote macOS host is prior to 90.0.4430.72. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_14 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Google Chrome < 90.0.4430.72 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_90_0_4430_72.NASL", "href": "https://www.tenable.com/plugins/nessus/148559", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148559);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21201\",\n \"CVE-2021-21202\",\n \"CVE-2021-21203\",\n \"CVE-2021-21204\",\n \"CVE-2021-21205\",\n \"CVE-2021-21207\",\n \"CVE-2021-21208\",\n \"CVE-2021-21209\",\n \"CVE-2021-21210\",\n \"CVE-2021-21211\",\n \"CVE-2021-21212\",\n \"CVE-2021-21213\",\n \"CVE-2021-21214\",\n \"CVE-2021-21215\",\n \"CVE-2021-21216\",\n \"CVE-2021-21217\",\n \"CVE-2021-21218\",\n \"CVE-2021-21219\",\n \"CVE-2021-21221\"\n );\n\n script_name(english:\"Google Chrome < 90.0.4430.72 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 90.0.4430.72. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_14 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ec023c8b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1188889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1192054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1189926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1165654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1185732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1039539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1143526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1184562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1103119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1145024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1170148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1172533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1173297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166972\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 90.0.4430.72 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21214\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21201\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'90.0.4430.72', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-18T15:02:53", "description": "The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.72. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_14 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Google Chrome < 90.0.4430.72 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_90_0_4430_72.NASL", "href": "https://www.tenable.com/plugins/nessus/148558", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148558);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21201\",\n \"CVE-2021-21202\",\n \"CVE-2021-21203\",\n \"CVE-2021-21204\",\n \"CVE-2021-21205\",\n \"CVE-2021-21207\",\n \"CVE-2021-21208\",\n \"CVE-2021-21209\",\n \"CVE-2021-21210\",\n \"CVE-2021-21211\",\n \"CVE-2021-21212\",\n \"CVE-2021-21213\",\n \"CVE-2021-21214\",\n \"CVE-2021-21215\",\n \"CVE-2021-21216\",\n \"CVE-2021-21217\",\n \"CVE-2021-21218\",\n \"CVE-2021-21219\",\n \"CVE-2021-21221\"\n );\n\n script_name(english:\"Google Chrome < 90.0.4430.72 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.72. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_04_stable-channel-update-for-desktop_14 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ec023c8b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1188889\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1192054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1189926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1165654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1185732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1039539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1143526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1184562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1103119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1145024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1170148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1172533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1173297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1166972\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 90.0.4430.72 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21214\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21201\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'90.0.4430.72', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-17T14:50:49", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.39. It is, therefore, affected by multiple vulnerabilities as referenced in the April 15, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-16T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 90.0.818.39 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_90_0_818_39.NASL", "href": "https://www.tenable.com/plugins/nessus/148693", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148693);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21201\",\n \"CVE-2021-21202\",\n \"CVE-2021-21203\",\n \"CVE-2021-21204\",\n \"CVE-2021-21205\",\n \"CVE-2021-21207\",\n \"CVE-2021-21208\",\n \"CVE-2021-21209\",\n \"CVE-2021-21210\",\n \"CVE-2021-21211\",\n \"CVE-2021-21212\",\n \"CVE-2021-21213\",\n \"CVE-2021-21214\",\n \"CVE-2021-21215\",\n \"CVE-2021-21216\",\n \"CVE-2021-21217\",\n \"CVE-2021-21218\",\n \"CVE-2021-21219\",\n \"CVE-2021-21221\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 90.0.818.39 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.818.39. It is, therefore, affected\nby multiple vulnerabilities as referenced in the April 15, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-15-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de6e5227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21214\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21221\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 90.0.818.39 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21214\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21201\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '90.0.818.39' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:37", "description": "Chrome Releases reports :\n\nThis release contains 32 security fixes, including :\n\n- [1208721] High CVE-2021-30521: Heap buffer overflow in Autofill.\nReported by ZhanJia Song on 2021-05-13\n\n- [1176218] High CVE-2021-30522: Use after free in WebAudio. Reported by Piotr Bania of Cisco Talos on 2021-02-09\n\n- [1187797] High CVE-2021-30523: Use after free in WebRTC. Reported by Tolyan Korniltsev on 2021-03-13\n\n- [1197146] High CVE-2021-30524: Use after free in TabStrip. Reported by David Erceg on 2021-04-08\n\n- [1197888] High CVE-2021-30525: Use after free in TabGroups. Reported by David Erceg on 2021-04-11\n\n- [1198717] High CVE-2021-30526: Out of bounds write in TabStrip.\nReported by David Erceg on 2021-04-13\n\n- [1199198] High CVE-2021-30527: Use after free in WebUI. Reported by David Erceg on 2021-04-15\n\n- [1206329] High CVE-2021-30528: Use after free in WebAuthentication.\nReported by Man Yue Mo of GitHub Security Lab on 2021-05-06\n\n- [1195278] Medium CVE-2021-30529: Use after free in Bookmarks.\nReported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-02\n\n- [1201033] Medium CVE-2021-30530: Out of bounds memory access in WebAudio. Reported by kkwon on 2021-04-21\n\n- [1115628] Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-12\n\n- [1117687] Medium CVE-2021-30532: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-18\n\n- [1145553] Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker. Reported by Eliya Stein on 2020-11-04\n\n- [1151507] Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox. Reported by Alesandro Ortiz on 2020-11-20\n\n- [1194899] Medium CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2021-04-01\n\n- [1145024] Medium CVE-2021-21212: Insufficient data validation in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03\n\n- [1194358] Low CVE-2021-30536: Out of bounds read in V8. Reported by Chris Salls (@salls) on 2021-03-31\n\n- [830101] Low CVE-2021-30537: Insufficient policy enforcement in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06\n\n- [1115045] Low CVE-2021-30538: Insufficient policy enforcement in content security policy. Reported by Tianze Ding (@D1iv3) of Tencent Security Xuanwu Lab on 2020-08-11\n\n- [971231] Low CVE-2021-30539: Insufficient policy enforcement in content security policy. Reported by unnamed researcher on 2019-06-05\n\n- [1184147] Low CVE-2021-30540: Incorrect security UI in payments.\nReported by @retsew0x01 on 2021-03-03", "cvss3": {}, "published": "2021-05-27T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (674ed047-be0a-11eb-b927-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_674ED047BE0A11EBB9273065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/150015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150015);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-21212\",\n \"CVE-2021-30521\",\n \"CVE-2021-30522\",\n \"CVE-2021-30523\",\n \"CVE-2021-30524\",\n \"CVE-2021-30525\",\n \"CVE-2021-30526\",\n \"CVE-2021-30527\",\n \"CVE-2021-30528\",\n \"CVE-2021-30529\",\n \"CVE-2021-30530\",\n \"CVE-2021-30531\",\n \"CVE-2021-30532\",\n \"CVE-2021-30533\",\n \"CVE-2021-30534\",\n \"CVE-2021-30535\",\n \"CVE-2021-30536\",\n \"CVE-2021-30537\",\n \"CVE-2021-30538\",\n \"CVE-2021-30539\",\n \"CVE-2021-30540\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0253-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/18\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (674ed047-be0a-11eb-b927-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release contains 32 security fixes, including :\n\n- [1208721] High CVE-2021-30521: Heap buffer overflow in Autofill.\nReported by ZhanJia Song on 2021-05-13\n\n- [1176218] High CVE-2021-30522: Use after free in WebAudio. Reported\nby Piotr Bania of Cisco Talos on 2021-02-09\n\n- [1187797] High CVE-2021-30523: Use after free in WebRTC. Reported by\nTolyan Korniltsev on 2021-03-13\n\n- [1197146] High CVE-2021-30524: Use after free in TabStrip. Reported\nby David Erceg on 2021-04-08\n\n- [1197888] High CVE-2021-30525: Use after free in TabGroups. Reported\nby David Erceg on 2021-04-11\n\n- [1198717] High CVE-2021-30526: Out of bounds write in TabStrip.\nReported by David Erceg on 2021-04-13\n\n- [1199198] High CVE-2021-30527: Use after free in WebUI. Reported by\nDavid Erceg on 2021-04-15\n\n- [1206329] High CVE-2021-30528: Use after free in WebAuthentication.\nReported by Man Yue Mo of GitHub Security Lab on 2021-05-06\n\n- [1195278] Medium CVE-2021-30529: Use after free in Bookmarks.\nReported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360\nAlpha Lab on 2021-04-02\n\n- [1201033] Medium CVE-2021-30530: Out of bounds memory access in\nWebAudio. Reported by kkwon on 2021-04-21\n\n- [1115628] Medium CVE-2021-30531: Insufficient policy enforcement in\nContent Security Policy. Reported by Philip Papurt on 2020-08-12\n\n- [1117687] Medium CVE-2021-30532: Insufficient policy enforcement in\nContent Security Policy. Reported by Philip Papurt on 2020-08-18\n\n- [1145553] Medium CVE-2021-30533: Insufficient policy enforcement in\nPopupBlocker. Reported by Eliya Stein on 2020-11-04\n\n- [1151507] Medium CVE-2021-30534: Insufficient policy enforcement in\niFrameSandbox. Reported by Alesandro Ortiz on 2020-11-20\n\n- [1194899] Medium CVE-2021-30535: Double free in ICU. Reported by\nnocma, leogan, cheneyxu of WeChat Open Platform Security Team on\n2021-04-01\n\n- [1145024] Medium CVE-2021-21212: Insufficient data validation in\nnetworking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese\nUniversity of Hong Kong on 2020-11-03\n\n- [1194358] Low CVE-2021-30536: Out of bounds read in V8. Reported by\nChris Salls (@salls) on 2021-03-31\n\n- [830101] Low CVE-2021-30537: Insufficient policy enforcement in\ncookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06\n\n- [1115045] Low CVE-2021-30538: Insufficient policy enforcement in\ncontent security policy. Reported by Tianze Ding (@D1iv3) of Tencent\nSecurity Xuanwu Lab on 2020-08-11\n\n- [971231] Low CVE-2021-30539: Insufficient policy enforcement in\ncontent security policy. Reported by unnamed researcher on 2019-06-05\n\n- [1184147] Low CVE-2021-30540: Incorrect security UI in payments.\nReported by @retsew0x01 on 2021-03-03\");\n # https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3a02fb7a\");\n # https://vuxml.freebsd.org/freebsd/674ed047-be0a-11eb-b927-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b872e03f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30535\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<91.0.4472.77\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:16", "description": "The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.77. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop_25 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-25T00:00:00", "type": "nessus", "title": "Google Chrome < 91.0.4472.77 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_91_0_4472_77.NASL", "href": "https://www.tenable.com/plugins/nessus/149901", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149901);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-21212\",\n \"CVE-2021-30521\",\n \"CVE-2021-30522\",\n \"CVE-2021-30523\",\n \"CVE-2021-30524\",\n \"CVE-2021-30525\",\n \"CVE-2021-30526\",\n \"CVE-2021-30527\",\n \"CVE-2021-30528\",\n \"CVE-2021-30529\",\n \"CVE-2021-30530\",\n \"CVE-2021-30531\",\n \"CVE-2021-30532\",\n \"CVE-2021-30533\",\n \"CVE-2021-30534\",\n \"CVE-2021-30535\",\n \"CVE-2021-30536\",\n \"CVE-2021-30537\",\n \"CVE-2021-30538\",\n \"CVE-2021-30539\",\n \"CVE-2021-30540\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0253-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/18\");\n\n script_name(english:\"Google Chrome < 91.0.4472.77 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.77. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop_25 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3a02fb7a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1208721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1176218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1187797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1198717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1199198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1206329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1115628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1117687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1145553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1145024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/830101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1115045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/971231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1184147\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 91.0.4472.77 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30535\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'91.0.4472.77', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:02", "description": "This update for chromium fixes the following issues :\n\nChromium 91.0.4472.77 (boo#1186458) :\n\n - Support Managed configuration API for Web Applications\n\n - WebOTP API: cross-origin iframe support\n\n - CSS custom counter styles\n\n - Support JSON Modules\n\n - Clipboard: read-only files support\n\n - Remove webkitBeforeTextInserted & webkitEditableCOntentChanged JS events\n\n - Honor media HTML attribute for link icon\n\n - Import Assertions\n\n - Class static initializer blocks\n\n - Ergonomic brand checks for private fields\n\n - Expose WebAssembly SIMD\n\n - New Feature: WebTransport\n\n - ES Modules for service workers ('module' type option)\n\n - Suggested file name and location for the File System Access API\n\n - adaptivePTime property for RTCRtpEncodingParameters\n\n - Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack\n\n - Support WebSockets over HTTP/2\n\n - Support 103 Early Hints for Navigation\n\n - CVE-2021-30521: Heap buffer overflow in Autofill\n\n - CVE-2021-30522: Use after free in WebAudio\n\n - CVE-2021-30523: Use after free in WebRTC\n\n - CVE-2021-30524: Use after free in TabStrip\n\n - CVE-2021-30525: Use after free in TabGroups\n\n - CVE-2021-30526: Out of bounds write in TabStrip\n\n - CVE-2021-30527: Use after free in WebUI\n\n - CVE-2021-30528: Use after free in WebAuthentication\n\n - CVE-2021-30529: Use after free in Bookmarks\n\n - CVE-2021-30530: Out of bounds memory access in WebAudio\n\n - CVE-2021-30531: Insufficient policy enforcement in Content Security Policy\n\n - CVE-2021-30532: Insufficient policy enforcement in Content Security Policy\n\n - CVE-2021-30533: Insufficient policy enforcement in PopupBlocker\n\n - CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox\n\n - CVE-2021-30535: Double free in ICU\n\n - CVE-2021-21212: Insufficient data validation in networking\n\n - CVE-2021-30536: Out of bounds read in V8\n\n - CVE-2021-30537: Insufficient policy enforcement in cookies\n\n - CVE-2021-30538: Insufficient policy enforcement in content security policy\n\n - CVE-2021-30539: Insufficient policy enforcement in content security policy\n\n - CVE-2021-30540: Incorrect security UI in payments\n\n - Various fixes from internal audits, fuzzing and other initiatives", "cvss3": {}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2021-825)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-825.NASL", "href": "https://www.tenable.com/plugins/nessus/150269", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-825.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150269);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-21212\",\n \"CVE-2021-30521\",\n \"CVE-2021-30522\",\n \"CVE-2021-30523\",\n \"CVE-2021-30524\",\n \"CVE-2021-30525\",\n \"CVE-2021-30526\",\n \"CVE-2021-30527\",\n \"CVE-2021-30528\",\n \"CVE-2021-30529\",\n \"CVE-2021-30530\",\n \"CVE-2021-30531\",\n \"CVE-2021-30532\",\n \"CVE-2021-30533\",\n \"CVE-2021-30534\",\n \"CVE-2021-30535\",\n \"CVE-2021-30536\",\n \"CVE-2021-30537\",\n \"CVE-2021-30538\",\n \"CVE-2021-30539\",\n \"CVE-2021-30540\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/18\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2021-825)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for chromium fixes the following issues :\n\nChromium 91.0.4472.77 (boo#1186458) :\n\n - Support Managed configuration API for Web Applications\n\n - WebOTP API: cross-origin iframe support\n\n - CSS custom counter styles\n\n - Support JSON Modules\n\n - Clipboard: read-only files support\n\n - Remove webkitBeforeTextInserted &\n webkitEditableCOntentChanged JS events\n\n - Honor media HTML attribute for link icon\n\n - Import Assertions\n\n - Class static initializer blocks\n\n - Ergonomic brand checks for private fields\n\n - Expose WebAssembly SIMD\n\n - New Feature: WebTransport\n\n - ES Modules for service workers ('module' type option)\n\n - Suggested file name and location for the File System\n Access API\n\n - adaptivePTime property for RTCRtpEncodingParameters\n\n - Block HTTP port 10080 - mitigation for NAT Slipstream\n 2.0 attack\n\n - Support WebSockets over HTTP/2\n\n - Support 103 Early Hints for Navigation\n\n - CVE-2021-30521: Heap buffer overflow in Autofill\n\n - CVE-2021-30522: Use after free in WebAudio\n\n - CVE-2021-30523: Use after free in WebRTC\n\n - CVE-2021-30524: Use after free in TabStrip\n\n - CVE-2021-30525: Use after free in TabGroups\n\n - CVE-2021-30526: Out of bounds write in TabStrip\n\n - CVE-2021-30527: Use after free in WebUI\n\n - CVE-2021-30528: Use after free in WebAuthentication\n\n - CVE-2021-30529: Use after free in Bookmarks\n\n - CVE-2021-30530: Out of bounds memory access in WebAudio\n\n - CVE-2021-30531: Insufficient policy enforcement in\n Content Security Policy\n\n - CVE-2021-30532: Insufficient policy enforcement in\n Content Security Policy\n\n - CVE-2021-30533: Insufficient policy enforcement in\n PopupBlocker\n\n - CVE-2021-30534: Insufficient policy enforcement in\n iFrameSandbox\n\n - CVE-2021-30535: Double free in ICU\n\n - CVE-2021-21212: Insufficient data validation in\n networking\n\n - CVE-2021-30536: Out of bounds read in V8\n\n - CVE-2021-30537: Insufficient policy enforcement in\n cookies\n\n - CVE-2021-30538: Insufficient policy enforcement in\n content security policy\n\n - CVE-2021-30539: Insufficient policy enforcement in\n content security policy\n\n - CVE-2021-30540: Incorrect security UI in payments\n\n - Various fixes from internal audits, fuzzing and other\n initiatives\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1186458\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30535\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-91.0.4472.77-lp152.2.98.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-91.0.4472.77-lp152.2.98.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-91.0.4472.77-lp152.2.98.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-91.0.4472.77-lp152.2.98.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:19", "description": "The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.77. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop_25 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-25T00:00:00", "type": "nessus", "title": "Google Chrome < 91.0.4472.77 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_91_0_4472_77.NASL", "href": "https://www.tenable.com/plugins/nessus/149900", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149900);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-21212\",\n \"CVE-2021-30521\",\n \"CVE-2021-30522\",\n \"CVE-2021-30523\",\n \"CVE-2021-30524\",\n \"CVE-2021-30525\",\n \"CVE-2021-30526\",\n \"CVE-2021-30527\",\n \"CVE-2021-30528\",\n \"CVE-2021-30529\",\n \"CVE-2021-30530\",\n \"CVE-2021-30531\",\n \"CVE-2021-30532\",\n \"CVE-2021-30533\",\n \"CVE-2021-30534\",\n \"CVE-2021-30535\",\n \"CVE-2021-30536\",\n \"CVE-2021-30537\",\n \"CVE-2021-30538\",\n \"CVE-2021-30539\",\n \"CVE-2021-30540\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0253-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/18\");\n\n script_name(english:\"Google Chrome < 91.0.4472.77 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.77. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop_25 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3a02fb7a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1208721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1176218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1187797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1198717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1199198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1206329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1115628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1117687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1145553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1145024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/830101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1115045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/971231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1184147\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 91.0.4472.77 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30535\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'91.0.4472.77', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T14:41:58", "description": "This update for chromium fixes the following issues :\n\n - Chromium was updated to 90.0.4430.93 (boo#1184764,boo#1185047,boo#1185398)\n\n - CVE-2021-21227: Insufficient data validation in V8. \n\n - CVE-2021-21232: Use after free in Dev Tools. \n\n - CVE-2021-21233: Heap buffer overflow in ANGLE.\n\n - CVE-2021-21228: Insufficient policy enforcement in extensions.\n\n - CVE-2021-21229: Incorrect security UI in downloads.\n\n - CVE-2021-21230: Type Confusion in V8. \n\n - CVE-2021-21231: Insufficient data validation in V8.\n\n - CVE-2021-21222: Heap buffer overflow in V8\n\n - CVE-2021-21223: Integer overflow in Mojo\n\n - CVE-2021-21224: Type Confusion in V8\n\n - CVE-2021-21225: Out of bounds memory access in V8\n\n - CVE-2021-21226: Use after free in navigation\n\n - CVE-2021-21201: Use after free in permissions\n\n - CVE-2021-21202: Use after free in extensions\n\n - CVE-2021-21203: Use after free in Blink\n\n - CVE-2021-21204: Use after free in Blink\n\n - CVE-2021-21205: Insufficient policy enforcement in navigation\n\n - CVE-2021-21221: Insufficient validation of untrusted input in Mojo\n\n - CVE-2021-21207: Use after free in IndexedDB\n\n - CVE-2021-21208: Insufficient data validation in QR scanner\n\n - CVE-2021-21209: Inappropriate implementation in storage\n\n - CVE-2021-21210: Inappropriate implementation in Network\n\n - CVE-2021-21211: Inappropriate implementation in Navigatio \n\n - CVE-2021-21212: Incorrect security UI in Network Config UI\n\n - CVE-2021-21213: Use after free in WebMIDI", "cvss3": {}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2021-629)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-629.NASL", "href": "https://www.tenable.com/plugins/nessus/149603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-629.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149603);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-21201\",\n \"CVE-2021-21202\",\n \"CVE-2021-21203\",\n \"CVE-2021-21204\",\n \"CVE-2021-21205\",\n \"CVE-2021-21207\",\n \"CVE-2021-21208\",\n \"CVE-2021-21209\",\n \"CVE-2021-21210\",\n \"CVE-2021-21211\",\n \"CVE-2021-21212\",\n \"CVE-2021-21213\",\n \"CVE-2021-21221\",\n \"CVE-2021-21222\",\n \"CVE-2021-21223\",\n \"CVE-2021-21224\",\n \"CVE-2021-21225\",\n \"CVE-2021-21226\",\n \"CVE-2021-21227\",\n \"CVE-2021-21228\",\n \"CVE-2021-21229\",\n \"CVE-2021-21230\",\n \"CVE-2021-21231\",\n \"CVE-2021-21232\",\n \"CVE-2021-21233\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2021-629)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for chromium fixes the following issues :\n\n - Chromium was updated to 90.0.4430.93\n (boo#1184764,boo#1185047,boo#1185398)\n\n - CVE-2021-21227: Insufficient data validation in V8. \n\n - CVE-2021-21232: Use after free in Dev Tools. \n\n - CVE-2021-21233: Heap buffer overflow in ANGLE.\n\n - CVE-2021-21228: Insufficient policy enforcement in\n extensions.\n\n - CVE-2021-21229: Incorrect security UI in downloads.\n\n - CVE-2021-21230: Type Confusion in V8. \n\n - CVE-2021-21231: Insufficient data validation in V8.\n\n - CVE-2021-21222: Heap buffer overflow in V8\n\n - CVE-2021-21223: Integer overflow in Mojo\n\n - CVE-2021-21224: Type Confusion in V8\n\n - CVE-2021-21225: Out of bounds memory access in V8\n\n - CVE-2021-21226: Use after free in navigation\n\n - CVE-2021-21201: Use after free in permissions\n\n - CVE-2021-21202: Use after free in extensions\n\n - CVE-2021-21203: Use after free in Blink\n\n - CVE-2021-21204: Use after free in Blink\n\n - CVE-2021-21205: Insufficient policy enforcement in\n navigation\n\n - CVE-2021-21221: Insufficient validation of untrusted\n input in Mojo\n\n - CVE-2021-21207: Use after free in IndexedDB\n\n - CVE-2021-21208: Insufficient data validation in QR\n scanner\n\n - CVE-2021-21209: Inappropriate implementation in storage\n\n - CVE-2021-21210: Inappropriate implementation in Network\n\n - CVE-2021-21211: Inappropriate implementation in\n Navigatio \n\n - CVE-2021-21212: Incorrect security UI in Network Config\n UI\n\n - CVE-2021-21213: Use after free in WebMIDI\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=11845047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1185398\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21233\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21226\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-90.0.4430.93-lp152.2.89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-90.0.4430.93-lp152.2.89.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-90.0.4430.93-lp152.2.89.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-90.0.4430.93-lp152.2.89.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T14:39:49", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2021-21201 Gengming Liu and Jianyu Chen discovered a use-after-free issue.\n\n - CVE-2021-21202 David Erceg discovered a use-after-free issue in extensions.\n\n - CVE-2021-21203 asnine discovered a use-after-free issue in Blink/Webkit.\n\n - CVE-2021-21204 Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander discovered a use-after-free issue in Blink/Webkit.\n\n - CVE-2021-21205 Alison Huffman discovered a policy enforcement error.\n\n - CVE-2021-21207 koocola and Nan Wang discovered a use-after-free in the indexed database.\n\n - CVE-2021-21208 Ahmed Elsobky discovered a data validation error in the QR code scanner.\n\n - CVE-2021-21209 Tom Van Goethem discovered an implementation error in the Storage API.\n\n - CVE-2021-21210 @bananabr discovered an error in the networking implementation.\n\n - CVE-2021-21211 Akash Labade discovered an error in the navigation implementation.\n\n - CVE-2021-21212 Hugo Hue and Sze Yui Chau discovered an error in the network configuration user interface.\n\n - CVE-2021-21213 raven discovered a use-after-free issue in the WebMIDI implementation.\n\n - CVE-2021-21214 A use-after-free issue was discovered in the networking implementation.\n\n - CVE-2021-21215 Abdulrahman Alqabandi discovered an error in the Autofill feature.\n\n - CVE-2021-21216 Abdulrahman Alqabandi discovered an error in the Autofill feature.\n\n - CVE-2021-21217 Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\n - CVE-2021-21218 Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\n - CVE-2021-21219 Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\n - CVE-2021-21221 Guang Gong discovered insufficient validation of untrusted input.\n\n - CVE-2021-21222 Guang Gong discovered a buffer overflow issue in the v8 JavaScript library.\n\n - CVE-2021-21223 Guang Gong discovered an integer overflow issue.\n\n - CVE-2021-21224 Jose Martinez discovered a type error in the v8 JavaScript library.\n\n - CVE-2021-21225 Brendon Tiszka discovered an out-of-bounds memory access issue in the v8 JavaScript library.\n\n - CVE-2021-21226 Brendon Tiszka discovered a use-after-free issue in the networking implementation.", "cvss3": {}, "published": "2021-04-29T00:00:00", "type": "nessus", "title": "Debian DSA-4906-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4906.NASL", "href": "https://www.tenable.com/plugins/nessus/149082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4906. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149082);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2021-21201\", \"CVE-2021-21202\", \"CVE-2021-21203\", \"CVE-2021-21204\", \"CVE-2021-21205\", \"CVE-2021-21207\", \"CVE-2021-21208\", \"CVE-2021-21209\", \"CVE-2021-21210\", \"CVE-2021-21211\", \"CVE-2021-21212\", \"CVE-2021-21213\", \"CVE-2021-21214\", \"CVE-2021-21215\", \"CVE-2021-21216\", \"CVE-2021-21217\", \"CVE-2021-21218\", \"CVE-2021-21219\", \"CVE-2021-21221\", \"CVE-2021-21222\", \"CVE-2021-21223\", \"CVE-2021-21224\", \"CVE-2021-21225\", \"CVE-2021-21226\");\n script_xref(name:\"DSA\", value:\"4906\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Debian DSA-4906-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2021-21201\n Gengming Liu and Jianyu Chen discovered a use-after-free\n issue.\n\n - CVE-2021-21202\n David Erceg discovered a use-after-free issue in\n extensions.\n\n - CVE-2021-21203\n asnine discovered a use-after-free issue in\n Blink/Webkit.\n\n - CVE-2021-21204\n Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander\n discovered a use-after-free issue in Blink/Webkit.\n\n - CVE-2021-21205\n Alison Huffman discovered a policy enforcement error.\n\n - CVE-2021-21207\n koocola and Nan Wang discovered a use-after-free in the\n indexed database.\n\n - CVE-2021-21208\n Ahmed Elsobky discovered a data validation error in the\n QR code scanner.\n\n - CVE-2021-21209\n Tom Van Goethem discovered an implementation error in\n the Storage API.\n\n - CVE-2021-21210\n @bananabr discovered an error in the networking\n implementation.\n\n - CVE-2021-21211\n Akash Labade discovered an error in the navigation\n implementation.\n\n - CVE-2021-21212\n Hugo Hue and Sze Yui Chau discovered an error in the\n network configuration user interface.\n\n - CVE-2021-21213\n raven discovered a use-after-free issue in the WebMIDI\n implementation.\n\n - CVE-2021-21214\n A use-after-free issue was discovered in the networking\n implementation.\n\n - CVE-2021-21215\n Abdulrahman Alqabandi discovered an error in the\n Autofill feature.\n\n - CVE-2021-21216\n Abdulrahman Alqabandi discovered an error in the\n Autofill feature.\n\n - CVE-2021-21217\n Zhou Aiting discovered use of uninitialized memory in\n the pdfium library.\n\n - CVE-2021-21218\n Zhou Aiting discovered use of uninitialized memory in\n the pdfium library.\n\n - CVE-2021-21219\n Zhou Aiting discovered use of uninitialized memory in\n the pdfium library.\n\n - CVE-2021-21221\n Guang Gong discovered insufficient validation of\n untrusted input.\n\n - CVE-2021-21222\n Guang Gong discovered a buffer overflow issue in the v8\n JavaScript library.\n\n - CVE-2021-21223\n Guang Gong discovered an integer overflow issue.\n\n - CVE-2021-21224\n Jose Martinez discovered a type error in the v8\n JavaScript library.\n\n - CVE-2021-21225\n Brendon Tiszka discovered an out-of-bounds memory access\n issue in the v8 JavaScript library.\n\n - CVE-2021-21226\n Brendon Tiszka discovered a use-after-free issue in the\n networking implementation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21226\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4906\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 90.0.4430.85-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"90.0.4430.85-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:51", "description": "The remote host is affected by the vulnerability described in GLSA-202104-08 (Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2021-05-03T00:00:00", "type": "nessus", "title": "GLSA-202104-08 : Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-2119", "CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193", "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202104-08.NASL", "href": "https://www.tenable.com/plugins/nessus/149223", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202104-08.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149223);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2021-21142\", \"CVE-2021-21143\", \"CVE-2021-21144\", \"CVE-2021-21145\", \"CVE-2021-21146\", \"CVE-2021-21147\", \"CVE-2021-21148\", \"CVE-2021-21149\", \"CVE-2021-21150\", \"CVE-2021-21151\", \"CVE-2021-21152\", \"CVE-2021-21153\", \"CVE-2021-21154\", \"CVE-2021-21155\", \"CVE-2021-21156\", \"CVE-2021-21157\", \"CVE-2021-21159\", \"CVE-2021-21160\", \"CVE-2021-21161\", \"CVE-2021-21162\", \"CVE-2021-21163\", \"CVE-2021-21165\", \"CVE-2021-21166\", \"CVE-2021-21167\", \"CVE-2021-21168\", \"CVE-2021-21169\", \"CVE-2021-21170\", \"CVE-2021-21171\", \"CVE-2021-21172\", \"CVE-2021-21173\", \"CVE-2021-21174\", \"CVE-2021-21175\", \"CVE-2021-21176\", \"CVE-2021-21177\", \"CVE-2021-21178\", \"CVE-2021-21179\", \"CVE-2021-21180\", \"CVE-2021-21181\", \"CVE-2021-21182\", \"CVE-2021-21183\", \"CVE-2021-21184\", \"CVE-2021-21185\", \"CVE-2021-21186\", \"CVE-2021-21187\", \"CVE-2021-21188\", \"CVE-2021-21189\", \"CVE-2021-2119\", \"CVE-2021-21191\", \"CVE-2021-21192\", \"CVE-2021-21193\", \"CVE-2021-21194\", \"CVE-2021-21195\", \"CVE-2021-21196\", \"CVE-2021-21197\", \"CVE-2021-21198\", \"CVE-2021-21199\", \"CVE-2021-21201\", \"CVE-2021-21202\", \"CVE-2021-21203\", \"CVE-2021-21204\", \"CVE-2021-21205\", \"CVE-2021-21206\", \"CVE-2021-21207\", \"CVE-2021-21208\", \"CVE-2021-21209\", \"CVE-2021-21210\", \"CVE-2021-21211\", \"CVE-2021-21212\", \"CVE-2021-21213\", \"CVE-2021-21214\", \"CVE-2021-21215\", \"CVE-2021-21216\", \"CVE-2021-21217\", \"CVE-2021-21218\", \"CVE-2021-21219\", \"CVE-2021-21220\", \"CVE-2021-21221\", \"CVE-2021-21222\", \"CVE-2021-21223\", \"CVE-2021-21224\", \"CVE-2021-21225\", \"CVE-2021-21226\", \"CVE-2021-21227\", \"CVE-2021-21228\", \"CVE-2021-21229\", \"CVE-2021-21230\", \"CVE-2021-21231\", \"CVE-2021-21232\", \"CVE-2021-21233\");\n script_xref(name:\"GLSA\", value:\"202104-08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0007\");\n\n script_name(english:\"GLSA-202104-08 : Chromium, Google Chrome: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202104-08\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202104-08\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-90.0.4430.93'\n All Google Chrome users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/google-chrome-90.0.4430.93'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21233\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 90.0.4430.93\"), vulnerable:make_list(\"lt 90.0.4430.93\"))) flag++;\nif (qpkg_check(package:\"www-client/google-chrome\", unaffected:make_list(\"ge 90.0.4430.93\"), vulnerable:make_list(\"lt 90.0.4430.93\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "freebsd": [{"lastseen": "2023-05-27T14:56:04", "description": "\n\nChrome Releases reports:\n\nThis release contains 37 security fixes, including:\n\n[1025683] High CVE-2021-21201: Use after free in permissions.\n\t Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security\n\t Lab on 2019-11-18\n[1188889] High CVE-2021-21202: Use after free in extensions.\n\t Reported by David Erceg on 2021-03-16\n[1192054] High CVE-2021-21203: Use after free in Blink.\n\t Reported by asnine on 2021-03-24\n[1189926] High CVE-2021-21204: Use after free in Blink.\n\t Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily\n\t Voigtlander of Seesaw on 2021-03-19\n[1165654] High CVE-2021-21205: Insufficient policy enforcement\n\t in navigation. Reported by Alison Huffman, Microsoft Browser\n\t Vulnerability Research on 2021-01-12\n[1195333] High CVE-2021-21221: Insufficient validation of\n\t untrusted input in Mojo. Reported by Guang Gong of Alpha Lab,\n\t Qihoo 360 on 2021-04-02\n[1185732] Medium CVE-2021-21207: Use after free in IndexedDB.\n\t Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13)\n\t of 360 Alpha Lab on 2021-03-08\n[1039539] Medium CVE-2021-21208: Insufficient data validation\n\t in QR scanner. Reported by Ahmed Elsobky (@0xsobky) on\n\t 2020-01-07\n[1143526] Medium CVE-2021-21209: Inappropriate implementation\n\t in storage. Reported by Tom Van Goethem (@tomvangoethem) on\n\t 2020-10-29\n[1184562] Medium CVE-2021-21210: Inappropriate implementation\n\t in Network. Reported by @bananabr on 2021-03-04\n[1103119] Medium CVE-2021-21211: Inappropriate implementation\n\t in Navigation. Reported by Akash Labade (m0ns7er) on\n\t 2020-07-08\n[1145024] Medium CVE-2021-21212: Incorrect security UI in\n\t Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the\n\t Chinese University of Hong Kong on 2020-11-03\n[1161806] Medium CVE-2021-21213: Use after free in WebMIDI.\n\t Reported by raven (@raid_akame) on 2020-12-25\n[1170148] Medium CVE-2021-21214: Use after free in Network API.\n\t Reported by Anonymous on 2021-01-24\n[1172533] Medium CVE-2021-21215: Inappropriate implementation\n\t in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser\n\t Vulnerability Research on 2021-01-30\n[1173297] Medium CVE-2021-21216: Inappropriate implementation\n\t in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser\n\t Vulnerability Research on 2021-02-02\n[1166462] Low CVE-2021-21217: Uninitialized Use in PDFium.\n\t Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on\n\t 2021-01-14\n[1166478] Low CVE-2021-21218: Uninitialized Use in PDFium.\n\t Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on\n\t 2021-01-14\n[1166972] Low CVE-2021-21219: Uninitialized Use in PDFium.\n\t Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on\n\t 2021-01-15\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-14T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221"], "modified": "2021-04-14T00:00:00", "id": "F3D86439-9DEF-11EB-97A0-E09467587C17", "href": "https://vuxml.freebsd.org/freebsd/f3d86439-9def-11eb-97a0-e09467587c17.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T15:37:27", "description": "\n\nChrome Releases reports:\n\nThis release contains 32 security fixes, including:\n\n[1208721] High CVE-2021-30521: Heap buffer overflow in Autofill.\n\t Reported by ZhanJia Song on 2021-05-13\n[1176218] High CVE-2021-30522: Use after free in WebAudio.\n\t Reported by Piotr Bania of Cisco Talos on 2021-02-09\n[1187797] High CVE-2021-30523: Use after free in WebRTC.\n\t Reported by Tolyan Korniltsev on 2021-03-13\n[1197146] High CVE-2021-30524: Use after free in TabStrip.\n\t Reported by David Erceg on 2021-04-08\n[1197888] High CVE-2021-30525: Use after free in TabGroups.\n\t Reported by David Erceg on 2021-04-11\n[1198717] High CVE-2021-30526: Out of bounds write in\n\t TabStrip. Reported by David Erceg on 2021-04-13\n[1199198] High CVE-2021-30527: Use after free in WebUI.\n\t Reported by David Erceg on 2021-04-15\n[1206329] High CVE-2021-30528: Use after free in\n\t WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab on\n\t 2021-05-06\n[1195278] Medium CVE-2021-30529: Use after free in Bookmarks.\n\t Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of\n\t 360 Alpha Lab on 2021-04-02\n[1201033] Medium CVE-2021-30530: Out of bounds memory access\n\t in WebAudio. Reported by kkwon on 2021-04-21\n[1115628] Medium CVE-2021-30531: Insufficient policy\n\t enforcement in Content Security Policy. Reported by Philip Papurt on\n\t 2020-08-12\n[1117687] Medium CVE-2021-30532: Insufficient policy\n\t enforcement in Content Security Policy. Reported by Philip Papurt on\n\t 2020-08-18\n[1145553] Medium CVE-2021-30533: Insufficient policy\n\t enforcement in PopupBlocker. Reported by Eliya Stein on\n\t 2020-11-04\n[1151507] Medium CVE-2021-30534: Insufficient policy\n\t enforcement in iFrameSandbox. Reported by Alesandro Ortiz on\n\t 2020-11-20\n[1194899] Medium CVE-2021-30535: Double free in ICU. Reported\n\t by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on\n\t 2021-04-01\n[1145024] Medium CVE-2021-21212: Insufficient data validation\n\t in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese\n\t University of Hong Kong on 2020-11-03\n[1194358] Low CVE-2021-30536: Out of bounds read in V8.\n\t Reported by Chris Salls (@salls) on 2021-03-31\n[830101] Low CVE-2021-30537: Insufficient policy enforcement\n\t in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06\n[1115045] Low CVE-2021-30538: Insufficient policy enforcement\n\t in content security policy. Reported by Tianze Ding (@D1iv3) of\n\t Tencent Security Xuanwu Lab on 2020-08-11\n[971231] Low CVE-2021-30539: Insufficient policy enforcement\n\t in content security policy. Reported by unnamed researcher on\n\t 2019-06-05\n[1184147] Low CVE-2021-30540: Incorrect security UI in\n\t payments. Reported by @retsew0x01 on 2021-03-03\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2021-05-25T00:00:00", "id": "674ED047-BE0A-11EB-B927-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/674ed047-be0a-11eb-b927-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-05-27T15:01:31", "description": "### *Detect date*:\n04/14/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information, spoof user interface.\n\n### *Affected products*:\nGoogle Chrome earlier than 90.0.4430.72\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2021-21216](<https://vulners.com/cve/CVE-2021-21216>)4.3Warning \n[CVE-2021-21221](<https://vulners.com/cve/CVE-2021-21221>)4.3Warning \n[CVE-2021-21201](<https://vulners.com/cve/CVE-2021-21201>)6.8High \n[CVE-2021-21202](<https://vulners.com/cve/CVE-2021-21202>)6.8High \n[CVE-2021-21209](<https://vulners.com/cve/CVE-2021-21209>)4.3Warning \n[CVE-2021-21205](<https://vulners.com/cve/CVE-2021-21205>)5.8High \n[CVE-2021-21213](<https://vulners.com/cve/CVE-2021-21213>)6.8High \n[CVE-2021-21204](<https://vulners.com/cve/CVE-2021-21204>)6.8High \n[CVE-2021-21210](<https://vulners.com/cve/CVE-2021-21210>)4.3Warning \n[CVE-2021-21219](<https://vulners.com/cve/CVE-2021-21219>)4.3Warning \n[CVE-2021-21203](<https://vulners.com/cve/CVE-2021-21203>)6.8High \n[CVE-2021-21212](<https://vulners.com/cve/CVE-2021-21212>)4.3Warning \n[CVE-2021-21211](<https://vulners.com/cve/CVE-2021-21211>)4.3Warning \n[CVE-2021-21207](<https://vulners.com/cve/CVE-2021-21207>)6.8High \n[CVE-2021-21215](<https://vulners.com/cve/CVE-2021-21215>)4.3Warning \n[CVE-2021-21218](<https://vulners.com/cve/CVE-2021-21218>)4.3Warning \n[CVE-2021-21214](<https://vulners.com/cve/CVE-2021-21214>)6.8High \n[CVE-2021-21217](<https://vulners.com/cve/CVE-2021-21217>)4.3Warning \n[CVE-2021-21208](<https://vulners.com/cve/CVE-2021-21208>)4.3Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-14T00:00:00", "type": "kaspersky", "title": "KLA12144 Multiple vulnerabiltiies in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221"], "modified": "2021-04-22T00:00:00", "id": "KLA12144", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12144/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:01:30", "description": "### *Detect date*:\n04/15/2021\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information, spoof user interface.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2021-21203](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21203>) \n[CVE-2021-21212](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21212>) \n[CVE-2021-21217](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21217>) \n[CVE-2021-21213](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21213>) \n[CVE-2021-21204](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21204>) \n[CVE-2021-21214](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21214>) \n[CVE-2021-21211](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21211>) \n[CVE-2021-21201](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21201>) \n[CVE-2021-21210](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21210>) \n[CVE-2021-21219](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21219>) \n[CVE-2021-21215](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21215>) \n[CVE-2021-21202](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21202>) \n[CVE-2021-21218](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21218>) \n[CVE-2021-21216](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21216>) \n[CVE-2021-21209](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21209>) \n[CVE-2021-21205](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21205>) \n[CVE-2021-21221](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21221>) \n[CVE-2021-21207](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21207>) \n[CVE-2021-21208](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-21208>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2021-21216](<https://vulners.com/cve/CVE-2021-21216>)4.3Warning \n[CVE-2021-21221](<https://vulners.com/cve/CVE-2021-21221>)4.3Warning \n[CVE-2021-21201](<https://vulners.com/cve/CVE-2021-21201>)6.8High \n[CVE-2021-21202](<https://vulners.com/cve/CVE-2021-21202>)6.8High \n[CVE-2021-21209](<https://vulners.com/cve/CVE-2021-21209>)4.3Warning \n[CVE-2021-21205](<https://vulners.com/cve/CVE-2021-21205>)5.8High \n[CVE-2021-21213](<https://vulners.com/cve/CVE-2021-21213>)6.8High \n[CVE-2021-21204](<https://vulners.com/cve/CVE-2021-21204>)6.8High \n[CVE-2021-21210](<https://vulners.com/cve/CVE-2021-21210>)4.3Warning \n[CVE-2021-21219](<https://vulners.com/cve/CVE-2021-21219>)4.3Warning \n[CVE-2021-21203](<https://vulners.com/cve/CVE-2021-21203>)6.8High \n[CVE-2021-21212](<https://vulners.com/cve/CVE-2021-21212>)4.3Warning \n[CVE-2021-21211](<https://vulners.com/cve/CVE-2021-21211>)4.3Warning \n[CVE-2021-21207](<https://vulners.com/cve/CVE-2021-21207>)6.8High \n[CVE-2021-21215](<https://vulners.com/cve/CVE-2021-21215>)4.3Warning \n[CVE-2021-21218](<https://vulners.com/cve/CVE-2021-21218>)4.3Warning \n[CVE-2021-21214](<https://vulners.com/cve/CVE-2021-21214>)6.8High \n[CVE-2021-21217](<https://vulners.com/cve/CVE-2021-21217>)4.3Warning \n[CVE-2021-21208](<https://vulners.com/cve/CVE-2021-21208>)4.3Warning\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-15T00:00:00", "type": "kaspersky", "title": "KLA12145 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221"], "modified": "2023-03-28T00:00:00", "id": "KLA12145", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12145/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-08T04:09:03", "description": "An update that fixes 21 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 91.0.4472.77 (boo#1186458):\n\n * Support Managed configuration API for Web Applications\n * WebOTP API: cross-origin iframe support\n * CSS custom counter styles\n * Support JSON Modules\n * Clipboard: read-only files support\n * Remove webkitBeforeTextInserted & webkitEditableCOntentChanged JS events\n * Honor media HTML attribute for link icon\n * Import Assertions\n * Class static initializer blocks\n * Ergonomic brand checks for private fields\n * Expose WebAssembly SIMD\n * New Feature: WebTransport\n * ES Modules for service workers ('module' type option)\n * Suggested file name and location for the File System Access API\n * adaptivePTime property for RTCRtpEncodingParameters\n * Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack\n * Support WebSockets over HTTP/2\n * Support 103 Early Hints for Navigation\n * CVE-2021-30521: Heap buffer overflow in Autofill\n * CVE-2021-30522: Use after free in WebAudio\n * CVE-2021-30523: Use after free in WebRTC\n * CVE-2021-30524: Use after free in TabStrip\n * CVE-2021-30525: Use after free in TabGroups\n * CVE-2021-30526: Out of bounds write in TabStrip\n * CVE-2021-30527: Use after free in WebUI\n * CVE-2021-30528: Use after free in WebAuthentication\n * CVE-2021-30529: Use after free in Bookmarks\n * CVE-2021-30530: Out of bounds memory access in WebAudio\n * CVE-2021-30531: Insufficient policy enforcement in Content Security\n Policy\n * CVE-2021-30532: Insufficient policy enforcement in Content Security\n Policy\n * CVE-2021-30533: Insufficient policy enforcement in PopupBlocker\n * CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox\n * CVE-2021-30535: Double free in ICU\n * CVE-2021-21212: Insufficient data validation in networking\n * CVE-2021-30536: Out of bounds read in V8\n * CVE-2021-30537: Insufficient policy enforcement in cookies\n * CVE-2021-30538: Insufficient policy enforcement in content security\n policy\n * CVE-2021-30539: Insufficient policy enforcement in content security\n policy\n * CVE-2021-30540: Incorrect security UI in payments\n * Various fixes from internal audits, fuzzing and other initiatives\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-840=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-04T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2021-06-04T00:00:00", "id": "OPENSUSE-SU-2021:0840-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T04:09:03", "description": "An update that fixes 21 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 91.0.4472.77 (boo#1186458):\n\n * Support Managed configuration API for Web Applications\n * WebOTP API: cross-origin iframe support\n * CSS custom counter styles\n * Support JSON Modules\n * Clipboard: read-only files support\n * Remove webkitBeforeTextInserted & webkitEditableCOntentChanged JS events\n * Honor media HTML attribute for link icon\n * Import Assertions\n * Class static initializer blocks\n * Ergonomic brand checks for private fields\n * Expose WebAssembly SIMD\n * New Feature: WebTransport\n * ES Modules for service workers ('module' type option)\n * Suggested file name and location for the File System Access API\n * adaptivePTime property for RTCRtpEncodingParameters\n * Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack\n * Support WebSockets over HTTP/2\n * Support 103 Early Hints for Navigation\n * CVE-2021-30521: Heap buffer overflow in Autofill\n * CVE-2021-30522: Use after free in WebAudio\n * CVE-2021-30523: Use after free in WebRTC\n * CVE-2021-30524: Use after free in TabStrip\n * CVE-2021-30525: Use after free in TabGroups\n * CVE-2021-30526: Out of bounds write in TabStrip\n * CVE-2021-30527: Use after free in WebUI\n * CVE-2021-30528: Use after free in WebAuthentication\n * CVE-2021-30529: Use after free in Bookmarks\n * CVE-2021-30530: Out of bounds memory access in WebAudio\n * CVE-2021-30531: Insufficient policy enforcement in Content Security\n Policy\n * CVE-2021-30532: Insufficient policy enforcement in Content Security\n Policy\n * CVE-2021-30533: Insufficient policy enforcement in PopupBlocker\n * CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox\n * CVE-2021-30535: Double free in ICU\n * CVE-2021-21212: Insufficient data validation in networking\n * CVE-2021-30536: Out of bounds read in V8\n * CVE-2021-30537: Insufficient policy enforcement in cookies\n * CVE-2021-30538: Insufficient policy enforcement in content security\n policy\n * CVE-2021-30539: Insufficient policy enforcement in content security\n policy\n * CVE-2021-30540: Incorrect security UI in payments\n * Various fixes from internal audits, fuzzing and other initiatives\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-825=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-02T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2021-06-02T00:00:00", "id": "OPENSUSE-SU-2021:0825-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MJJHCREERF6N3XLSWRNBLKZ4TY5THPTY/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-10T02:12:05", "description": "An update that fixes 25 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n - Chromium was updated to 90.0.4430.93\n (boo#1184764,boo#1185047,boo#1185398)\n * CVE-2021-21227: Insufficient data validation in V8.\n * CVE-2021-21232: Use after free in Dev Tools.\n * CVE-2021-21233: Heap buffer overflow in ANGLE.\n * CVE-2021-21228: Insufficient policy enforcement in extensions.\n * CVE-2021-21229: Incorrect security UI in downloads.\n * CVE-2021-21230: Type Confusion in V8.\n * CVE-2021-21231: Insufficient data validation in V8.\n * CVE-2021-21222: Heap buffer overflow in V8\n * CVE-2021-21223: Integer overflow in Mojo\n * CVE-2021-21224: Type Confusion in V8\n * CVE-2021-21225: Out of bounds memory access in V8\n * CVE-2021-21226: Use after free in navigation\n * CVE-2021-21201: Use after free in permissions\n * CVE-2021-21202: Use after free in extensions\n * CVE-2021-21203: Use after free in Blink\n * CVE-2021-21204: Use after free in Blink\n * CVE-2021-21205: Insufficient policy enforcement in navigation\n * CVE-2021-21221: Insufficient validation of untrusted input in Mojo\n * CVE-2021-21207: Use after free in IndexedDB\n * CVE-2021-21208: Insufficient data validation in QR scanner\n * CVE-2021-21209: Inappropriate implementation in storage\n * CVE-2021-21210: Inappropriate implementation in Network\n * CVE-2021-21211: Inappropriate implementation in Navigatio\n * CVE-2021-21212: Incorrect security UI in Network Config UI\n * CVE-2021-21213: Use after free in WebMIDI\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-629=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-05-01T00:00:00", "type": "suse", "title": "Security update for Chromium (critical)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-01T00:00:00", "id": "OPENSUSE-SU-2021:0629-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBOWNTMQCMDYBSMTERFTO5ZSZSUCY7QW/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "chrome": [{"lastseen": "2023-08-21T02:12:56", "description": "The Chrome team is delighted to announce the promotion of Chrome 90 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.\n\n\n\nChrome 90.0.4430.72 contains a number of fixes and improvements -- a list of changes is available in the[ log](<https://chromium.googlesource.com/chromium/src/+log/89.0.4389.128..90.0.4430.72?pretty=fuller&n=10000>). Watch out for upcoming[ Chrome](<https://chrome.blogspot.com/>) and[ Chromium](<https://blog.chromium.org/>) blog posts about new features and big efforts delivered in 90.\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [39](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-0-M90>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$20000][[1025683](<https://crbug.com/1025683>)] High CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu and Jianyu Chen when working at Tencent KeenLab on 2019-11-18\n\n[$10000][[1188889](<https://crbug.com/1188889>)] High CVE-2021-21202: Use after free in extensions. Reported by David Erceg on 2021-03-16\n\n[$5000][[1192054](<https://crbug.com/1192054>)] High CVE-2021-21203: Use after free in Blink. Reported by asnine on 2021-03-24\n\n[$1000][[1189926](<https://crbug.com/1189926>)] High CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw on 2021-03-19\n\n[$TBD][[1165654](<https://crbug.com/1165654>)] High CVE-2021-21205: Insufficient policy enforcement in navigation. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-01-12\n\n[$TBD][[1195333](<https://crbug.com/1195333>)] High CVE-2021-21221: Insufficient validation of untrusted input in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2021-04-02\n\n[$5000][[1176031](<https://crbug.com/1176031>)] Medium CVE-2021-4323: Insufficient validation of untrusted input in Extensions. _Reported by Luan Herrera (@lbherrera_) on 2021-02-09_\n\n[$5000][[1185732](<https://crbug.com/1185732>)] Medium CVE-2021-21207: Use after free in IndexedDB. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-03-08\n\n[$3000][[1039539](<https://crbug.com/1039539>)] Medium CVE-2021-21208: Insufficient data validation in QR scanner. Reported by Ahmed Elsobky (@0xsobky) on 2020-01-07\n\n[$3000][[1143526](<https://crbug.com/1143526>)] Medium CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem (@tomvangoethem) on 2020-10-29\n\n[$3000][[1184562](<https://crbug.com/1184562>)] Medium CVE-2021-21210: Inappropriate implementation in Network. Reported by @bananabr on 2021-03-04\n\n[$2000][[1103119](<https://crbug.com/1103119>)] Medium CVE-2021-21211: Inappropriate implementation in Navigation. Reported by Akash Labade (m0ns7er) on 2020-07-08\n\n[$500][[1145024](<https://crbug.com/1145024>)] Medium CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03\n\n[$N/A][[1161806](<https://crbug.com/1161806>)] Medium CVE-2021-21213: Use after free in WebMIDI. Reported by raven (@raid_akame) on 2020-12-25\n\n[$TBD][[1170148](<https://crbug.com/1170148>)] Medium CVE-2021-21214: Use after free in Network API. Reported by Anonymous on 2021-01-24\n\n[$TBD][[1172533](<https://crbug.com/1172533>)] Medium CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-01-30\n\n[$TBD][[1173297](<https://crbug.com/1173297>)] Medium CVE-2021-21216: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-02\n\n[$500][[1166462](<https://crbug.com/1166462>)] Low CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14\n\n[$500][[1166478](<https://crbug.com/1166478>)] Low CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-14\n\n[$500][[1166972](<https://crbug.com/1166972>)] Low CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on 2021-01-15\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1198709](<https://crbug.com/1198709>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\nThank you,\n\n\n\n\nSrinivas Sista", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-14T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221", "CVE-2021-4323"], "modified": "2021-04-14T00:00:00", "id": "GCSA-273411975827701477", "href": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:22:18", "description": "\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\n\n* [CVE-2021-21201](https://security-tracker.debian.org/tracker/CVE-2021-21201)\nGengming Liu and Jianyu Chen discovered a use-after-free issue.\n* [CVE-2021-21202](https://security-tracker.debian.org/tracker/CVE-2021-21202)\nDavid Erceg discovered a use-after-free issue in extensions.\n* [CVE-2021-21203](https://security-tracker.debian.org/tracker/CVE-2021-21203)\nasnine discovered a use-after-free issue in Blink/Webkit.\n* [CVE-2021-21204](https://security-tracker.debian.org/tracker/CVE-2021-21204)\nTsai-Simek, Jeanette Ulloa, and Emily Voigtlander discovered a\n use-after-free issue in Blink/Webkit.\n* [CVE-2021-21205](https://security-tracker.debian.org/tracker/CVE-2021-21205)\nAlison Huffman discovered a policy enforcement error.\n* [CVE-2021-21207](https://security-tracker.debian.org/tracker/CVE-2021-21207)\nkoocola and Nan Wang discovered a use-after-free in the indexed database.\n* [CVE-2021-21208](https://security-tracker.debian.org/tracker/CVE-2021-21208)\nAhmed Elsobky discovered a data validation error in the QR code scanner.\n* [CVE-2021-21209](https://security-tracker.debian.org/tracker/CVE-2021-21209)\nTom Van Goethem discovered an implementation error in the Storage API.\n* [CVE-2021-21210](https://security-tracker.debian.org/tracker/CVE-2021-21210)\n@bananabr discovered an error in the networking implementation.\n* [CVE-2021-21211](https://security-tracker.debian.org/tracker/CVE-2021-21211)\nAkash Labade discovered an error in the navigation implementation.\n* [CVE-2021-21212](https://security-tracker.debian.org/tracker/CVE-2021-21212)\nHugo Hue and Sze Yui Chau discovered an error in the network configuration\n user interface.\n* [CVE-2021-21213](https://security-tracker.debian.org/tracker/CVE-2021-21213)\nraven discovered a use-after-free issue in the WebMIDI implementation.\n* [CVE-2021-21214](https://security-tracker.debian.org/tracker/CVE-2021-21214)\nA use-after-free issue was discovered in the networking implementation.\n* [CVE-2021-21215](https://security-tracker.debian.org/tracker/CVE-2021-21215)\nAbdulrahman Alqabandi discovered an error in the Autofill feature.\n* [CVE-2021-21216](https://security-tracker.debian.org/tracker/CVE-2021-21216)\nAbdulrahman Alqabandi discovered an error in the Autofill feature.\n* [CVE-2021-21217](https://security-tracker.debian.org/tracker/CVE-2021-21217)\nZhou Aiting discovered use of uninitialized memory in the pdfium library.\n* [CVE-2021-21218](https://security-tracker.debian.org/tracker/CVE-2021-21218)\nZhou Aiting discovered use of uninitialized memory in the pdfium library.\n* [CVE-2021-21219](https://security-tracker.debian.org/tracker/CVE-2021-21219)\nZhou Aiting discovered use of uninitialized memory in the pdfium library.\n* [CVE-2021-21221](https://security-tracker.debian.org/tracker/CVE-2021-21221)\nGuang Gong discovered insufficient validation of untrusted input.\n* [CVE-2021-21222](https://security-tracker.debian.org/tracker/CVE-2021-21222)\nGuang Gong discovered a buffer overflow issue in the v8 javascript\n library.\n* [CVE-2021-21223](https://security-tracker.debian.org/tracker/CVE-2021-21223)\nGuang Gong discovered an integer overflow issue.\n* [CVE-2021-21224](https://security-tracker.debian.org/tracker/CVE-2021-21224)\nJose Martinez discovered a type error in the v8 javascript library.\n* [CVE-2021-21225](https://security-tracker.debian.org/tracker/CVE-2021-21225)\nBrendon Tiszka discovered an out-of-bounds memory access issue in the v8\n javascript library.\n* [CVE-2021-21226](https://security-tracker.debian.org/tracker/CVE-2021-21226)\nBrendon Tiszka discovered a use-after-free issue in the networking\n implementation.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 90.0.4430.85-1~deb10u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-04-27T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21211", "CVE-2021-21208", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21214", "CVE-2021-21202", "CVE-2021-21201", "CVE-2021-21215", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21207", "CVE-2021-21203", "CVE-2021-21205", "CVE-2021-21217", "CVE-2021-21226", "CVE-2021-21204", "CVE-2021-21223", "CVE-2021-21216", "CVE-2021-21209", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21210", "CVE-2021-21224", "CVE-2021-21225"], "modified": "2022-07-21T05:50:45", "id": "OSV:DSA-4906-1", "href": "https://osv.dev/vulnerability/DSA-4906-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-06-07T14:35:23", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4906-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nApril 27, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204\n CVE-2021-21205 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209\n CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213\n CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217\n CVE-2021-21218 CVE-2021-21219 CVE-2021-21221 CVE-2021-21222\n CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2021-21201\n\n Gengming Liu and Jianyu Chen discovered a use-after-free issue.\n\nCVE-2021-21202\n\n David Erceg discovered a use-after-free issue in extensions.\n\nCVE-2021-21203\n\n asnine discovered a use-after-free issue in Blink/Webkit.\n\nCVE-2021-21204\n\n Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander discovered a\n use-after-free issue in Blink/Webkit.\n\nCVE-2021-21205\n\n Alison Huffman discovered a policy enforcement error.\n\nCVE-2021-21207\n\n koocola and Nan Wang discovered a use-after-free in the indexed database.\n\nCVE-2021-21208\n\n Ahmed Elsobky discovered a data validation error in the QR code scanner.\n\nCVE-2021-21209\n\n Tom Van Goethem discovered an implementation error in the Storage API.\n\nCVE-2021-21210\n\n @bananabr discovered an error in the networking implementation.\n\nCVE-2021-21211\n\n Akash Labade discovered an error in the navigation implementation.\n\nCVE-2021-21212\n\n Hugo Hue and Sze Yui Chau discovered an error in the network configuration\n user interface.\n\nCVE-2021-21213\n\n raven discovered a use-after-free issue in the WebMIDI implementation.\n\nCVE-2021-21214\n\n A use-after-free issue was discovered in the networking implementation.\n\nCVE-2021-21215\n\n Abdulrahman Alqabandi discovered an error in the Autofill feature.\n\nCVE-2021-21216\n\n Abdulrahman Alqabandi discovered an error in the Autofill feature.\n\nCVE-2021-21217\n\n Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\nCVE-2021-21218\n\n Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\nCVE-2021-21219\n\n Zhou Aiting discovered use of uninitialized memory in the pdfium library.\n\nCVE-2021-21221\n\n Guang Gong discovered insufficient validation of untrusted input.\n\nCVE-2021-21222\n\n Guang Gong discovered a buffer overflow issue in the v8 javascript\n library.\n\nCVE-2021-21223\n\n Guang Gong discovered an integer overflow issue.\n\nCVE-2021-21224\n\n Jose Martinez discovered a type error in the v8 javascript library.\n\nCVE-2021-21225\n\n Brendon Tiszka discovered an out-of-bounds memory access issue in the v8\n javascript library.\n\nCVE-2021-21226\n\n Brendon Tiszka discovered a use-after-free issue in the networking\n implementation.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 90.0.4430.85-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-28T01:49:06", "type": "debian", "title": "[SECURITY] [DSA 4906-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226"], "modified": "2021-04-28T01:49:06", "id": "DEBIAN:DSA-4906-1:4BE22", "href": "https://lists.debian.org/debian-security-announce/2021/msg00087.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2023-05-27T14:49:24", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-05-12T05:44:40", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-90.0.4430.93-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-12T05:44:40", "id": "FEDORA:B4C4A30D8539", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:49:24", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-05-12T05:35:46", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: chromium-90.0.4430.93-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-12T05:35:46", "id": "FEDORA:D63AA304E89C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:49:24", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-05-14T21:12:29", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-90.0.4430.93-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-05-14T21:12:29", "id": "FEDORA:993DD30E4796", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-05-27T14:58:23", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-90.0.4430.93\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/google-chrome-90.0.4430.93\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-30T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148", "CVE-2021-21149", "CVE-2021-21150", "CVE-2021-21151", "CVE-2021-21152", "CVE-2021-21153", "CVE-2021-21154", "CVE-2021-21155", "CVE-2021-21156", "CVE-2021-21157", "CVE-2021-21159", "CVE-2021-21160", "CVE-2021-21161", "CVE-2021-21162", "CVE-2021-21163", "CVE-2021-21165", "CVE-2021-21166", "CVE-2021-21167", "CVE-2021-21168", "CVE-2021-21169", "CVE-2021-21170", "CVE-2021-21171", "CVE-2021-21172", "CVE-2021-21173", "CVE-2021-21174", "CVE-2021-21175", "CVE-2021-21176", "CVE-2021-21177", "CVE-2021-21178", "CVE-2021-21179", "CVE-2021-21180", "CVE-2021-21181", "CVE-2021-21182", "CVE-2021-21183", "CVE-2021-21184", "CVE-2021-21185", "CVE-2021-21186", "CVE-2021-21187", "CVE-2021-21188", "CVE-2021-21189", "CVE-2021-2119", "CVE-2021-21191", "CVE-2021-21192", "CVE-2021-21193", "CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-21201", "CVE-2021-21202", "CVE-2021-21203", "CVE-2021-21204", "CVE-2021-21205", "CVE-2021-21206", "CVE-2021-21207", "CVE-2021-21208", "CVE-2021-21209", "CVE-2021-21210", "CVE-2021-21211", "CVE-2021-21212", "CVE-2021-21213", "CVE-2021-21214", "CVE-2021-21215", "CVE-2021-21216", "CVE-2021-21217", "CVE-2021-21218", "CVE-2021-21219", "CVE-2021-21220", "CVE-2021-21221", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226", "CVE-2021-21227", "CVE-2021-21228", "CVE-2021-21229", "CVE-2021-21230", "CVE-2021-21231", "CVE-2021-21232", "CVE-2021-21233"], "modified": "2021-04-30T00:00:00", "id": "GLSA-202104-08", "href": "https://security.gentoo.org/glsa/202104-08", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
CVE-2021-21212
